Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Team Viewer Warning box and Problem submitting message

8K views 89 replies 3 participants last post by  iMacg3 
#1 ·
Sorry, but this is a rather long explanation of the issues I am experience. Hopefully I was able to describe my issues so it is understandable. Thanks in advance for your assistance! :unsure:

Issues and Actions
Issue 1:
This concern initiated me posting in the forum.

For the past 3 or 4 days I get a message stating", "One or more files of your TeamViewer version are missing or have been modified. Some of the TeamViewer functionality will not be available. Please reinstall TeamViewer. (*Error 1)

I have never heard of TeamViewr. I do not remember downloading anything called TeamViewer. I think it is some sort of remote screen program?? What is it? What should I do?

I did look at Vidyo program for a virtual medical appointment this past week. Is it related to TeamViewer?

[I had an issue approximately a year ago. I was installing a new HP printer. Instructions sent me to a HP assistance web site. Web site asked me to allow screen sharing. I did thinking it was the official HP web page. I realized after a few minutes that it was not HP's official web page. I stopped the screen share program and exited the program. I posted a thread on a forum on Tech Support Guy site. I followed instructions given here, and I had a computer tech look over my machine to see if I was still allowing my screen to be shared, without knowing it. Computer tech went though my computer and found things ok. Could this be related?]

Issue 2

Action
1 I tried to download The Tech Support Utility version 1.docx to include in the message

Results
Error message "We're sorry. We can't open Tech Support Guy System Info Utility version 1.docx because we found a problem with it's contents. Details. The file is corrupt and cannot be opened." (*Error 2)

Action 2 Tried to attach *Error 2 statement to this forum message. This action initiated error message (*Error 3). "Security error occurred. Please press back, refresh the page, and try again.

Action 3
Used Snipping tool I saved a capture of *Error 2 statement and tried to paste it into forum message. I got this security error message, "Oops! We ran into some problems. Security error occurred. Please press back, refresh the page, and try again. (*Error Message 4)

I copied and pasted this from a previous post I made in Tech Support Guy Forum

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19041, Installed 20200617175859.000000-300
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz, Intel64 Family 6 Model 158 Stepping 9, CPU Count: 8
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 630, 1024 MB
Hard Drives: C: 212 GB (87 GB Free); D: 24 GB (12 GB Free);
Motherboard: LENOVO LNVNB161216, ver SDK0J40709 WIN, s/n MP1CCYG9
System: LENOVO, ver LENOVO - 1, s/n MP1CCYG9
Antivirus: Windows Defender, Enabled and Updated
 
See less See more
#28 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2020
Ran by bailey (09-08-2020 00:27:58)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 2004 19041.388 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.403 - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 1.5.153.3 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.105 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.61.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5259.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr Photo Editor version 1.0.14 (HKLM-x32\...\Polarr Photo Editor_is1) (Version: 1.0.14 - CENTR MBR LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.13.0_x64__38kynpdw5g1aw [2020-03-31] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.200.0_x86__kgqvnymyfvs32 [2020-06-13] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-05-29] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-28] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.615.0_x64__9eg5g21zq32qm [2020-06-18] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [2020-06-05] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-11] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_550.7.119.0_x64__8xx8rvfyw5nnt [2020-06-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-21] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-05] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-02] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2019-10-08 19:24 - 2019-10-08 19:33 - 262253568 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\App.dll
2019-10-08 19:24 - 2019-10-08 19:33 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000816640 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000087040 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000998400 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000829952 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 006719488 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000453120 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 064198144 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 001305600 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000040448 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000883200 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000368128 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000015872 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 021368832 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 004304384 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 001553408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000013312 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2019-08-09 11:29 - 2019-08-09 11:30 - 000373760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2019-08-09 11:29 - 2019-08-09 11:30 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2019-10-08 19:24 - 2019-10-08 20:44 - 000098304 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:44 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2014-11-11 13:00 - 2014-11-11 13:00 - 000055808 _____ (important) [File not signed] c:\windows\branding\mediasrv.png
2020-07-14 16:21 - 2020-07-14 16:21 - 000040960 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\rfxvmt.dll
2020-06-25 19:49 - 2020-04-05 18:14 - 001662976 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.61.0\x64\SQLite.Interop.dll
2020-08-08 18:23 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2015-09-11 15:17 - 2015-09-11 15:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2018-08-20 16:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26019E5A-38C6-4D59-A5BE-8BDD267EDF6F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6B0D2048-307F-4244-AA4F-F2E848B56A09}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{90C7A8A5-6209-46D1-99FB-57EFA975DEBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4774C322-8F87-4DF5-914F-FA65DD7E57F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7408D248-7459-4EB5-A88F-1C8685F8AB89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83CFC735-8F34-4BD4-8A53-CF6EAA1C0D28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFFD72D6-FE21-4012-9129-14D4B742DEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C593CA2-C561-4BAD-8F26-105B3D35DFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD08193A-210C-472B-8CD8-8B7834BCE82D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E0CB921-F31D-40B0-AB1C-674623D491C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9C38DD02-D1E5-42D1-B4AC-B5184FD1F6C9}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{0BA55689-C33A-4822-9E64-B3B2B16C88F7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C9296C30-660F-4D19-A23C-EA4864E409CA}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{13017506-C2BE-42D1-A758-995EDCCF0D55}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2576A27D-0033-45B0-A059-CDC6B6633429}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{61D876BE-D09D-4574-8C61-A846F591D4C7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6CA07FE1-40F3-43F8-AC26-4C66B624A746}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1EA577F8-A4B3-4D77-A21E-CE16F2BAC4F0}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{DB3CDFC4-2BF6-4663-8BC3-5E4D862A5642}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{938EFB33-83CF-496D-95BC-EBEDF2230A57}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{36DD490E-4979-44F3-BA93-6EE9F6DFE5AD}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2DE0C751-C20B-41D9-ACE9-FA286B5FD124}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{3966583E-9BD3-4AA7-ADEF-A8E228560145}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{55F61B82-6001-4CBB-A25D-BB74FA7E0AB1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-07-2020 16:06:11 Scheduled Checkpoint
28-07-2020 00:34:32 Scheduled Checkpoint
01-08-2020 01:51:06 Installed Fitbit Connect

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/07/2020 08:28:47 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:42 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:37 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:32 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:22 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:16 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/07/2020 08:28:11 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (08/08/2020 04:41:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/08/2020 04:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/08/2020 04:27:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/08/2020 04:26:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/07/2020 08:35:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/07/2020 08:21:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/07/2020 08:20:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/07/2020 08:20:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
===================================
Date: 2020-08-09 00:00:34.9820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D847B024-AACA-4DE9-9680-0E85806A37D6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 22:59:08.8580000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C9370AE4-792F-492B-AB7C-BCBB5037E5A1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 20:33:36.4500000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {4D334B26-0505-434D-A4BA-81FBFD5442DD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 18:18:37.0530000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {313525DD-E419-448A-B9A8-0EDB7CCA8746}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-06 23:58:53.4810000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {6251CDF6-26DD-4113-9B30-A86A77DAC833}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-06 14:44:43.7490000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-06 14:44:43.7490000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-06 14:44:43.7490000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-06 14:44:43.7330000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-06 14:44:43.7330000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-08-03 21:55:06.2810000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.5210000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.4600000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.2190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.1990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9170000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.8400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 62%
Total physical RAM: 8050.39 MB
Available physical RAM: 3018.08 MB
Total Virtual: 10226.39 MB
Available Virtual: 3220.02 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:83.07 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#29 ·
There are a few files I would like to check at VirusTotal. Please do the following

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    VirusTotal: C:\WINDOWS\branding\mediasrv.png;C:\WINDOWS\branding\wupsvc.jpg
    File: C:\WINDOWS\branding\mediasrv.png
    File: C:\WINDOWS\branding\wupsvc.jpg
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
 
#30 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by bailey (09-08-2020 22:47:35) Run:2
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal: C:\WINDOWS\branding\mediasrv.png;C:\WINDOWS\branding\wupsvc.jpg
File: C:\WINDOWS\branding\mediasrv.png
File: C:\WINDOWS\branding\wupsvc.jpg

*****************

VirusTotal: C:\WINDOWS\branding\mediasrv.png => https://www.virustotal.com/gui/file...9d19ceea28255e10a57cd8f667a039c28c-1597031257
VirusTotal: C:\WINDOWS\branding\wupsvc.jpg => https://www.virustotal.com/gui/file...16631ce050c11c68dbd9d7704f72aac965-1597031260

========================= File: C:\WINDOWS\branding\mediasrv.png ========================

C:\WINDOWS\branding\mediasrv.png
File not signed
MD5: 14D089B8DB4132011FBB1DDF3CC6EB97
Creation and modification date: 2014-11-11 13:00 - 2014-11-11 13:00
Size: 000055808
Attributes: ----A
Company Name: important
Internal Name: important
Original Name: important
Product: important
Description: important
File Version: 1.2.5.7
Product Version: 3.2.5.7
Copyright: Copyright (C) important solutions 2020
VirusTotal: 0

====== End of File: ======

========================= File: C:\WINDOWS\branding\wupsvc.jpg ========================

C:\WINDOWS\branding\wupsvc.jpg
File not signed
MD5: 49DE4C621A5A22A3CCB9AB69BD1A5DAF
Creation and modification date: 2014-11-11 13:00 - 2014-11-11 13:00
Size: 000152418
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

==== End of Fixlog 22:47:40 ====
 
#31 ·
Hi sportsmom2x2,

Please do the following

Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    C:\WINDOWS\branding\mediasrv.png
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------
Registry Script

Download the attached file (TermService.reg) and save it to your desktop.
TermService.reg
  • Double-click TermService.reg
  • Allow the information to be merged into the registry if prompted. (click Yes)
  • Restart the computer.

---------------------------------------------------
Farbar Service Scanner

Download Farbar Service Scanner and save it to your desktop.
  • Right-click FSS.exe and select Run as Administrator.
  • Check the following boxes:
    Code:
    Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---------------------------------------------------
Re-scan with FRST
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:
  • Fixlog
  • FSS log
  • FRST logs

Please let me know how the computer is running and what issues remain
 
#33 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by bailey (10-08-2020 22:19:25)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 2004 19041.388 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.403 - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 1.5.156.5 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.125 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.61.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5259.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr Photo Editor version 1.0.14 (HKLM-x32\...\Polarr Photo Editor_is1) (Version: 1.0.14 - CENTR MBR LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.13.0_x64__38kynpdw5g1aw [2020-03-31] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.200.0_x86__kgqvnymyfvs32 [2020-06-13] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-05-29] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-28] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.615.0_x64__9eg5g21zq32qm [2020-06-18] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [2020-06-05] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-11] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_550.7.119.0_x64__8xx8rvfyw5nnt [2020-06-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-21] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-05] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-02] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2020-04-14 00:12 - 2020-04-14 00:12 - 000926208 _____ () [File not signed] \\?\C:\Users\baile\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar.unpacked\node_modules\twitch-desktop-components\build\Release\twitch-desktop-components.node
2020-04-14 00:12 - 2020-08-10 18:18 - 000294400 _____ () [File not signed] \\?\C:\Users\baile\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar.unpacked\node_modules\twitch-desktop-ipc\build\Release\twitch-desktop-ipc.node
2019-10-08 19:24 - 2019-10-08 19:33 - 262253568 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\App.dll
2019-10-08 19:24 - 2019-10-08 19:33 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000816640 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000087040 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000998400 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000829952 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 006719488 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000453120 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 064198144 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 001305600 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000040448 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000883200 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000368128 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000015872 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 021368832 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 004304384 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 001553408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000013312 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2019-08-09 11:29 - 2019-08-09 11:30 - 000373760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2019-08-09 11:29 - 2019-08-09 11:30 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2019-10-08 19:24 - 2019-10-08 20:44 - 000098304 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:44 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2014-11-11 13:00 - 2014-11-11 13:00 - 000055808 _____ (important) [File not signed] c:\windows\branding\mediasrv.png
2020-07-14 16:21 - 2020-07-14 16:21 - 000040960 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\rfxvmt.dll
2020-06-25 19:49 - 2020-04-05 18:14 - 001662976 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.61.0\x64\SQLite.Interop.dll
2020-04-14 00:12 - 2020-04-14 00:12 - 001229312 _____ (Robert Simpson, et al.) [File not signed] C:\Users\baile\AppData\Local\Amazon Games\App\Amazon Games Services\SQLite.Interop.dll
2015-09-11 15:17 - 2015-09-11 15:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2018-08-20 16:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90C7A8A5-6209-46D1-99FB-57EFA975DEBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4774C322-8F87-4DF5-914F-FA65DD7E57F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7408D248-7459-4EB5-A88F-1C8685F8AB89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83CFC735-8F34-4BD4-8A53-CF6EAA1C0D28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFFD72D6-FE21-4012-9129-14D4B742DEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C593CA2-C561-4BAD-8F26-105B3D35DFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD08193A-210C-472B-8CD8-8B7834BCE82D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E0CB921-F31D-40B0-AB1C-674623D491C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36DD490E-4979-44F3-BA93-6EE9F6DFE5AD}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{D77EF0C7-9363-4BB9-AF0F-D39502EEF753}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-07-2020 16:06:11 Scheduled Checkpoint
28-07-2020 00:34:32 Scheduled Checkpoint
01-08-2020 01:51:06 Installed Fitbit Connect
09-08-2020 00:29:28 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/10/2020 12:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.19041.1, time stamp: 0xf586f62a
Faulting module name: SettingsEnvironment.Desktop.dll, version: 10.0.19041.329, time stamp: 0xebeeb5f6
Exception code: 0xc0000005
Fault offset: 0x0000000000013f9f
Faulting process id: 0x28d0
Faulting application start time: 0x01d66ebc397387d3
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\SettingsEnvironment.Desktop.dll
Report Id: 79cd6298-6c25-47c5-b232-3dcc38ed91ac
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1

Error: (08/09/2020 12:38:49 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/09/2020 12:38:44 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/09/2020 12:38:39 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/09/2020 12:38:34 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/09/2020 12:38:29 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/09/2020 12:38:24 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/09/2020 12:38:19 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:46 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/09/2020 12:29:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/09/2020 12:29:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/09/2020 12:29:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/09/2020 12:29:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Windows Defender:
===================================
Date: 2020-08-09 00:00:34.9820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D847B024-AACA-4DE9-9680-0E85806A37D6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 22:59:08.8580000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C9370AE4-792F-492B-AB7C-BCBB5037E5A1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 20:33:36.4500000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {4D334B26-0505-434D-A4BA-81FBFD5442DD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 18:18:37.0530000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {313525DD-E419-448A-B9A8-0EDB7CCA8746}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-06 23:58:53.4810000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {6251CDF6-26DD-4113-9B30-A86A77DAC833}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-09 21:26:11.6020000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-09 21:26:11.6020000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-09 21:26:11.6010000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-09 21:26:11.5860000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-09 21:26:11.5860000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-08-03 21:55:06.2810000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.5210000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.4600000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.2190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.1990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9170000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.8400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 79%
Total physical RAM: 8050.39 MB
Available physical RAM: 1623.95 MB
Total Virtual: 10605.33 MB
Available Virtual: 1363.3 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:79.71 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#34 ·
Farbar Service Scanner Version: 14-12-2019
Ran by bailey (administrator) on 10-08-2020 at 22:36:00
Running from "C:\Users\baile\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
#36 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by bailey (10-08-2020 22:42:12)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 2004 19041.388 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.403 - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 1.5.156.5 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.125 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.61.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5259.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr Photo Editor version 1.0.14 (HKLM-x32\...\Polarr Photo Editor_is1) (Version: 1.0.14 - CENTR MBR LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.13.0_x64__38kynpdw5g1aw [2020-03-31] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.200.0_x86__kgqvnymyfvs32 [2020-06-13] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-05-29] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-28] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.615.0_x64__9eg5g21zq32qm [2020-06-18] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [2020-06-05] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-11] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_550.7.119.0_x64__8xx8rvfyw5nnt [2020-06-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-21] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-05] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-02] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2019-10-08 19:24 - 2019-10-08 19:33 - 262253568 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\App.dll
2019-10-08 19:24 - 2019-10-08 19:33 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000816640 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000087040 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000998400 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000829952 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 006719488 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2019-10-08 19:24 - 2019-10-08 19:34 - 000453120 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 064198144 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 001305600 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000040448 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000883200 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000368128 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000015872 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 021368832 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 004304384 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 001553408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:43 - 000013312 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2019-08-09 11:29 - 2019-08-09 11:30 - 000373760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2019-08-09 11:29 - 2019-08-09 11:30 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2019-10-08 19:24 - 2019-10-08 20:44 - 000098304 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2019-10-08 19:24 - 2019-10-08 20:44 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2020-06-25 19:49 - 2020-04-05 18:14 - 001662976 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.61.0\x64\SQLite.Interop.dll
2015-09-11 15:17 - 2015-09-11 15:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2018-08-20 16:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90C7A8A5-6209-46D1-99FB-57EFA975DEBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4774C322-8F87-4DF5-914F-FA65DD7E57F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7408D248-7459-4EB5-A88F-1C8685F8AB89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83CFC735-8F34-4BD4-8A53-CF6EAA1C0D28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFFD72D6-FE21-4012-9129-14D4B742DEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C593CA2-C561-4BAD-8F26-105B3D35DFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD08193A-210C-472B-8CD8-8B7834BCE82D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E0CB921-F31D-40B0-AB1C-674623D491C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36DD490E-4979-44F3-BA93-6EE9F6DFE5AD}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{D77EF0C7-9363-4BB9-AF0F-D39502EEF753}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

28-07-2020 00:34:32 Scheduled Checkpoint
01-08-2020 01:51:06 Installed Fitbit Connect
09-08-2020 00:29:28 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/10/2020 10:39:12 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/10/2020 10:39:07 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/10/2020 10:39:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/10/2020 10:38:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/10/2020 10:38:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/10/2020 10:38:47 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/10/2020 10:38:42 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (08/10/2020 10:38:37 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (08/10/2020 10:30:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/10/2020 10:30:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:46 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/09/2020 12:29:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/09/2020 12:29:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

Windows Defender:
===================================
Date: 2020-08-09 00:00:34.9820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D847B024-AACA-4DE9-9680-0E85806A37D6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 22:59:08.8580000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C9370AE4-792F-492B-AB7C-BCBB5037E5A1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 20:33:36.4500000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {4D334B26-0505-434D-A4BA-81FBFD5442DD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-08 18:18:37.0530000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {313525DD-E419-448A-B9A8-0EDB7CCA8746}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-06 23:58:53.4810000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {6251CDF6-26DD-4113-9B30-A86A77DAC833}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-09 21:26:11.6020000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-09 21:26:11.6020000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-09 21:26:11.6010000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-09 21:26:11.5860000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-09 21:26:11.5860000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.808.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-08-03 21:55:06.2810000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.5210000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.4600000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.2190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.1990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9170000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.8400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 63%
Total physical RAM: 8050.39 MB
Available physical RAM: 2944.75 MB
Total Virtual: 9970.39 MB
Available Virtual: 3732.7 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:83.03 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#37 ·
Farbar Service Scanner Version: 14-12-2019
Ran by bailey (administrator) on 10-08-2020 at 22:36:00
Running from "C:\Users\baile\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
 
#38 ·
Seems like I missed something?? They all look the same. Can I delete the old ones so I don't get them all mixed up?
Thank you again for you help.

I am not getting the multitude of E-mails I was a couple of days ago. I was deleting thousands. Now I have between 5 and 10 that are spam.
 
#41 ·
I'm sorry is this the right one?

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2020
Ran by bailey (09-08-2020 22:47:35) Run:2
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal: C:\WINDOWS\branding\mediasrv.png;C:\WINDOWS\branding\wupsvc.jpg
File: C:\WINDOWS\branding\mediasrv.png
File: C:\WINDOWS\branding\wupsvc.jpg

*****************

VirusTotal: C:\WINDOWS\branding\mediasrv.png => https://www.virustotal.com/gui/file...9d19ceea28255e10a57cd8f667a039c28c-1597031257
VirusTotal: C:\WINDOWS\branding\wupsvc.jpg => https://www.virustotal.com/gui/file...16631ce050c11c68dbd9d7704f72aac965-1597031260

========================= File: C:\WINDOWS\branding\mediasrv.png ========================

C:\WINDOWS\branding\mediasrv.png
File not signed
MD5: 14D089B8DB4132011FBB1DDF3CC6EB97
Creation and modification date: 2014-11-11 13:00 - 2014-11-11 13:00
Size: 000055808
Attributes: ----A
Company Name: important
Internal Name: important
Original Name: important
Product: important
Description: important
File Version: 1.2.5.7
Product Version: 3.2.5.7
Copyright: Copyright (C) important solutions 2020
VirusTotal: 0

====== End of File: ======

========================= File: C:\WINDOWS\branding\wupsvc.jpg ========================

C:\WINDOWS\branding\wupsvc.jpg
File not signed
MD5: 49DE4C621A5A22A3CCB9AB69BD1A5DAF
Creation and modification date: 2014-11-11 13:00 - 2014-11-11 13:00
Size: 000152418
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

==== End of Fixlog 22:47:40 ====
 
#43 ·
Which program is alerting you of the trojan?

Before running the following fix, please delete any old FRST.txt, Addition.txt, FSS.txt, or Fixlog.txt files.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    C:\WINDOWS\branding\mediasrv.png 
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------
Re-scan with FRST
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include
  • Fixlog.txt
  • New FRST.txt
  • New Addition.txt
 
#44 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by bailey (15-08-2020 14:02:16)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 2004 19041.388 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.414 - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 1.5.156.5 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.125 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.59 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5259.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr Photo Editor version 1.0.14 (HKLM-x32\...\Polarr Photo Editor_is1) (Version: 1.0.14 - CENTR MBR LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.13.0_x64__38kynpdw5g1aw [2020-03-31] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.200.0_x86__kgqvnymyfvs32 [2020-06-13] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-05-29] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-28] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.615.0_x64__9eg5g21zq32qm [2020-06-18] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [2020-06-05] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-11] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_550.7.119.0_x64__8xx8rvfyw5nnt [2020-06-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-21] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-05] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-02] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2020-08-11 23:54 - 2020-05-30 20:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2020-08-08 18:23 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-08-11 23:55 - 2020-07-09 02:36 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2015-09-11 15:17 - 2015-09-11 15:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2018-08-20 16:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90C7A8A5-6209-46D1-99FB-57EFA975DEBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4774C322-8F87-4DF5-914F-FA65DD7E57F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7408D248-7459-4EB5-A88F-1C8685F8AB89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83CFC735-8F34-4BD4-8A53-CF6EAA1C0D28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFFD72D6-FE21-4012-9129-14D4B742DEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C593CA2-C561-4BAD-8F26-105B3D35DFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD08193A-210C-472B-8CD8-8B7834BCE82D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E0CB921-F31D-40B0-AB1C-674623D491C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36DD490E-4979-44F3-BA93-6EE9F6DFE5AD}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{D77EF0C7-9363-4BB9-AF0F-D39502EEF753}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-08-2020 01:51:06 Installed Fitbit Connect
09-08-2020 00:29:28 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname YOGA720-15IKB.local already in use; will try YOGA720-15IKB-2.local instead

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.43.65:5353 16 YOGA720-15IKB.local. AAAA 2600:1008:B11B:EF48:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 YOGA720-15IKB.local. AAAA FE80:0000:0000:0000:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 YOGA720-15IKB.local. AAAA FE80:0000:0000:0000:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 02:49:17 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (08/12/2020 12:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/11/2020 11:55:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LenovoVantageService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/11/2020 11:55:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LenovoVantageService service terminated unexpectedly. It has done this 1 time(s).

Error: (08/10/2020 10:30:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/10/2020 10:30:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Windows Defender:
===================================
Date: 2020-08-13 03:08:49.2440000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {0120E2C4-150F-40E2-9407-A5167591BE68}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-12 01:47:44.5520000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1C9A11BA-3A5F-4A2D-B31A-E928006DACD0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-12 01:10:22.3160000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {A4E72BBD-12D7-45D6-8AD0-CF34DC7B0DA6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-10 23:22:51.0880000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...uerboos.E!cl&threatid=2147723656&enterprise=0
Name: Trojan:Win32/Fuerboos.E!cl
ID: 2147723656
Severity: Severe
Category: Trojan
Path: file:_C:\$Recycle.Bin\S-1-5-21-260720292-2504253849-2348319339-1001\$RIQ1G6L\msi.dll.x
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.321.1133.0, AS: 1.321.1133.0, NIS: 1.321.1133.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-09 00:00:34.9820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D847B024-AACA-4DE9-9680-0E85806A37D6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-14 18:23:54.4790000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4780000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4770000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4300000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4290000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-08-03 21:55:06.2810000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.5210000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.4600000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.2190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.1990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9170000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.8400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 72%
Total physical RAM: 8050.39 MB
Available physical RAM: 2221.58 MB
Total Virtual: 11041.08 MB
Available Virtual: 2475.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:79.43 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#45 ·
sorry copied and pasted before the fix.

fix
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by bailey (15-08-2020 14:08:37) Run:3
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\WINDOWS\branding\mediasrv.png

*****************

"C:\WINDOWS\branding\mediasrv.png" => not found

==== End of Fixlog 14:08:37 ====

I will run the test
 
#47 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by bailey (15-08-2020 14:13:17)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 2004 19041.388 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.414 - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 1.5.156.5 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.125 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.59 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5259.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5259.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr Photo Editor version 1.0.14 (HKLM-x32\...\Polarr Photo Editor_is1) (Version: 1.0.14 - CENTR MBR LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.13.0_x64__38kynpdw5g1aw [2020-03-31] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.200.0_x86__kgqvnymyfvs32 [2020-06-13] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-05-29] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-28] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.615.0_x64__9eg5g21zq32qm [2020-06-18] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [2020-06-05] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-11] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_550.7.119.0_x64__8xx8rvfyw5nnt [2020-06-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-21] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-05] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-02] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2020-08-11 23:54 - 2020-05-30 20:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2020-08-08 18:23 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-08-11 23:55 - 2020-07-09 02:36 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2015-09-11 15:17 - 2015-09-11 15:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2018-08-20 16:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90C7A8A5-6209-46D1-99FB-57EFA975DEBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4774C322-8F87-4DF5-914F-FA65DD7E57F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7408D248-7459-4EB5-A88F-1C8685F8AB89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83CFC735-8F34-4BD4-8A53-CF6EAA1C0D28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFFD72D6-FE21-4012-9129-14D4B742DEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C593CA2-C561-4BAD-8F26-105B3D35DFC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD08193A-210C-472B-8CD8-8B7834BCE82D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E0CB921-F31D-40B0-AB1C-674623D491C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36DD490E-4979-44F3-BA93-6EE9F6DFE5AD}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{D77EF0C7-9363-4BB9-AF0F-D39502EEF753}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

09-08-2020 00:29:28 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname YOGA720-15IKB.local already in use; will try YOGA720-15IKB-2.local instead

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.43.65:5353 16 YOGA720-15IKB.local. AAAA 2600:1008:B11B:EF48:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 YOGA720-15IKB.local. AAAA FE80:0000:0000:0000:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 YOGA720-15IKB.local. AAAA FE80:0000:0000:0000:D1C3:6DE0:0B25:FCD0

Error: (08/14/2020 10:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 YOGA720-15IKB.local. Addr 192.168.43.65

Error: (08/14/2020 02:49:17 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (08/12/2020 12:28:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/11/2020 11:55:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LenovoVantageService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/11/2020 11:55:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LenovoVantageService service terminated unexpectedly. It has done this 1 time(s).

Error: (08/10/2020 10:30:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/10/2020 10:30:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (08/09/2020 12:29:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv06.dll

Windows Defender:
===================================
Date: 2020-08-13 03:08:49.2440000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {0120E2C4-150F-40E2-9407-A5167591BE68}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-12 01:47:44.5520000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1C9A11BA-3A5F-4A2D-B31A-E928006DACD0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-12 01:10:22.3160000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {A4E72BBD-12D7-45D6-8AD0-CF34DC7B0DA6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-10 23:22:51.0880000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...uerboos.E!cl&threatid=2147723656&enterprise=0
Name: Trojan:Win32/Fuerboos.E!cl
ID: 2147723656
Severity: Severe
Category: Trojan
Path: file:_C:\$Recycle.Bin\S-1-5-21-260720292-2504253849-2348319339-1001\$RIQ1G6L\msi.dll.x
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.321.1133.0, AS: 1.321.1133.0, NIS: 1.321.1133.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-09 00:00:34.9820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D847B024-AACA-4DE9-9680-0E85806A37D6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-14 18:23:54.4790000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4780000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4770000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4300000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-08-14 18:23:54.4290000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.1214.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-08-03 21:55:06.2810000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.5210000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.4600000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.2190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 21:55:01.1990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.9170000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-03 19:57:57.8400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 74%
Total physical RAM: 8050.39 MB
Available physical RAM: 2065.72 MB
Total Virtual: 11041.08 MB
Available Virtual: 2043.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:85.4 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#49 ·
No problem. Yes, these are the correct logs.

One more fix for you to run. Please do the following ...

Note - this fix will empty temporary files. Save any opened browser tabs/opened documents as FRST will restart your computer.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk [2020-07-28]
    ShortcutTarget: Windows Defender.lnk -> C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe (No File)
    EmptyTemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
 
#50 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by bailey (15-08-2020 23:52:37) Run:4
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk [2020-07-28]
ShortcutTarget: Windows Defender.lnk -> C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe (No File)
EmptyTemp:

*****************

C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk => moved successfully
"C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 26501120 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 314102543 B
Java, Flash, Steam htmlcache => 1144 B
Windows/system/drivers => 25483439 B
Edge => 495840 B
Chrome => 632138853 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2752185 B
baile => 516933184 B
supportaccount => 599238973 B

RecycleBin => 147756869 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 23:55:50 ====
 
#52 ·
Since I started with you I hope iMacg3 doesn't mind if I post my observations.

The block alert is from MalwareBytes and it's the trial version that you downloaded on August 3rd, 2020. Because it's a free trial it has real-time protection for 14 days which is apparently blocking your legitimate email domain. This appears to me to be a false positive. The good news is that you can opt out of the trial which would make MalwareBytes become the free version with no real-time protection so these blocks will stop. However, the trial period should expire automatically around midnight tonight and the blocks will stop on their own if you want to just wait another day.

The bad news is......well there is no bad news, I was just teasing. :)

But, I would report it to MalwareBytes so that they may verify it and remove the block if I'm correct that it is indeed a false positive. Here's a link outlining the procedure to follow to do that:

https://forums.malwarebytes.com/topic/200068-please-read-before-posting-a-possible-fp/
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top