View Full Version : install.365-stream.com
Hi Guys,
I stupidly downloaded install.365-stream.com which is now continually giving me advertisements from within my chrome browser. Through google searches I can see that this is a dangerous malware. I've downloaded the spybot software and carried out the scan but nothing has changed with regards to the browser malware that has got into my laptop. Any help would be appreciated. I searched on the forum for similar issues but didn't find anything.
Regards
Phil
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2019 01
Ran by Phil (administrator) on LAPTOP-CR9VHLAG (16-03-2019 12:56:46)
Running from C:\Users\Phil\Downloads
Loaded Profiles: Phil (Available Profiles: Phil)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\IntelCpHDCPSvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avanquest Software SAS -> Avanquest Software) C:\Users\Phil\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.57.1939\GoogleDriveFS.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\29.1.57.1939\crashpad_handler.exe
(Zwift, Inc. -> ) C:\Program Files (x86)\Zwift\ZwiftLauncher.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\igfxext.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Phil\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Phil\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
(Corel Corporation -> Gravit GmbH) C:\Program Files\Gravit GmbH\Gravit Designer\Gravit Designer.exe
(Corel Corporation -> Gravit GmbH) C:\Program Files\Gravit GmbH\Gravit Designer\Gravit Designer.exe
(Corel Corporation -> Gravit GmbH) C:\Program Files\Gravit GmbH\Gravit Designer\Gravit Designer.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\coNatHst.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1893312 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391504 2018-03-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502672 2018-03-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502672 2018-03-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [1234816 2017-11-02] (Zwift, Inc. -> )
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Run: [Avanquest Message] => C:\Users\Phil\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software SAS -> Avanquest Software)
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe [33291560 2019-02-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Phil\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Phil\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\RunOnce: [Uninstall 19.002.0107.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phil\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64"
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\RunOnce: [Uninstall 19.002.0107.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phil\AppData\Local\Microsoft\OneDrive\19.002.0107.0008"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-13] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bb25d207-0732-40ad-bca4-42b1569601ca}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c4214918-640e-4b2e-ab25-e3c90d0caee3}: [DhcpNameServer] 10.66.184.1
Internet Explorer:
==================
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001 -> DefaultScope {E27C68B8-CBD9-4671-BCE5-3D4FCDDB0E00} URL =
SearchScopes: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001 -> {E27C68B8-CBD9-4671-BCE5-3D4FCDDB0E00} URL =
FireFox:
========
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-11-18] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-11-18] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-11-18] [Legacy]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-2431328955-3914487260-2808363909-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Phil\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-02-06] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default [2019-03-16]
CHR Extension: (Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-11]
CHR Extension: (Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-11]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-11]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-11]
CHR Extension: (Norton Security Toolbar) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-03-14]
CHR Extension: (Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-03-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-02]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-14] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-25] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-25] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [179272 2018-03-19] (Intel(R) Smart Sound Technology -> Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation -> Symantec Corporation)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-06-06] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-06-06] (Acer Incorporated -> Acer Incorporated)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-05-23] (Acer Incorporated -> acer)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\BASHDefs\20180627.005\BHDrvx64.sys [1879632 2018-05-09] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-05-11] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-05-11] (Symantec Corporation -> Symantec Corporation)
R1 googledrivefs2622; C:\WINDOWS\System32\DRIVERS\googledrivefs2622.sys [122920 2019-01-09] (Google LLC -> Google, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-14] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\IPSDefs\20180628.061\IDSvia64.sys [1298000 2018-05-24] (Symantec Corporation -> Symantec Corporation)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2015-06-24] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvac.inf_amd64_39272b911ad4f51f\nvlddmkm.sys [17036560 2018-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-07] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-08-18] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation -> Symantec Corporation)
S3 SymEvnt; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\SymPlatform\SymEvnt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-16 12:56 - 2019-03-16 12:57 - 000028279 _____ C:\Users\Phil\Downloads\FRST.txt
2019-03-16 12:55 - 2019-03-16 12:56 - 000000000 ____D C:\FRST
2019-03-16 12:55 - 2019-03-16 12:55 - 002433536 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
2019-03-16 12:52 - 2019-03-16 12:52 - 001792000 _____ (Farbar) C:\Users\Phil\Downloads\FRST.exe
2019-03-15 08:53 - 2017-03-19 01:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190315-085342.backup
2019-03-15 07:04 - 2019-03-15 15:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-03-15 07:04 - 2019-03-15 07:10 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-03-15 07:04 - 2019-03-15 07:04 - 000001468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2019-03-15 07:04 - 2019-03-15 07:04 - 000001456 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2019-03-15 07:04 - 2019-03-15 07:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-03-15 07:04 - 2019-03-15 07:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-03-15 07:04 - 2019-03-15 07:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2019-03-15 07:04 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2019-03-15 06:58 - 2019-03-15 07:01 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\Phil\Downloads\spybotsd-2.7.64.0.exe
2019-03-14 07:52 - 2019-03-14 07:52 - 000037005 _____ C:\Users\Phil\Downloads\Profit+Margin+Calculator.xlsx
2019-03-14 05:33 - 2019-03-14 05:33 - 000049415 _____ C:\Users\Phil\Downloads\AndersenEV-financials.xlsx
2019-03-05 21:19 - 2019-03-05 21:36 - 419430400 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part4.rar
2019-03-05 21:19 - 2019-03-05 21:36 - 372826668 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part5.rar
2019-03-05 21:19 - 2019-03-05 21:32 - 419430400 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part3.rar
2019-03-05 20:57 - 2019-03-05 20:57 - 001185968 _____ (Igor Pavlov) C:\Users\Phil\Downloads\7z1900.exe
2019-03-05 20:57 - 2019-03-05 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-03-05 20:57 - 2019-03-05 20:57 - 000000000 ____D C:\Program Files (x86)\7-Zip
2019-03-05 20:39 - 2019-03-05 20:54 - 419430400 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part2.rar
2019-03-05 20:35 - 2019-03-05 20:52 - 419430400 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part1.rar
2019-02-23 20:59 - 2019-02-23 20:59 - 000473971 _____ C:\Users\Phil\Downloads\Makup+Pads+Requirements.pdf
2019-02-23 20:56 - 2019-02-23 20:56 - 014360711 _____ C:\Users\Phil\Downloads\Quote+about+make-up+pads.pdf
2019-02-23 20:24 - 2019-02-23 20:24 - 000286327 _____ C:\Users\Phil\Downloads\quotation+sheet+for+remover+pads-+Yiwu+Niki.pdf
2019-02-18 21:42 - 2019-02-18 21:42 - 000001554 _____ C:\Users\Phil\Downloads\DINR_535_12_02_2019.xls
2019-02-16 19:56 - 2019-02-16 19:56 - 000002354 _____ C:\Users\Phil\Downloads\c16c63201e57b52fad02ecfcd4dbcc5f (1).pdf
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-16 12:56 - 2018-04-12 03:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-16 12:55 - 2018-04-12 03:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-16 12:53 - 2018-08-18 11:16 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{11E608BC-7369-4500-BEAA-FD3D97F4A7FC}
2019-03-16 12:53 - 2018-08-18 11:16 - 000003508 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2019-03-16 12:50 - 2018-05-11 18:20 - 000000000 ____D C:\Users\Phil\AppData\Local\Host App Service
2019-03-16 12:50 - 2018-04-12 03:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-15 09:58 - 2018-08-18 11:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-15 09:38 - 2019-01-22 22:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2019-03-14 18:13 - 2018-05-18 16:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-14 18:03 - 2018-05-18 16:09 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-14 14:06 - 2018-12-21 20:56 - 000000000 ____D C:\Users\Phil\AppData\Roaming\GravitDesigner
2019-03-14 05:03 - 2018-04-12 03:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-13 14:45 - 2018-05-11 22:31 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-13 14:03 - 2017-11-18 00:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-05 21:38 - 2018-08-18 11:16 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2431328955-3914487260-2808363909-1001
2019-03-05 21:38 - 2018-08-18 11:13 - 000002368 _____ C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-05 21:38 - 2018-05-11 18:25 - 000000000 ___RD C:\Users\Phil\OneDrive
2019-03-02 16:00 - 2018-05-11 18:13 - 000000000 ____D C:\Program Files\rempl
2019-03-02 15:56 - 2018-05-18 15:55 - 000000000 ____D C:\Road Grand Tours
2019-02-23 18:46 - 2018-07-29 18:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-08-18 11:12
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by Phil (16-03-2019 12:57:42)
Running from C:\Users\Phil\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-08-18 07:17:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2431328955-3914487260-2808363909-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2431328955-3914487260-2808363909-503 - Limited - Disabled)
Guest (S-1-5-21-2431328955-3914487260-2808363909-501 - Limited - Disabled)
Phil (S-1-5-21-2431328955-3914487260-2808363909-1001 - Administrator - Enabled) => C:\Users\Phil
WDAGUtilityAccount (S-1-5-21-2431328955-3914487260-2808363909-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Out of date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Disabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3014 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3004 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Host App Service) (Version: 0.273.2.988 - SweetLabs) <==== ATTENTION
Avanquest Message (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
Egistec Touch Fingerprint Sensor WBF Driver (HKLM-x32\...\{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.3.10 - Egis Technology Inc.) Hidden
EgisTec Touch Fingerprint Sensor WBF Driver (HKLM-x32\...\InstallShield_{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.3.10 - Egis Technology Inc.)
Garmin VIRB Edit (HKLM\...\{E392085B-28B2-412F-8F1E-428FF49EDAE5}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin VIRB Edit (HKLM-x32\...\{cc055528-a612-43bb-abc2-46ea35d6306e}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 29.1.85.2056 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Gravit Designer 3.5.10 (HKLM\...\73ce129c-e9ab-5027-8f0d-8b378da1411c) (Version: 3.5.10 - Gravit GmbH)
inPixio Photo Clip 8 (HKLM-x32\...\{65634D2B-B6D1-4B35-B4C9-F3999B8D008B}) (Version: 8.5.0 - InPixio)
InPixio Photo Focus (HKLM-x32\...\{D7DF4A1C-F5CD-49F6-927E-12E6A8EF4174}) (Version: 3.7 - InPixio)
InPixio Photo Maximizer 4 (HKLM-x32\...\{AC2A153C-6E2B-486D-B048-55DA6A855B32}) (Version: 4.0.2 - InPixio)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.7.0 - InPixio)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4735 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1724.2 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8224 - Realtek Semiconductor Corp.)
Road Grand Tours (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Road Grand Tours) (Version: 1.0.0.0 - RoadGrandTours Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
The Sufferfest Training System (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\sufferfest) (Version: 5.4.2 - The Sufferfest Pte Ltd)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Zoom (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\ZoomUMX) (Version: 4.3 - Zoom Video Communications, Inc.)
Zwift version 1.0.39 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.0.39 - Zwift, LLC)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\igfxDTCM.dll [2017-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02EDEBD4-0BE0-4511-9074-1D273CB5B934} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe (Symantec Corporation -> Symantec Corporation)
Task: {0B1080F2-4C47-453F-B03C-9C0708163E2C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0BB861DD-62D6-4F4E-8EDD-106704CCA3E0} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
Task: {0F673FA9-A0DA-4D53-913A-507CEBBCD5DF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {115A039F-C62D-4372-B059-C9D5A5A7FABA} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated -> )
Task: {15187A40-58C7-45D9-B5C8-2B84DEFEA750} - System32\Tasks\App Explorer => C:\Users\Phil\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {15E68E3B-5E0D-4A71-BF31-B8D6B46835FE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {163287B2-C1D7-4634-A42B-E71458AF4104} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {1C6FA830-F073-4123-B093-42A85336FF48} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {1E039A2D-DE16-4C29-8381-7A8E985F47BB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {347E67AE-1CD0-408E-9548-C58209D23B14} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {34C4E44E-187B-4691-B919-7AFB319991CA} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe (Acer Incorporated -> Acer Incorporated)
Task: {36A45984-8D98-47BF-A4CA-73E2FFB683E9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {43F9709C-8AB2-4E3F-B1D4-64D544712EEE} - System32\Tasks\PicstreamAgent => C:\Program [Argument = Files (x86)\Acer\AOP Framework\uwplauncher.exe AcerIncorporated.6245439DEEE9E_48frkmn4z8aw4!abPhoto]
Task: {4E11FAF2-F3EA-48C3-8D90-F22FEB9FB988} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {575BD99C-4428-47DA-B102-94A678596DB9} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe (Acer Incorporated -> TODO: <Company name>)
Task: {59026369-52AA-4D10-8823-AAD87D335EEB} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {5D3C382B-F947-4B02-B05A-B274A199148D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5D947284-6B05-40A3-8167-716930CCCACF} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {645C6100-46A4-4A5D-BE85-D54B4EB5D238} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {662F3296-BD25-4285-8EB2-E896834A3D94} - System32\Tasks\AcerCloud => C:\ProgramData\acer\Acer Portal\launchPortal.exe (Acer Incorporated -> )
Task: {67405FF2-09FE-487F-AB0C-6A6DE6BB82AD} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe (Acer Incorporated -> Acer Incorporated)
Task: {72C7C76E-D5DD-49A4-A9F8-2F3A76B8DA9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {73B004F8-5E38-4E69-AAF0-253ADE7CF04A} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {77F92380-8834-42D1-A6BB-106FCA7468CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {912AA5B7-9A6F-4ECB-B21E-66E75170539C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {A00B91EE-C88D-4DD4-AF2E-851A7626EA59} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BA13B0B1-1B8E-4637-8964-6C99EF5343D5} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe (Acer Incorporated -> Acer Incorporated)
Task: {C01CEF7D-A4A8-4C17-82C9-9BADD75581D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D2557AF0-3AA6-40B6-8D11-B4E39D683902} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe (Acer Incorporated -> )
Task: {D9E67261-0CFA-44F3-8603-4E7F0AF59555} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe (Acer Incorporated -> )
Task: {DDD44B2D-FB29-47FE-8374-FE132FB1A88F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E97A55DA-F0F8-482D-86A4-8B8CABFB0DD4} - System32\Tasks\MonitorAcerPortal => C:\ProgramData\acer\Acer Portal\monitorPortal.exe (Acer Incorporated -> )
Task: {EF098B0F-A59E-4E3C-9D7A-775364C92179} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FBA16F88-99FA-45AA-8C7B-198549E11104} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FBD8C69F-AF29-42A9-9A5E-31EEC7173057} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-12-21 20:52 - 2019-02-06 21:51 - 001945600 _____ () [File not signed] C:\Program Files\Gravit GmbH\Gravit Designer\ffmpeg.dll
2018-12-21 20:52 - 2019-02-06 21:51 - 017888768 _____ (Node.js) [File not signed] C:\Program Files\Gravit GmbH\Gravit Designer\node.dll
2018-12-21 20:52 - 2019-02-06 21:51 - 003424256 _____ () [File not signed] C:\Program Files\Gravit GmbH\Gravit Designer\libglesv2.dll
2018-12-21 20:52 - 2019-02-06 21:51 - 000017408 _____ () [File not signed] C:\Program Files\Gravit GmbH\Gravit Designer\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7943 more sites.
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\123simsen.com -> www.123simsen.com
There are 7943 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-19 01:03 - 2019-03-15 08:53 - 000454790 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15610 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{B827B0C2-1C52-4680-9280-AF5F9D7BC6CA}C:\users\phil\appdata\local\sufferfest\app-5.4.2\sufferfest.exe] => (Block) C:\users\phil\appdata\local\sufferfest\app-5.4.2\sufferfest.exe (The Sufferfest Pte Ltd -> The Sufferfest Pte Ltd) [File not signed]
FirewallRules: [TCP Query User{9E58A9BA-AFAF-4377-AE03-DAD7A58555F9}C:\users\phil\appdata\local\sufferfest\app-5.4.2\sufferfest.exe] => (Block) C:\users\phil\appdata\local\sufferfest\app-5.4.2\sufferfest.exe (The Sufferfest Pte Ltd -> The Sufferfest Pte Ltd) [File not signed]
FirewallRules: [UDP Query User{6966709E-C91B-45E9-BC7A-38A9CF0AA163}C:\users\phil\appdata\local\sufferfest\app-5.4.1\sufferfest.exe] => (Block) C:\users\phil\appdata\local\sufferfest\app-5.4.1\sufferfest.exe (The Sufferfest Pte Ltd -> The Sufferfest Pte Ltd) [File not signed]
FirewallRules: [TCP Query User{03E87C9D-97EE-4626-BCB1-BC2FAD333A29}C:\users\phil\appdata\local\sufferfest\app-5.4.1\sufferfest.exe] => (Block) C:\users\phil\appdata\local\sufferfest\app-5.4.1\sufferfest.exe (The Sufferfest Pte Ltd -> The Sufferfest Pte Ltd) [File not signed]
FirewallRules: [{CAD3FF32-9C8E-4F2C-8199-57D57462A5E2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{CB2D5834-9B06-4EA9-A3A1-5FCB5F8022CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5B8BBA33-0C01-4DD7-838B-FF62DB2CA180}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CACDB7AB-75AD-4E41-A4DE-1E34E3906EF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A5082AE0-699E-4AAE-88A6-DE40FFE0DAC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BBC7B5BD-EE97-4597-93B1-C77EDC96C819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D09BDD6B-438C-4330-8C9B-22369F388F55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9BCEFB54-99BB-4593-BF61-075BFB04E7F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BE16DADC-D0B8-4906-9FD5-58A2437F2594}] => (Allow) C:\Users\Phil\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5D704F5A-4863-40FF-913A-1A2C197AEB22}] => (Allow) C:\Users\Phil\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{E4068A69-E5CA-4A6D-9F22-C829FF3C506B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
25-02-2019 21:07:50 Scheduled Checkpoint
02-03-2019 15:58:22 Windows Update
12-03-2019 07:56:37 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/15/2019 07:59:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.7.64.191 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 5490
Start Time: 01d4dadf94521ec9
Termination Time: 24
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Report Id: 2cc656de-d985-4470-b906-a42d1af70d14
Faulting package full name:
Faulting package-relative application ID:
Error: (03/14/2019 05:32:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2019.18114.17710.0, time stamp: 0x5c3f716e
Faulting module name: SharedLibrary.dll, version: 2.2.27011.1, time stamp: 0x5bc013a9
Exception code: 0x00001007
Fault offset: 0x00000000007e368e
Faulting process id: 0x7124
Faulting application start time: 0x01d4d9a35a2ba415
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27011.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
Report Id: 57658766-dda9-44b9-8eb1-6b011cc9271d
Faulting package full name: Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (03/12/2019 08:34:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2019.18114.17710.0, time stamp: 0x5c3f716e
Faulting module name: SharedLibrary.dll, version: 2.2.27011.1, time stamp: 0x5bc013a9
Exception code: 0x00001007
Fault offset: 0x00000000007e368e
Faulting process id: 0x6704
Faulting application start time: 0x01d4d3768efaf740
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27011.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
Report Id: 677c7054-ae84-45d6-8127-589c9ef6dca0
Faulting package full name: Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (02/18/2019 09:43:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17134.165, time stamp: 0x4031a9f8
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000374
Fault offset: 0x00000000000f47fb
Faulting process id: 0x1970
Faulting application start time: 0x01d4b27e0933fa17
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 2b35a9cc-ac76-45b7-80dc-2f46257d88e2
Faulting package full name:
Faulting package-relative application ID:
Error: (01/22/2019 10:15:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Norton Security status to SECURITY_PRODUCT_STATE_EXPIRED.
Error: (01/22/2019 10:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xf98
Faulting application start time: 0x01d4ac3cf8f014fd
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 475c5d8e-0215-47ef-8fe5-f0843b138b51
Faulting package full name:
Faulting package-relative application ID:
Error: (01/17/2019 08:07:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- A later version of Update for Windows 10 for x64-based Systems (KB4023057) is already installed. Setup will now exit.
Error: (01/14/2019 11:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0x1348
Faulting application start time: 0x01d4a044fe5ae781
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 69f4a6b5-e7c7-4d67-8465-4b9e9f92ce18
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (03/16/2019 12:53:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/16/2019 12:51:00 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2019 03:10:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2019 03:09:41 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2019 03:06:12 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2019 04:47:57 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2019 04:43:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2019 04:42:15 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-12-27 16:55:42.565
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B3904CAF-D482-4A5A-9F1A-A004ECADC805}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-12-27 16:37:31.519
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3516D43F-93B4-446C-AE33-28429A9841AE}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-12-27 16:12:32.190
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {57860659-F6DA-4C33-AA21-F08B37C67ABF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-03-13 13:17:15.477
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.289.433.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.9
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-03-13 13:17:15.476
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.289.433.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.9
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-03-13 13:17:15.476
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.289.433.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.9
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-03-13 13:17:15.464
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.289.433.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.9
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-03-13 13:17:15.464
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.289.433.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.9
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 79%
Total physical RAM: 8069.22 MB
Available physical RAM: 1648.53 MB
Total Virtual: 15724.14 MB
Available Virtual: 1853.18 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:237.36 GB) (Free:170.43 GB) NTFS
Drive g: (Google Drive File Stream) (Fixed) (Total:30 GB) (Free:29.75 GB) FAT32
\\?\Volume{4028697c-accc-401e-af9d-0db20c51a9f6}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.44 GB) NTFS
\\?\Volume{4803e8ba-cf76-4ba0-a7e6-fd886eddae3e}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 8565B4B8)
Partition: GPT.
==================== End of Addition.txt ============================
May need to temporarily disable your antivirus to run these tools, please do not forget to turn it back on.
The below needs to be removed from your add/remove programs list located in the control panel.
App Explorer (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Host App Service) (Version: 0.273.2.988 - SweetLabs) <==== ATTENTION
https://support.microsoft.com/en-us/help/4028054/windows-10-repair-or-remove-programs
~~
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001 -> DefaultScope {E27C68B8-CBD9-4671-BCE5-3D4FCDDB0E00} URL =
SearchScopes: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001 -> {E27C68B8-CBD9-4671-BCE5-3D4FCDDB0E00} URL =
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
Task: {15187A40-58C7-45D9-B5C8-2B84DEFEA750} - System32\Tasks\App Explorer => C:\Users\Phil\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
C:\Windows\Temp\*.*
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
~~
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
created by Aura
When finished, please post these 3 logs.
Due to lack of feedback this topic is closed.