Tech Support Guy banner
Cancel
Create thread New Forums
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

What is googleapis.com?

Solved
Jump to Latest
10K views 42 replies 3 participants last post by  DR M  
#1 ·
What is googleapis.com? I am getting many e-mails with this address. I have been blocking them, but they keep coming. I have not opened any that I remember. I alway try to check the e-mail address before opening any e-mail.

I ran an adaware product, about a week ago or so but nothing found.

I am not sure if this is related, but about the same time these appeared, I will be checking facebook or doing something online and my screen will go partially black. If I move my mouse, the black screen goes away and whatever I had on my screen will be there.

My fan seems to run a lot more than it did in the past. I am not sure this is connected, but wanted to note it.

Thank you in advance for your help. This is a great site.




Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19044, Installed 20211206114142.000000-360
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz, Intel64 Family 6 Model 158 Stepping 9, CPU Count: 8
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 630, 1024 MB
Hard Drives: C: 212 GB (62 GB Free); D: 24 GB (12 GB Free);
Motherboard: LENOVO LNVNB161216, ver SDK0J40709 WIN, s/n MP1CCYG9
System: LENOVO, ver LENOVO - 1, s/n MP1CCYG9
Antivirus: Windows Defender, Enabled and Updated
 

Attachments

#2 · (Edited)
Hi and welcome back. :)

Apologies for the late reply.

I don't see something to worry about in the logs. Have you changed your email passwords? If not, it would be good to do that now, preferably from a 100% clean system.

1. Question

Have you intentionally set a restriction on Windows updates?

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe => No File
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe => No File
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe => No File
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe => No File
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Adaware Protect] => C:\Program Files\Adaware Protect\AdawareProtect.exe (No File)
Task: {BBEF7351-1502-4175-AC87-4BAB29443B41} - \Agent Activation Runtime\S-1-5-21-260720292-2504253849-2348319339-1001 -> No File <==== ATTENTION
Edge Notifications: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> hxxps://gundersenhealthengage.mrcommunities.com
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D","hxxp://www.google.com/"
2022-07-09 00:27 - 2022-07-09 23:01 - 000000000 ____D C:\Users\baile\AppData\Roaming\Adaware Protect
2022-07-09 00:27 - 2022-07-09 00:27 - 000000000 ____D C:\Users\baile\AppData\Local\AdAwareDesktop
2022-07-09 00:25 - 2022-07-09 00:25 - 017650568 _____ C:\Users\baile\Downloads\adawarewebinstaller.exe
2022-07-02 14:32 - 2022-07-02 14:32 - 000414083 _____ C:\Users\baile\Downloads\f2edba43-64f1-4b1a-8ea6-794d02dde711.tmp
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

3. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

4. Run Malwarebytes (scan only)

First uninstall Malwarebytes you have installed. It's an old version of the product. After that:
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. A reply about updates
  2. The fixlog.txt
  3. The AdwCleaner[S0*].txt
  4. The Malwarebytes report
 
Save
Like Like
#3 ·
Thank you for the reply. No I have not intentionally set restrictions on
Windows updates?

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by bailey (24-07-2022 14:36:05) Run:1
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe => No File
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe => No File
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe => No File
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe => No File
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Adaware Protect] => C:\Program Files\Adaware Protect\AdawareProtect.exe (No File)
Task: {BBEF7351-1502-4175-AC87-4BAB29443B41} - \Agent Activation Runtime\S-1-5-21-260720292-2504253849-2348319339-1001 -> No File <==== ATTENTION
Edge Notifications: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> hxxps://gundersenhealthengage.mrcommunities.com
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D","hxxp://www.google.com/"
2022-07-09 00:27 - 2022-07-09 23:01 - 000000000 ____D C:\Users\baile\AppData\Roaming\Adaware Protect
2022-07-09 00:27 - 2022-07-09 00:27 - 000000000 ____D C:\Users\baile\AppData\Local\AdAwareDesktop
2022-07-09 00:25 - 2022-07-09 00:25 - 017650568 _____ C:\Users\baile\Downloads\adawarewebinstaller.exe
2022-07-02 14:32 - 2022-07-02 14:32 - 000414083 _____ C:\Users\baile\Downloads\f2edba43-64f1-4b1a-8ea6-794d02dde711.tmp
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E063C019-70C6-42D0-BE28-D7378F0FB7B2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4765E7B2-E045-474A-99DF-C6F971C7A6CC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}" => removed successfully
"HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Adaware Protect" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BBEF7351-1502-4175-AC87-4BAB29443B41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBEF7351-1502-4175-AC87-4BAB29443B41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Agent Activation Runtime\S-1-5-21-260720292-2504253849-2348319339-1001" => removed successfully
"Edge Notifications:" => removed successfully
"Edge StartupUrls" => removed successfully
C:\Users\baile\AppData\Roaming\Adaware Protect => moved successfully
C:\Users\baile\AppData\Local\AdAwareDesktop => moved successfully
C:\Users\baile\Downloads\adawarewebinstaller.exe => moved successfully
C:\Users\baile\Downloads\f2edba43-64f1-4b1a-8ea6-794d02dde711.tmp => moved successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19044.1826

[== 3.8% ]

[== 4.0% ]

[== 5.0% ]

[=== 5.4% ]

[=== 6.3% ]

[==== 7.3% ]

[==== 8.2% ]

[===== 9.1% ]

[===== 10.1% ]

[====== 11.1% ]

[======= 12.1% ]

[======= 13.1% ]

[======= 13.7% ]

[======== 14.7% ]

[========= 15.7% ]

[========= 16.7% ]

[========== 17.7% ]

[========== 18.6% ]

[=========== 19.6% ]

[=========== 20.6% ]

[============ 21.6% ]

[============= 22.6% ]

[============= 23.5% ]

[============== 24.5% ]

[============== 25.5% ]

[=============== 26.5% ]

[=============== 27.2% ]

[================ 27.9% ]

[================ 28.6% ]

[================ 28.8% ]

[================ 28.8% ]

[================= 29.8% ]

[================= 30.8% ]

[================== 31.8% ]

[================== 32.8% ]

[=================== 33.7% ]

[==================== 34.7% ]

[==================== 35.7% ]

[===================== 36.5% ]

[===================== 37.4% ]

[====================== 38.2% ]

[====================== 39.2% ]

[====================== 39.5% ]

[======================= 39.7% ]

[======================= 40.2% ]

[======================= 40.5% ]

[======================= 40.6% ]

[======================= 41.1% ]

[======================== 41.7% ]

[======================== 41.8% ]

[======================== 42.0% ]

[======================== 42.1% ]

[======================== 42.3% ]

[======================== 43.1% ]

[========================= 43.2% ]

[========================= 43.7% ]

[========================= 44.2% ]

[========================= 44.6% ]

[========================== 44.8% ]

[========================== 45.4% ]

[========================== 46.0% ]

[===========================46.6% ]

[===========================47.6% ]

[===========================48.6% ]

[===========================49.6% ]

[===========================50.6% ]

[===========================51.5% ]

[===========================52.5% ]

[===========================53.5% ]

[===========================54.3% ]

[===========================54.5% ]

[===========================54.5% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.0% ]

[===========================55.1% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.0% ]

[===========================56.1% ]

[===========================56.2% ]

[===========================56.2% ]

[===========================56.2% ]

[===========================57.1%= ]

[===========================58.0%= ]

[===========================59.0%== ]

[===========================60.0%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========

========= SFC /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26858966 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 17511501 B
Edge => 0 B
Chrome => 1187660268 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 474458 B
baile => 469316818 B

RecycleBin => 75381 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:46:44 ====
 
#4 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-24-2022
# Duration: 00:00:05
# OS: Windows 10 Home
# Scanned: 32049
# Detected: 5

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\baile\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1

AdwCleaner[S00].txt - [1861 octets] - [24/07/2022 15:02:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 
#5 ·
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/24/22
Scan Time: 3:12 PM
Log File: ee03524e-0b8c-11ed-ab55-28c63fa6b728.json

-Software Information-
Version: 4.5.11.202
Components Version: 1.0.1716
Update Package Version: 1.0.57694
License: Trial

-System Information-
OS: Windows 10 (Build 19044.1826)
CPU: x64
File System: NTFS
User: YOGA720-15IKB\bailey

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 302912
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 5 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)
 
#8 ·
Google APIs are application programming interfaces developed by Google which allow communication with Google Services and their integration to other services. Examples of these include Search, Gmail,
 
Save
Like Like
#9 ·
Hi, Sportsmom2x2.

The good news is that the last logs are clean. The detected by AdwCleaner items are related to pre-installed software, software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

If you want to remove this software (IMController Service), please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.
=================

Now...

In your initial post you said that you are getting emails from googleapis.com. Are you still getting those emails? Are you using Gmail? If not what is your email client?

googleapis.com is a legitimate service (API) provided by Google, however, cyber criminals (scammers) use it to promote various 'tech' (technical) support scams, to get money.

So the best thing for you to do, is to send these emails directly to the Spam folder. You can even report these emails to Google, if you are using Gmail: Avoid and report phishing emails - Gmail Help (google.com)

Another possibility is a browser extension to be causing this. Although these extensions are not detected as potentially unwanted apps, and I have seen them in many users' logs, perhaps it would be a good idea to disable/remove them for a while from both, Chrome and Edge, and check if you are still getting those emails.

Capital One Shopping: Add to Chrome for Free
Chrome Web Store Payments
PayPal Honey: Automatic Coupons & Cash Back
Rakuten: Get Cash Back For Shopping

See here about removing an extension from Chrome: Install and manage extensions - Chrome Web Store Help (google.com)
See here about removing an extension from Edge: Add, turn off, or remove extensions in Microsoft Edge

In your next reply please post:
  1. What you did with pre-installed software and the AdwCleaner log if you decided to remove it
  2. What email client are you using
  3. What you did with the above extensions
  4. Fresh FRST logs, Addition and FRST
 
Save
Like Like
#10 ·
I did not remove AdwCleaner or the pre-installed software yet.
I am using Midwest Tel Net a consortium of companies that provides local Internet access throughout much of southwest Wisconsin. mwt.net
I am still receiving numerous e-mails with googleapis.com. in their address. I keep blocking them, but I continue to get them. I will post a few to show you what they look like. I get many each day, and many are from the same ads that I have blocked with my e-mail software. I haven't deleted any extension yet, but will do that next.
 
#11 ·
I disallowed these extensions from Chrome
Capital One Shopping: Add to Chrome for Free
0.1.1065.803
Google Docs Offline
1.46.0
Grammarly: Grammar Checker and W
Password Manager
Malwarebytes Browser Guard
2.4.4
PayPal Honey: Automatic Coupons & Cash Back
15.0.0
Rakuten:

I removed the password manager from Edge. I usually use Chrome.

Image
 
#12 ·
I am not keen on opening these e-mails, but when I do try to unsubscribe, it asks me what e-mail I want to subscribe. I don't answer the question. I close it and I block the address.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by bailey (administrator) on YOGA720-15IKB (LENOVO 80X7) (25-07-2022 23:45:39)
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe ->) (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\Tablet\ISD\WacomHost.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(C:\Program Files\Tablet\ISD\WTabletServiceISD.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(C:\Program Files\Tablet\ISD\WTabletServiceISD.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(explorer.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(services.exe ->) (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3427104 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1675680 2021-09-24] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [999216 2017-04-28] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [iTunesHelper] => C:\Users\baile\Downloads\iTunesHelper.exe [362056 2022-05-05] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Polarr] => C:\ProgramData\SquirrelMachineInstalls\Polarr.exe [73300232 2020-06-16] (Polarr, Inc. -> Polarr, Inc.) [File not signed]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [373600 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [com.messenger] => C:\Users\baile\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850272 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [MicrosoftEdgeAutoLaunch_28592876E98F8F2D1ACBC81E37875FC3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601832 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: hpinksts5912LM.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-20] (Google LLC -> Google LLC)
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-12-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D1A0E28-984C-4DDE-93C5-192BF7AEECF1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b81639f9-d07f-4a3f-8a9a-2626ce317587 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {0E41EACB-602F-472D-A50B-BAC99EBC6892} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {138C7D27-E8F7-45CF-824E-5382F35FB876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {25B126E2-E129-4B8C-A051-AE8F6C2AC12F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {39A65963-D208-4806-8371-A66F4D674898} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ae1c7c48-a604-42db-8c06-da05048ecb24 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {423876FA-8076-4EC4-85E9-ACD4A872B305} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {520466DE-6DD9-4F86-9709-73F62CBD3F3B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5A4AA891-B5B5-491A-B09C-0031696ACB57} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\cb7b168a-635f-4f8e-857d-1ed3029452b3 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {67D4A97A-0D3A-4F28-B811-E4CDBB4E3265} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {73550D09-5A6A-4482-B8D8-0D8591B664CB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\da7ccf7f-e9c8-4e46-9382-87a69297957d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {89D5A68D-654B-4EA6-B649-906A0A8A025A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {93F63E1D-286B-49CB-BBDD-5519645169DA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C04A449-8987-4E14-8441-59170EA2550E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9C2BA2A0-FA2A-4F9A-9DF1-4272FFBE6DA8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {A56BF960-2061-4255-B333-8E30E8125CCF} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [147864 2022-05-12] (Lenovo -> Lenovo Group Ltd.)
Task: {A916A2F8-CBFE-48C2-8292-5CF5098D3221} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32808 2020-01-14] (HP Inc. -> )
Task: {C31EE3BC-E9DE-46E0-8FB9-5759B90D2C3B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3ca20e29-8071-49e6-8fc3-e5a7233357ae => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D707244B-8498-47F1-BAE9-130DFD42827F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D7E912F0-CD6F-456B-A47A-42DCED783974} - System32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DC596BF4-3AC6-4BBF-9967-ABE846A5AE6A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3427104 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DF9FF5CE-1471-4C78-B852-7D1B1052DE92} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3DE61F8-9E15-49ED-AF2A-2703AF4F62C7} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {FD626CC5-1411-4E27-A5E2-50615DBCBB31} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22bdf8f0-d55e-4cab-bdff-f39f79a367ff}: [NameServer] 10.66.0.1
Tcpip\..\Interfaces\{3c4a9f21-8085-4361-98eb-ab3060e81302}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\baile\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-25]
Edge HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D","hxxp://www.google.com/"
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2022-07-25]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2022-07-25]
Edge Extension: (Fancy & Cool Text Generator) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fafnphaopehepcmfnakggljonnhkofpk [2022-07-25]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2022-07-25]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll [2019-09-12] (Parallel Graphics Limited -> ParallelGraphics)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\baile\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default [2022-07-25]
CHR Notifications: Default -> hxxps://typiccor.com; hxxps://www.facebook.com; hxxps://www.messenger.com; hxxps://www.youtube.com
CHR HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-06-28]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2022-07-25]
CHR Extension: (Netflix) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-12-31]
CHR Extension: (Google Docs Offline) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-07-22]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-28]
CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2022-07-23]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-08-15]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\System Profile [2020-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3815712 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3580200 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [100424 2022-05-02] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437088 2021-01-18] (Express Vpn LLC -> ExpressVPN)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [225368 2022-07-19] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-24] (Malwarebytes Inc. -> Malwarebytes)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-01-18] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-01-18] (Express VPN International Ltd. -> ExpressVPN)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-24] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKslb55dafe2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{423AE9B0-7780-4E02-9D87-0E1D482FE850}\MpKslDrv.sys [141576 2022-07-25] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-01-18] (ExprsVPN LLC -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-25 23:45 - 2022-07-25 23:46 - 000028977 _____ C:\Users\baile\Desktop\FRST.txt
2022-07-24 15:10 - 2022-07-24 15:10 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-24 15:10 - 2022-07-24 15:10 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-24 15:10 - 2022-07-24 15:10 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-24 15:09 - 2022-07-24 15:09 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-24 15:09 - 2022-07-24 15:09 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-24 15:09 - 2022-07-24 15:09 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-24 15:09 - 2022-07-24 15:09 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-24 15:09 - 2022-07-24 15:08 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-07-24 15:09 - 2022-07-24 15:08 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-07-24 15:08 - 2022-07-24 15:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-24 15:07 - 2022-07-24 15:07 - 002556344 _____ (Malwarebytes) C:\Users\baile\Desktop\MBSetup-EB55A6A1.exe
2022-07-24 15:02 - 2022-07-24 15:02 - 000000000 ____D C:\AdwCleaner
2022-07-24 15:01 - 2022-07-24 15:01 - 008551608 _____ (Malwarebytes) C:\Users\baile\Desktop\AdwCleaner.exe
2022-07-24 14:48 - 2022-07-24 14:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-07-24 08:57 - 2022-07-24 08:57 - 000000000 ____D C:\WINDOWS\Panther
2022-07-20 01:31 - 2022-07-20 01:32 - 002270936 _____ (Cermak Technologies, Inc.) C:\Users\baile\Desktop\tsginfo.exe
2022-07-20 01:08 - 2022-07-25 23:46 - 000000000 ____D C:\FRST
2022-07-20 01:07 - 2022-07-24 14:35 - 002369536 _____ (Farbar) C:\Users\baile\Desktop\FRST64.exe
2022-07-18 11:34 - 2022-07-18 11:34 - 000001916 _____ C:\Users\Public\Desktop\iTunes.lnk
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\WebKit.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\MediaAccessibility.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\iTunes.Resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\Foundation.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\CoreText.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\CoreMedia.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\CoreFoundation.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\ColorSync.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\CFNetwork.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\AVFoundationCF.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\Users\baile\Downloads\AuthKitWin.resources
2022-07-18 11:34 - 2022-07-18 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2022-07-18 11:33 - 2022-07-18 11:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2022-07-18 11:33 - 2022-07-18 11:33 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2022-07-14 16:13 - 2022-07-14 16:13 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-14 16:13 - 2022-07-14 16:13 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-14 16:13 - 2022-07-14 16:13 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-14 16:13 - 2022-07-14 16:13 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-14 16:13 - 2022-07-14 16:13 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-14 16:13 - 2022-07-14 16:13 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-14 16:13 - 2022-07-14 16:13 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-14 16:13 - 2022-07-14 16:13 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-14 16:13 - 2022-07-14 16:13 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-14 16:13 - 2022-07-14 16:13 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-14 16:07 - 2022-07-14 16:07 - 000000000 ___HD C:\$WinREAgent
2022-06-28 21:45 - 2022-06-28 21:46 - 000000000 ____D C:\Users\baile\Documents\Facebook

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-25 23:39 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-25 23:34 - 2017-12-30 23:57 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-25 23:10 - 2017-12-20 16:47 - 000000000 ____D C:\Users\baile\Documents\Outlook Files
2022-07-25 22:15 - 2021-12-06 12:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-25 20:21 - 2021-12-06 12:41 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B393C7FE-B95B-48A2-8819-C5B1623E23B2}
2022-07-25 11:24 - 2019-10-01 21:08 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-07-25 10:49 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-25 10:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-25 10:34 - 2017-12-20 01:53 - 000000000 ____D C:\Users\baile\AppData\Local\Adobe
2022-07-25 10:33 - 2022-02-18 18:16 - 000000000 ____D C:\Users\baile\AppData\Roaming\Messenger
2022-07-25 10:33 - 2022-02-18 18:16 - 000000000 ____D C:\Users\baile\AppData\Local\Messenger
2022-07-24 15:09 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-07-24 15:08 - 2018-04-12 16:41 - 000000000 ____D C:\Program Files\Malwarebytes
2022-07-24 14:55 - 2021-12-06 12:44 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-24 14:55 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-24 14:47 - 2021-12-06 12:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-24 14:47 - 2021-12-06 12:18 - 000000000 ____D C:\Users\baile
2022-07-24 14:47 - 2020-06-17 17:53 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-24 14:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-07-24 14:47 - 2019-12-07 04:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2022-07-24 14:38 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-24 11:12 - 2020-06-26 03:38 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-24 11:12 - 2020-06-26 03:38 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-21 02:01 - 2019-10-17 17:34 - 000001717 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2022-07-21 01:50 - 2018-01-05 01:17 - 000000000 ____D C:\Users\baile\Documents\Dog Information
2022-07-20 21:57 - 2019-10-15 22:06 - 000000000 ____D C:\Users\baile\Documents\Medicare
2022-07-20 13:06 - 2020-07-13 23:29 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-20 13:06 - 2017-12-30 23:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-20 02:04 - 2018-05-19 01:49 - 000000000 ____D C:\Users\baile\AppData\Local\D3DSCache
2022-07-19 18:18 - 2018-02-13 00:29 - 000000000 ____D C:\Users\baile\Documents\Recipies
2022-07-19 13:58 - 2021-05-09 03:29 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2022-07-19 13:57 - 2022-03-21 12:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2022-07-18 12:08 - 2018-02-12 19:35 - 000000000 ____D C:\Users\baile\Documents\Bank of America
2022-07-18 11:34 - 2019-06-12 17:45 - 000000000 ____D C:\Users\baile\Downloads\JavaScriptCore.resources
2022-07-18 11:33 - 2017-12-22 23:38 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2022-07-18 10:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-07-15 14:43 - 2022-05-16 14:43 - 000003882 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2022-07-15 04:44 - 2021-12-06 12:34 - 000442704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-15 04:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-15 04:40 - 2021-06-15 19:51 - 000000000 ____D C:\Users\baile\Documents\Royal BAnk
2022-07-14 16:13 - 2021-12-06 12:35 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-14 16:07 - 2017-12-20 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-14 16:05 - 2017-12-20 02:26 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-14 09:51 - 2021-12-13 00:08 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-260720292-2504253849-2348319339-1001
2022-07-14 09:51 - 2021-12-06 12:41 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1001
2022-07-14 09:51 - 2021-12-06 12:18 - 000002386 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-02 13:41 - 2017-12-19 22:12 - 000000000 ____D C:\Users\baile\AppData\Local\Packages
2022-07-02 13:37 - 2022-02-08 00:05 - 000000000 ____D C:\Users\baile\AppData\Local\babl-0.1
2022-07-02 13:37 - 2022-02-07 23:57 - 000000000 ____D C:\Program Files\GIMP 2
2022-06-30 00:44 - 2018-05-05 15:45 - 000000000 ____D C:\Users\baile\Documents\Pam
2022-06-25 01:39 - 2018-06-17 16:34 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ========

2018-09-25 23:03 - 2018-09-25 23:03 - 000000000 _____ () C:\Users\baile\AppData\Local\oobelibMkey.log
2022-02-08 00:07 - 2022-02-08 00:07 - 000000886 _____ () C:\Users\baile\AppData\Local\recently-used.xbel
2019-08-09 17:03 - 2019-08-09 17:03 - 000000017 _____ () C:\Users\baile\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
#13 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by bailey (25-07-2022 23:47:17)
Running from C:\Users\baile\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2021-12-06 17:41:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.7.0.35 - Adobe Inc.)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.1.5699.1 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B3CA448-5266-480F-85FA-2FCCB3C8712C}) (Version: 15.6.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{A6B270EC-19A3-4B33-B78A-297EC57E5B2F}) (Version: 11.6.0.1039 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{DCBA66F6-FF88-47BF-BC2C-8A8D187911C1}) (Version: 12.12.4.1 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.01.415.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Messenger (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 153.0.374858836 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5459.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (HKLM-x32\...\{2757496A-3E74-320A-B007-36120A9F126D}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (HKLM-x32\...\{39E15475-23F2-345D-8977-B5DC47A94E26}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5459.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5459.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5459.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-6) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-09-27] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.1.4.0_x64__38kynpdw5g1aw [2022-03-11] (Wacom Europe GmbH)
Clockmaker: Match Three in Row -> C:\Program Files\WindowsApps\SamfinacoLimited.ClockmakerMatchThreeinRow_66.1.2.0_x86__aj0b1qrpyg0w6 [2022-07-19] (Samfinaco Limited)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-12-06] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-09-27] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_137.1.291.0_x64__v10z8vjag6ke6 [2022-07-19] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa [2021-12-07] (Apple Inc.) [Startup Task]
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_13.4.99.0_x86__nzyj5cx40ttqa [2022-06-25] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-04] (Instagram)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.69.0.0_neutral__qq0fmhteeht3j [2022-03-19] (LastPass)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1560.21.216.0_x64__8xx8rvfyw5nnt [2022-07-20] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-12] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.10620.425.0_x64__8wekyb3d8bbwe [2022-07-06] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-04-28] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-09-27] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-24] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-24] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2019-07-11 02:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 14:44 - 2021-04-04 00:13 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\baile\Pictures\2021\LacDuFlambau\Lake side.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Polarr"
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "ExpressVPN4"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57382B5D-78B2-4D71-A607-7BC55AB1DC39}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{6BF03055-F70E-4244-BA2F-FDDEDF019799}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8B478F1-23B7-4462-BD52-E23F51E962AD}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F13C3B0E-4D3C-451F-B890-E197F4004300}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{01A999BC-5020-4835-9026-06C03CD85CC1}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{90ABED8A-B5B8-43C9-A956-C207F95C6F77}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS110F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{35370DDD-30DC-438D-9BFD-2D09D0F06F7C}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS110F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{68A69BA2-40EB-4A44-90F6-1D2B98C965CB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0834\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{20484C67-BB26-42F8-8DE4-2ED38C23DB33}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0834\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{EAA915A1-DDCE-4FC1-ADB1-AA54CA943011}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A44CD09D-F786-44BC-AD0F-2E853F895782}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{71AC5D1D-B313-476D-A383-8A94353A551C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0871136-07A8-4AF8-9122-9DC6A545ABA5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0D63A6C-6EF1-4836-9C73-A98E33F4D8AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{417EBEE3-05BB-4CB8-A3FA-FCAFA91B99B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FAB30AD2-78C5-4888-B907-DD6F1CAF8F7E}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{BA2BC9EC-D221-4971-9DBD-E53669AD07E5}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7D84BD1A-11DF-49FA-B679-A85E0B5DACBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6BAEDD29-DBA0-4678-BEF5-82E80BB617D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D87B626D-C1BD-443A-9B84-2A3D70E019EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{58D88ED5-CD4A-4AB0-8C38-B18FA3067458}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B3709CFF-B170-41FF-8E4C-AD8106D0B03B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1613AA52-D9B8-43B6-B499-23CAB3C6C76D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{874C37C0-1298-42BA-A152-646327340242}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A12C1016-54A4-4FB8-8D3B-F4EDEE48626C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

09-07-2022 23:01:18 Removed Adaware Safe Browser
14-07-2022 16:07:03 Windows Modules Installer
14-07-2022 16:08:12 Windows Modules Installer
24-07-2022 14:36:06 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (07/25/2022 12:00:08 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: YOGA720-15IKB)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (07/25/2022 12:00:08 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: YOGA720-15IKB)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/24/2022 03:18:41 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (07/24/2022 03:18:36 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (07/24/2022 03:18:31 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (07/24/2022 03:18:26 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (07/24/2022 03:18:21 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (07/24/2022 03:18:16 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (07/24/2022 04:32:23 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/24/2022 02:47:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (07/24/2022 02:47:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (07/24/2022 02:47:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (07/24/2022 02:36:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/24/2022 02:36:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/24/2022 02:36:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/24/2022 02:36:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

Windows Defender:
================
Date: 2022-07-24 23:38:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-24 14:31:42
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-24 13:23:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-23 10:18:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-22 11:11:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-07-25 23:41:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 65%
Total physical RAM: 8050.39 MB
Available physical RAM: 2780.43 MB
Total Virtual: 13682.39 MB
Available Virtual: 7062.32 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:62.81 GB) (Model: NVMe SAMSUNG MZVLW256) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.07 GB) (Model: NVMe SAMSUNG MZVLW256) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.44 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#14 ·
I am using Midwest Tel Net a consortium of companies that provides local Internet access throughout much of southwest Wisconsin. mwt.net
Click to expand...
Is your email provider by this? Or is it Gmail, yahoo, outlook etc.?

I still see these extensions in Chrome and Edge:

CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back)
CHR Extension: (Rakuten: Get Cash Back For Shopping)
CHR Extension: (Capital One Shopping: Add to Chrome for Free)
CHR Extension: (Chrome Web Store Payments)

Also, I see that you didn't change the Malwarebytes settings as I asked you when you ran it:

Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code: 
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
Question:

The Edge startup page (search.yahoo) returned. It's a legitimate page, however, there are plenty of browser hijackers which will redirect the user's search queries to it. If you didn't intentionally set it, then it has to be removed. Did you?

I will be waiting for your reply before I give you another fix.
 
Save
Like Like
#15 ·
Interesting. I did change those settings the first time in Malware. I don't like to use Edge, I use Chrome, but I have Edge and sometimes it opens in Internet Explorer.

I disabled these as you instructed the first time. This time I removed them from both Chrome and Edge
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back)
CHR Extension: (Rakuten: Get Cash Back For Shopping)
CHR Extension: (Capital One Shopping: Add to Chrome for Free)
CHR Extension: (Chrome Web Store Payments) This one I didn't find
 
#18 ·
I double checked and Malware settings are you instructed.
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-26-2022
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 5
# Awaiting reboot:1
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\baile\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Needs Reboot Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****

***** [ Folders ] *****

Cleaning failed C:\Windows\LENOVO\IMCONTROLLER

*************************

AdwCleaner[S00].txt - [1861 octets] - [24/07/2022 15:02:18]
AdwCleaner[S01].txt - [1922 octets] - [24/07/2022 15:02:57]
AdwCleaner[S02].txt - [1983 octets] - [26/07/2022 15:57:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
 
#20 ·
Hello.

Let's check Edge first.
  • Open Edge and click on the 3 dots at the upper right corner. Select Settings.
  • From the menu at the left choose Start, Home and new tabs.
  • In the section When Edge starts, check if search.yahoo is listed. If yes, click on the 3 dots beside it and choose delete.
Since you removed the pre-installed software, I'll need fresh FRST logs to check.
 
Save
Like Like
#22 ·
I marked this topic as Inactive, due to lack of feedback. If you still need assistance, you can post here again, or, if the thread is closed, send me a personal message (hover the mouse on my profile avatar and press Start a conversation) with a link to the topic.
 
Save
Like Like
#26 ·
Hi, sportsmom.

Thanks for all the info given.

Please check the following extensions and remove them:

Edge:
PayPal Honey: Automatic Coupons & Cash Back
Rakuten: Get Cash Back For Shopping

Chrome:
PayPal Honey: Automatic Coupons & Cash Back
Rakuten: Get Cash Back For Shopping
Capital One Shopping: Add to Chrome for Free
Chrome Web Store Payments

Since changes have been done after the last FRST logs, please run the tool once more and give me the new logs. Do any possible change before the logs.
 
Save
Like Like
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Guy
posts
9.9M
members
873K
Since
1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking