Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Team Viewer Warning box and Problem submitting message

8K views 89 replies 3 participants last post by  iMacg3 
#1 ·
Sorry, but this is a rather long explanation of the issues I am experience. Hopefully I was able to describe my issues so it is understandable. Thanks in advance for your assistance! :unsure:

Issues and Actions
Issue 1:
This concern initiated me posting in the forum.

For the past 3 or 4 days I get a message stating", "One or more files of your TeamViewer version are missing or have been modified. Some of the TeamViewer functionality will not be available. Please reinstall TeamViewer. (*Error 1)

I have never heard of TeamViewr. I do not remember downloading anything called TeamViewer. I think it is some sort of remote screen program?? What is it? What should I do?

I did look at Vidyo program for a virtual medical appointment this past week. Is it related to TeamViewer?

[I had an issue approximately a year ago. I was installing a new HP printer. Instructions sent me to a HP assistance web site. Web site asked me to allow screen sharing. I did thinking it was the official HP web page. I realized after a few minutes that it was not HP's official web page. I stopped the screen share program and exited the program. I posted a thread on a forum on Tech Support Guy site. I followed instructions given here, and I had a computer tech look over my machine to see if I was still allowing my screen to be shared, without knowing it. Computer tech went though my computer and found things ok. Could this be related?]

Issue 2

Action
1 I tried to download The Tech Support Utility version 1.docx to include in the message

Results
Error message "We're sorry. We can't open Tech Support Guy System Info Utility version 1.docx because we found a problem with it's contents. Details. The file is corrupt and cannot be opened." (*Error 2)

Action 2 Tried to attach *Error 2 statement to this forum message. This action initiated error message (*Error 3). "Security error occurred. Please press back, refresh the page, and try again.

Action 3
Used Snipping tool I saved a capture of *Error 2 statement and tried to paste it into forum message. I got this security error message, "Oops! We ran into some problems. Security error occurred. Please press back, refresh the page, and try again. (*Error Message 4)

I copied and pasted this from a previous post I made in Tech Support Guy Forum

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19041, Installed 20200617175859.000000-300
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz, Intel64 Family 6 Model 158 Stepping 9, CPU Count: 8
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 630, 1024 MB
Hard Drives: C: 212 GB (87 GB Free); D: 24 GB (12 GB Free);
Motherboard: LENOVO LNVNB161216, ver SDK0J40709 WIN, s/n MP1CCYG9
System: LENOVO, ver LENOVO - 1, s/n MP1CCYG9
Antivirus: Windows Defender, Enabled and Updated
 
See less See more
#4 ·
The TSG Sysinfo is not a docx file. The correct link to download it is:

https://static.techguy.org/download/tsginfo.exe

Then when you run it the utility opens with the report that you just have to copy and paste. It's not necessary now because you've copied one from another thread (assuming nothing has changed with the system) but it's just for future reference.

I've also deleted one of the attachments because it showed your first and last name which I don't believe you wanted to post on the Internet intentionally. It's only the one about the TSG Sysinfo utility so it's not important.
 
#5 ·
Please download SystemLook and save it to your Desktop.
  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following code box into the main text field:
    Code:
    :filefind
    *teamviewer*
    :folderfind
    *teamviewer*
    :regfind
    teamviewer
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
#8 ·
I clicked keep and it did let me download the program. Results follow.

Not sure if this related, but on Sunday August 3 I begin receiving hundreds of e-mails asking me to verify my account, login details, verify your email, thank you for Joining. Small example of senders INfo copy land, hello from Listue 5, ONe stop Landlord shope, Voombox Rewards, TIFFer, Make each other laugh and so on and so on. Some are in languages other than English. I notice when I logged on yesterday and today my windows security was turned off and I turned it back on both days.

Actions Taken
Turned Windows security back on.
Ran a scan. Nothing

Ran adwcleaner_8.0.7.exe quaranteed a pup that was found, but listed as not severed. Removed and restarted computer
Turned on my free copy of Ultra VPN and downloaded System Look.

Appreciate your help and thank you for deleted the attachment that I didn't check well before posting.

SystemLook 04.09.10 by jpshortstuff
Log created at 02:12 on 03/08/2020 by bailey
Administrator - Elevation successful

No Context: filefind

No Context: *teamviewer*

========== folderfind ==========

Searching for "*teamviewer*"
C:\Users\baile\AppData\Local\Temp\TeamViewer d------ [03:01 06/07/2020]
C:\Users\baile\AppData\Roaming\TeamViewer d------ [03:01 06/07/2020]

========== regfind ==========

Searching for "teamviewer"
No data found.

-= EOF =-
 
#11 ·
SystemLook 04.09.10 by jpshortstuff
Log created at 13:21 on 03/08/2020 by bailey
Administrator - Elevation successful

========== filefind ==========

-= EOF =-

Searching for "*teamviewer*"
C:\Users\baile\AppData\Roaming\Microsoft\Windows\Recent\TeamViewer Information.JPG.lnk --a---- 851 bytes [06:22 02/08/2020] [09:22 02/08/2020] FBD375E5BB055E958A031C82E7EB89E8
C:\Users\baile\AppData\Roaming\Microsoft\Windows\Recent\Teamviewer warning 1.png.lnk --a---- 515 bytes [06:27 02/08/2020] [06:27 02/08/2020] B8CABB04FAC605C414DB104D48465FCB
C:\Users\baile\AppData\Roaming\QTUpdate\TeamViewer.ini --a---- 130 bytes [03:01 06/07/2020] [22:47 16/08/2019] 84FA078491BAECF73C525D1AA793A495
C:\Users\baile\AppData\Roaming\QTUpdate\TeamViewer_Desktop.exe --a---- 6609168 bytes [03:01 06/07/2020] [05:25 09/08/2016] FBD4D1421BBD1578C303E63E9C4055AE
C:\Users\baile\AppData\Roaming\QTUpdate\TeamViewer_Resource_en.dll --a---- 709904 bytes [03:01 06/07/2020] [05:27 09/08/2016] 602E2BA95B94F7B48E33AA0EC32A1DF2
C:\Users\baile\AppData\Roaming\QTUpdate\TeamViewer_StaticRes.dll --a---- 981776 bytes [03:01 06/07/2020] [05:25 09/08/2016] B14983D47403A68FB21FE8F0810BA078
C:\Users\baile\AppData\Roaming\TeamViewer\TeamViewer11_Logfile.log --a---- 161669 bytes [17:30 28/07/2020] [17:17 03/08/2020] CB0B5160B6D28A7E37A0B712FDF2648B
C:\Users\baile\Documents\Computer\TeamViewer Information.JPG --a---- 83318 bytes [06:22 02/08/2020] [06:22 02/08/2020] A55710B2A92B66946CEB90040D250B23
C:\Users\baile\Downloads\Teamviewer warning 1.png --a---- 50375 bytes [06:27 02/08/2020] [06:27 02/08/2020] 815A297FC5A8AF86CB2361B1214187EB

========== folderfind ==========

Searching for "*teamviewer*"
C:\Users\baile\AppData\Local\Temp\TeamViewer d------ [03:01 06/07/2020]
C:\Users\baile\AppData\Roaming\TeamViewer d------ [03:01 06/07/2020]

========== regfind ==========

Searching for "teamviewer"
No data found.

-= EOF =-
 
#12 ·
I didn't have it on. I use ULTRAVPN

These were from the logs. and then today when I scanned again it guaranteed Adware.pokki again, but I didn't find say that in the notes.
Adware.pokki HKU\S-1-5-21-260720292-2504253849-2348319339-1003\Software\Host App Service
Adware.pokki HKU\S-1-5-21-260720292-2504253849-2348319339-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

Deleted HKU\S-1-5-21-260720292-2504253849-2348319339-1003\Software\Host App Service
Deleted HKU\S-1-5-21-260720292-2504253849-2348319339-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

***** [ Chromium (and derivatives) ] *****

These are two scans with Malware Bytes This is what is quarantined from scans yesterday and then today.

Again thank you for your assistance.
 

Attachments

#13 ·
Please open MalwareBytes and click in the white area of the Scan section (the middle one) but do not click on the blue scan button.

Next, click on "View Report". If there's more than one report listed select the one that you just did and click on "Export" - select "copy to clipboard" and then paste the report in a reply here please.
 
#15 ·
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/3/20
Scan Time: 2:00 PM
Log File: 87b02cf0-d5bb-11ea-8044-00ff4b07db70.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.990
Update Package Version: 1.0.27883
License: Trial

-System Information-
OS: Windows 10 (Build 19041.388)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 425923
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 19 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)
 
#16 ·
SystemLook 04.09.10 by jpshortstuff
Log created at 22:14 on 03/08/2020 by bailey
Administrator - Elevation successful

========== dir ==========

C:\Users\baile\AppData\Roaming\QTUpdate - Parameters: "(none)"

---Files---
lnk.bat --a---- 416 bytes [03:01 06/07/2020] [11:10 11/05/2020]
msi.dll.x --a---- 5647360 bytes [03:01 06/07/2020] [17:36 27/07/2020]
QTConnect.exe --a---- 24316592 bytes [03:01 06/07/2020] [05:25 09/08/2016]
TeamViewer.ini --a---- 130 bytes [03:01 06/07/2020] [22:47 16/08/2019]
TeamViewer_Desktop.exe --a---- 6609168 bytes [03:01 06/07/2020] [05:25 09/08/2016]
TeamViewer_Resource_en.dll --a---- 709904 bytes [03:01 06/07/2020] [05:27 09/08/2016]
TeamViewer_StaticRes.dll --a---- 981776 bytes [03:01 06/07/2020] [05:25 09/08/2016]
update.exe --a---- 5758046 bytes [03:01 06/07/2020] [14:28 29/06/2020]

---Folders---
None found.

-= EOF =-
 
#19 ·
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/3/20
Scan Time: 4:54 AM
Log File: 4af68a9e-d56f-11ea-b069-00ff4b07db70.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.990
Update Package Version: 1.0.27863
License: Trial

-System Information-
OS: Windows 10 (Build 19041.388)
CPU: x64
File System: NTFS
User: YOGA720-15IKB\bailey

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 308051
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 1 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 1
Malware.AI.4224728563, C:\WINDOWS\BRANDING\MEDIASVC.PNG, Quarantined, 1000000, 0, , , ,

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
Malware.AI.4224728563, C:\WINDOWS\BRANDING\MEDIASVC.PNG, Quarantined, 1000000, 0, 1.0.27863, 24E0737E58EC2630FBD03DF3, dds, 00835681
Generic.Malware/Suspicious, C:\USERS\BAILE\APPDATA\LOCAL\TEMP\XS5WELAW7JEQO2SSOKLDMSUZFFLDDTW.EXE, Quarantined, 0, 392686, 1.0.27863, , shuriken,
Generic.Malware/Suspicious, C:\USERS\BAILE\APPDATA\LOCAL\TEMP\LDZXBSU2TN8ROWGPYKE1TPIL2O3SBV8.EXE, Quarantined, 0, 392686, 1.0.27863, , shuriken,
Generic.Malware/Suspicious, C:\USERS\SUPPORTACCOUNT\DESKTOP\JUL15.EXE, Quarantined, 0, 392686, 1.0.27863, , shuriken,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)
 
#22 ·
There are a couple of things that are a bit suspicious so I'm going to ask a Malware Specialist to examine the FRST logs.

But I also noticed you have remnants of AVG and Kaspersky. In the meantime, you can delete the following folders:

C:\Users\baile\AppData\Roaming\TeamViewer
C:\Users\baile\AppData\Roaming\QTUpdate
C:\Program Files (x86)\AVG
C:\Program Files\Common Files\AVG
C:\Program Files\Common Files\AV\Kaspersky Anti-Virus
C:\Windows\System32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA}
 
#26 ·
Hi sportsmom2x2

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    VirusTotal: C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe;C:\Users\baile\AppData\Roaming\fix.ps1
    Task: {1E649CDA-95E1-4B8C-B8E8-74E8382B8CFE} - \Lenovo\ImController\TimeBasedEvents\3578e401-7899-4505-bb7f-e2699d3bdc54 -> No File <==== ATTENTION
    Task: {5F2A695C-4652-4E66-9D0F-F4622437989B} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
    Task: {63861543-5211-4E66-8801-6EFD8591E965} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
    Task: {6DC127F4-26AE-4CF1-8B85-4750BA3F33C6} - \Lenovo\ImController\TimeBasedEvents\d8f8e894-3373-4d40-8917-bafb04fe4bb4 -> No File <==== ATTENTION
    Task: {7A3D0264-EDC8-4A0D-9047-006CB6A37F61} - \Lenovo\ImController\TimeBasedEvents\960dd729-c0eb-49c1-a0ce-ca278229e491 -> No File <==== ATTENTION
    Task: {8FD88D6A-AA33-4048-8CF1-9258C185DABA} - \Lenovo\ImController\TimeBasedEvents\fcb69c11-3619-4a54-9840-18dbb3be06b4 -> No File <==== ATTENTION
    Task: {DD27DF0B-4D9F-4AC3-997C-D0FE4E778AF9} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
    Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7ralwMtuqAWhvzt1IOFaMAcIduuJdmZe%2F3qriGNINMsteBhsX4nTzv8if0sWGgtKnQxNjXsYijXol39mTSjbOqmQGwZ8RMfbrUvnq3hKH3vWcRSN%2B8ABxFsECMCz1XKVrVkyOwJKfeoKhKMw1Dn%2BTEmoGtgVW9dehbKtCdtpIoWP65Tth5bGSfnw84vm8nTEqhL2MAGSYkftDJ33biJjzoaSymfHtnBhah2XVBZH0FSMcE5jGZazMhgjPIEhW7jcaUKM2GbXMpgi72MqAZ%2B0DebAzV3ojaKV5fpXCFED0kSwhv%2FnEWk6KNggrPCE5szjO2A%3D%3D&p={searchTerms}
    Edge DefaultSearchKeyword: Default -> us.search.yahoo.com
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
    Folder: C:\WINDOWS\branding
    ExportKey: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService
    S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
    Folder: c:\ProgramData\t3460
    Folder: C:\Users\baile\AppData\Roaming\TeamViewer
    CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    FirewallRules: [{26019E5A-38C6-4D59-A5BE-8BDD267EDF6F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{6B0D2048-307F-4244-AA4F-F2E848B56A09}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{9C38DD02-D1E5-42D1-B4AC-B5184FD1F6C9}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{0BA55689-C33A-4822-9E64-B3B2B16C88F7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{C9296C30-660F-4D19-A23C-EA4864E409CA}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{13017506-C2BE-42D1-A758-995EDCCF0D55}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{2576A27D-0033-45B0-A059-CDC6B6633429}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{61D876BE-D09D-4574-8C61-A846F591D4C7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{6CA07FE1-40F3-43F8-AC26-4C66B624A746}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{1EA577F8-A4B3-4D77-A21E-CE16F2BAC4F0}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{DB3CDFC4-2BF6-4663-8BC3-5E4D862A5642}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{938EFB33-83CF-496D-95BC-EBEDF2230A57}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{2DE0C751-C20B-41D9-ACE9-FA286B5FD124}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
    FirewallRules: [{3966583E-9BD3-4AA7-ADEF-A8E228560145}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
 
#27 ·
Thank you

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-08-2020
Ran by bailey (09-08-2020 00:29:28) Run:1
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe;C:\Users\baile\AppData\Roaming\fix.ps1
Task: {1E649CDA-95E1-4B8C-B8E8-74E8382B8CFE} - \Lenovo\ImController\TimeBasedEvents\3578e401-7899-4505-bb7f-e2699d3bdc54 -> No File <==== ATTENTION
Task: {5F2A695C-4652-4E66-9D0F-F4622437989B} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {63861543-5211-4E66-8801-6EFD8591E965} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {6DC127F4-26AE-4CF1-8B85-4750BA3F33C6} - \Lenovo\ImController\TimeBasedEvents\d8f8e894-3373-4d40-8917-bafb04fe4bb4 -> No File <==== ATTENTION
Task: {7A3D0264-EDC8-4A0D-9047-006CB6A37F61} - \Lenovo\ImController\TimeBasedEvents\960dd729-c0eb-49c1-a0ce-ca278229e491 -> No File <==== ATTENTION
Task: {8FD88D6A-AA33-4048-8CF1-9258C185DABA} - \Lenovo\ImController\TimeBasedEvents\fcb69c11-3619-4a54-9840-18dbb3be06b4 -> No File <==== ATTENTION
Task: {DD27DF0B-4D9F-4AC3-997C-D0FE4E778AF9} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7ralwMtuqAWhvzt1IOFaMAcIduuJdmZe%2F3qriGNINMsteBhsX4nTzv8if0sWGgtKnQxNjXsYijXol39mTSjbOqmQGwZ8RMfbrUvnq3hKH3vWcRSN%2B8ABxFsECMCz1XKVrVkyOwJKfeoKhKMw1Dn%2BTEmoGtgVW9dehbKtCdtpIoWP65Tth5bGSfnw84vm8nTEqhL2MAGSYkftDJ33biJjzoaSymfHtnBhah2XVBZH0FSMcE5jGZazMhgjPIEhW7jcaUKM2GbXMpgi72MqAZ%2B0DebAzV3ojaKV5fpXCFED0kSwhv%2FnEWk6KNggrPCE5szjO2A%3D%3D&p={searchTerms}
Edge DefaultSearchKeyword: Default -> us.search.yahoo.com
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
Folder: C:\WINDOWS\branding
ExportKey: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
Folder: c:\ProgramData\t3460
Folder: C:\Users\baile\AppData\Roaming\TeamViewer
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
FirewallRules: [{26019E5A-38C6-4D59-A5BE-8BDD267EDF6F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6B0D2048-307F-4244-AA4F-F2E848B56A09}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS5E63\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9C38DD02-D1E5-42D1-B4AC-B5184FD1F6C9}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{0BA55689-C33A-4822-9E64-B3B2B16C88F7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS39E4\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C9296C30-660F-4D19-A23C-EA4864E409CA}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{13017506-C2BE-42D1-A758-995EDCCF0D55}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS427F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2576A27D-0033-45B0-A059-CDC6B6633429}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{61D876BE-D09D-4574-8C61-A846F591D4C7}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS3C0D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6CA07FE1-40F3-43F8-AC26-4C66B624A746}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1EA577F8-A4B3-4D77-A21E-CE16F2BAC4F0}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS35F8\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{DB3CDFC4-2BF6-4663-8BC3-5E4D862A5642}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{938EFB33-83CF-496D-95BC-EBEDF2230A57}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS501F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DE0C751-C20B-41D9-ACE9-FA286B5FD124}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{3966583E-9BD3-4AA7-ADEF-A8E228560145}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File

*****************

Restore point was successfully created.
Processes closed successfully.
"VirusTotal: C:\Users\baile\AppData\Roaming\QTUpdate\QTConnect.exe" => not found
VirusTotal: C:\Users\baile\AppData\Roaming\fix.ps1 => https://www.virustotal.com/gui/file...48c74ab4201101a4ae2c9ec1703a5ab5f9-1596950984
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E649CDA-95E1-4B8C-B8E8-74E8382B8CFE}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\3578e401-7899-4505-bb7f-e2699d3bdc54" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F2A695C-4652-4E66-9D0F-F4622437989B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F2A695C-4652-4E66-9D0F-F4622437989B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63861543-5211-4E66-8801-6EFD8591E965}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63861543-5211-4E66-8801-6EFD8591E965}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DC127F4-26AE-4CF1-8B85-4750BA3F33C6}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\d8f8e894-3373-4d40-8917-bafb04fe4bb4" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A3D0264-EDC8-4A0D-9047-006CB6A37F61}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\960dd729-c0eb-49c1-a0ce-ca278229e491" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FD88D6A-AA33-4048-8CF1-9258C185DABA}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\fcb69c11-3619-4a54-9840-18dbb3be06b4" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD27DF0B-4D9F-4AC3-997C-D0FE4E778AF9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD27DF0B-4D9F-4AC3-997C-D0FE4E778AF9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} => removed successfully
"Edge StartupUrls" => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Edge DefaultSearchKeyword" => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully

========================= Folder: C:\WINDOWS\branding ========================

2014-11-11 13:00 - 2014-11-11 13:00 - 000055808 ____A [14D089B8DB4132011FBB1DDF3CC6EB97] (important) C:\WINDOWS\branding\mediasrv.png
2014-11-11 13:00 - 2014-11-11 13:00 - 000152418 ____A [49DE4C621A5A22A3CCB9AB69BD1A5DAF] () C:\WINDOWS\branding\wupsvc.jpg
2014-11-11 13:00 - 2014-11-11 13:00 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\branding\Basebrd
2019-12-07 04:08 - 2019-12-07 04:08 - 001479368 ____A [CC0583AEB44859E5106FA3DBBD3AE983] (Microsoft Corporation) C:\WINDOWS\branding\Basebrd\basebrd.dll
2019-12-07 04:49 - 2020-06-17 17:29 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\branding\Basebrd\en-US
2020-06-17 17:26 - 2020-06-17 17:26 - 000008192 ____A [1B9E9972B86244F32D32F50DEDCAF937] (Microsoft Corporation) C:\WINDOWS\branding\Basebrd\en-US\basebrd.dll.mui
2014-11-11 13:00 - 2014-11-11 13:00 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\branding\shellbrd
2019-12-07 04:08 - 2019-12-07 04:08 - 000962048 ____A [167726ADF6B1BD73B6D2C09AFB96E853] (Microsoft Corporation) C:\WINDOWS\branding\shellbrd\shellbrd.dll

====== End of Folder: ======

================== ExportKey: ===================

[HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService]
"DependOnService"="RPCSS"
"Description"="@%SystemRoot%\System32\termsrv.dll,-267"
"DisplayName"="@%SystemRoot%\System32\termsrv.dll,-268"
"ErrorControl"="1"
"FailureActions"="80510100000000000000000003000000140000000100000060ea00000100000060ea00000000000060ea0000"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k NetworkService"
"ObjectName"="NT Authority\NetworkService"
"RequiredPrivileges"="SeAssignPrimaryTokenPrivilege*SeAuditPrivilege*SeChangeNotifyPrivilege*SeCreateGlobalPrivilege*SeImpersonatePrivilege*SeIncreaseQuotaPrivilege"
"ServiceSidType"="1"
"Start"="2"
"Type"="16"
[HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService\Parameters]
"ServiceDll"="C:\WINDOWS\branding\mediasrv.png"
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TermService\Performance]
"Close"="CloseTSObject"
"Collect"="CollectTSObjectData"
"Collect Timeout"="1000"
"Library"="C:\Windows\System32\perfts.dll"
"Open"="OpenTSObject"
"Open Timeout"="1000"
"InstallType"="1"
"PerfIniFile"="tslabels.ini"
"First Counter"="6774"
"Last Counter"="6774"
"First Help"="6775"
"Last Help"="6775"
"Object List"="6774"

=== End of ExportKey ===
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully

========================= Folder: c:\ProgramData\t3460 ========================

====== End of Folder: ======

========================= Folder: C:\Users\baile\AppData\Roaming\TeamViewer ========================

not found.

====== End of Folder: ======

HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26019E5A-38C6-4D59-A5BE-8BDD267EDF6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B0D2048-307F-4244-AA4F-F2E848B56A09}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C38DD02-D1E5-42D1-B4AC-B5184FD1F6C9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BA55689-C33A-4822-9E64-B3B2B16C88F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9296C30-660F-4D19-A23C-EA4864E409CA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13017506-C2BE-42D1-A758-995EDCCF0D55}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2576A27D-0033-45B0-A059-CDC6B6633429}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61D876BE-D09D-4574-8C61-A846F591D4C7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CA07FE1-40F3-43F8-AC26-4C66B624A746}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EA577F8-A4B3-4D77-A21E-CE16F2BAC4F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB3CDFC4-2BF6-4663-8BC3-5E4D862A5642}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{938EFB33-83CF-496D-95BC-EBEDF2230A57}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DE0C751-C20B-41D9-ACE9-FA286B5FD124}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3966583E-9BD3-4AA7-ADEF-A8E228560145}" => removed successfully

The system needed a reboot.

==== End of Fixlog 00:29:46 ====
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top