In Progress Team Viewer Warning box and Problem submitting message

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by bailey (15-08-2020 14:13:17)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 2004 19041.388 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.414 - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 1.5.156.5 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.125 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.59 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5259.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr Photo Editor version 1.0.14 (HKLM-x32\...\Polarr Photo Editor_is1) (Version: 1.0.14 - CENTR MBR LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.13.0_x64__38kynpdw5g1aw [2020-03-31] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.200.0_x86__kgqvnymyfvs32 [2020-06-13] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-05-29] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-28] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.615.0_x64__9eg5g21zq32qm [2020-06-18] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [2020-06-05] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-11] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_550.7.119.0_x64__8xx8rvfyw5nnt [2020-06-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-21] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-05] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-02] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2020-08-11 23:54 - 2020-05-30 20:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2020-08-08 18:23 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-08-11 23:55 - 2020-07-09 02:36 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2015-09-11 15:17 - 2015-09-11 15:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2018-08-20 16:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90C7A8A5-6209-46D1-99FB-57EFA975DEBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4774C322-8F87-4DF5-914F-FA65DD7E57F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7408D248-7459-4EB5-A88F-1C8685F8AB89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83CFC735-8F34-4BD4-8A53-CF6EAA1C0D28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFFD72D6-FE21-4012-9129-14D4B742DEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C593CA2-C561-4BAD-8F26-105B3D35DFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD08193A-210C-472B-8CD8-8B7834BCE82D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E0CB921-F31D-40B0-AB1C-674623D491C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36DD490E-4979-44F3-BA93-6EE9F6DFE5AD}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{D77EF0C7-9363-4BB9-AF0F-D39502EEF753}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

09-08-2020 00:29:28 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname YOGA720-15IKB.local already in use; will try YOGA720-15IKB-2.local instead

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.43.65:5353 16 YOGA720-15IKB.local. AAAA 2600:1008:B11B:EF48:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 YOGA720-15IKB.local. AAAA FE80:0000:0000:0000:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 YOGA720-15IKB.local. AAAA FE80:0000:0000:0000:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 02:49:17 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.


System errors:
=============
Error: (08/12/2020 12:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/11/2020 11:55:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LenovoVantageService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/11/2020 11:55:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LenovoVantageService service terminated unexpectedly. It has done this 1 time(s).

Error: (08/10/2020 10:30:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/10/2020 10:30:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll


Windows Defender:
===================================
Date: 2020-08-13 03:08:49.2440000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {0120E2C4-150F-40E2-9407-A5167591BE68}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-12 01:47:44.5520000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1C9A11BA-3A5F-4A2D-B31A-E928006DACD0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-12 01:10:22.3160000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {A4E72BBD-12D7-45D6-8AD0-CF34DC7B0DA6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-10 23:22:51.0880000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...uerboos.E!cl&threatid=2147723656&enterprise=0
Name: Trojan:Win32/Fuerboos.E!cl
ID: 2147723656
Severity: Severe
Category: Trojan
Path: file:_C:\$Recycle.Bin\S-1-5-21-260720292-2504253849-2348319339-1001\$RIQ1G6L\msi.dll.x
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.321.1133.0, AS: 1.321.1133.0, NIS: 1.321.1133.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-09 00:00:34.9820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D847B024-AACA-4DE9-9680-0E85806A37D6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-14 18:23:54.4790000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4780000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4770000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4300000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4290000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-08-03 21:55:06.2810000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.5210000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.4600000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.2190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.1990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9170000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.8400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 74%
Total physical RAM: 8050.39 MB
Available physical RAM: 2065.72 MB
Total Virtual: 11041.08 MB
Available Virtual: 2043.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:85.4 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
902
No problem. Yes, these are the correct logs.

One more fix for you to run. Please do the following ...


Note - this fix will empty temporary files. Save any opened browser tabs/opened documents as FRST will restart your computer.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk [2020-07-28]
    ShortcutTarget: Windows Defender.lnk -> C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe (No File)
    EmptyTemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by bailey (15-08-2020 23:52:37) Run:4
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk [2020-07-28]
ShortcutTarget: Windows Defender.lnk -> C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe (No File)
EmptyTemp:

*****************

C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk => moved successfully
"C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 26501120 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 314102543 B
Java, Flash, Steam htmlcache => 1144 B
Windows/system/drivers => 25483439 B
Edge => 495840 B
Chrome => 632138853 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2752185 B
baile => 516933184 B
supportaccount => 599238973 B

RecycleBin => 147756869 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:55:50 ====
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,920
Since I started with you I hope iMacg3 doesn't mind if I post my observations.

The block alert is from MalwareBytes and it's the trial version that you downloaded on August 3rd, 2020. Because it's a free trial it has real-time protection for 14 days which is apparently blocking your legitimate email domain. This appears to me to be a false positive. The good news is that you can opt out of the trial which would make MalwareBytes become the free version with no real-time protection so these blocks will stop. However, the trial period should expire automatically around midnight tonight and the blocks will stop on their own if you want to just wait another day.

The bad news is......well there is no bad news, I was just teasing. :)

But, I would report it to MalwareBytes so that they may verify it and remove the block if I'm correct that it is indeed a false positive. Here's a link outlining the procedure to follow to do that:

https://forums.malwarebytes.com/topic/200068-please-read-before-posting-a-possible-fp/
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
902
Since I started with you I hope iMacg3 doesn't mind if I post my observations.
No problem, thanks. :)

--------------------------------------------------

Please run a scan with Malwarebytes:

---------------------------------------------------
Malwarebytes Anti-Malware

  • Launch Malwarebytes.
  • When the tool opens, click Settings, then the Protection tab.
  • Under Scan options, ensure Scan for rootkits and Scan within archives are On.
  • Click the Scan button on the left.
  • Select Scan Now and wait for the scan to complete.
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop.
  • Open the Malwarebytes log on your desktop and copy/paste its contents into your next reply.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/18/20
Scan Time: 2:31 AM
Log File: dd50fc06-e124-11ea-b012-00ff4b07db70.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.1003
Update Package Version: 1.0.28653
License: Expired

-System Information-
OS: Windows 10 (Build 19041.450)
CPU: x64
File System: NTFS
User: YOGA720-15IKB\bailey

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 307539
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
902
Sorry for the delay.

---------------------------------------------------
Emsisoft Emergency Kit

Download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).[/b]
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

==============

-Scan with FRST-
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Emsisoft Emergency Kit - Version 2020.5
Last update: N/A
My own YOGA720-15IKB\bailey
YOGA720-15IKB
Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: ON
Scan archives: OFF
Scan mail archives: OFF
ADS Scan: ON
Direct disk access: OFF

Scan start: 8/22/2020 4:26:45 PM

Scanned 86407
Found 0

Scan end: 8/22/2020 4:29:25 PM
Scan time: 0:02:40
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2020
Ran by bailey (22-08-2020 17:22:20)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 2004 19041.450 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.414 - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 1.5.156.5 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.135 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5267.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5267.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5267.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5267.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr Photo Editor version 1.0.14 (HKLM-x32\...\Polarr Photo Editor_is1) (Version: 1.0.14 - CENTR MBR LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.13.0_x64__38kynpdw5g1aw [2020-03-31] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.200.0_x86__kgqvnymyfvs32 [2020-06-13] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-05-29] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-28] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.615.0_x64__9eg5g21zq32qm [2020-06-18] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [2020-06-05] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-11] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_550.7.119.0_x64__8xx8rvfyw5nnt [2020-06-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-21] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-05] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-02] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2020-08-11 23:54 - 2020-05-30 20:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2020-08-08 18:23 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-08-11 23:55 - 2020-07-09 02:36 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2015-09-11 15:17 - 2015-09-11 15:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2018-08-20 16:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90C7A8A5-6209-46D1-99FB-57EFA975DEBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4774C322-8F87-4DF5-914F-FA65DD7E57F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7408D248-7459-4EB5-A88F-1C8685F8AB89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83CFC735-8F34-4BD4-8A53-CF6EAA1C0D28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFFD72D6-FE21-4012-9129-14D4B742DEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C593CA2-C561-4BAD-8F26-105B3D35DFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD08193A-210C-472B-8CD8-8B7834BCE82D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E0CB921-F31D-40B0-AB1C-674623D491C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36DD490E-4979-44F3-BA93-6EE9F6DFE5AD}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{56418DC5-A4B4-48A8-8DEA-A20A9F27F38A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

17-08-2020 18:48:20 Scheduled Checkpoint
18-08-2020 00:01:56 Windows Modules Installer
18-08-2020 00:02:32 Windows Modules Installer
18-08-2020 00:03:03 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/17/2020 04:02:44 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/17/2020 04:02:39 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/17/2020 04:02:34 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/17/2020 04:02:29 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/17/2020 04:02:24 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/17/2020 04:02:19 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/17/2020 04:02:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/17/2020 04:02:09 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.


System errors:
=============
Error: (08/18/2020 02:48:32 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147500053.

Error: (08/18/2020 02:18:33 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (08/15/2020 11:56:13 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/15/2020 11:56:13 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/15/2020 11:56:01 PM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.

Error: (08/15/2020 11:56:01 PM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/12/2020 12:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/11/2020 11:55:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LenovoVantageService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Windows Defender:
===================================
Date: 2020-08-22 16:28:10.2190000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...acatac.D2!ml&threatid=2147757781&enterprise=0
Name: Trojan:Win32/Wacatac.D2!ml
ID: 2147757781
Severity: Severe
Category: Trojan
Path: file:_C:\Users\baile\AppData\Local\Temp\tmp00000057\tmp00004b94
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\EEK\bin64\a2emergencykit.exe
Security intelligence Version: AV: 1.321.1967.0, AS: 1.321.1967.0, NIS: 1.321.1967.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-19 01:44:46.3750000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7D53A39F-8B8F-4333-8C0E-FC781A0E128E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-18 21:02:36.8200000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {9DA7C297-C8D9-4205-9B1E-CD0E19F30F32}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-16 22:47:38.6230000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {A4640EB0-DA7D-46CA-A5E8-4131C764B485}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-16 18:35:45.2820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {29B8443F-A6ED-46EB-B4BD-80167AC12A02}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-14 18:23:54.4790000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4780000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4770000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4300000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4290000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-08-17 23:59:21.0570000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-17 23:59:20.6750000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-17 23:59:18.5170000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-17 23:59:18.4500000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-15 21:55:37.0000000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-15 21:55:35.2080000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-15 21:55:33.5410000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-15 21:55:33.4660000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 8050.39 MB
Available physical RAM: 3390.03 MB
Total Virtual: 11045.48 MB
Available Virtual: 5552.25 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:86.57 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
902
Thanks for the logs.

At this point I would like you to let me know what issues remain (if any) and how the computer is running in general.
 

sportsmom2x2

Thread Starter
Joined
Sep 3, 2007
Messages
212
I am not getting the 1000s of emails anymore Still getting about 5 a day now. I am still getting this error message every time I open my computer. Other wise it is working better. Thank you!!
 

Attachments

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top