Results 1 to 7 of 7

Thread: install.365-stream.com

  1. #1
    Junior Member
    Join Date
    Mar 2019
    Posts
    3

    Default install.365-stream.com

    Hi Guys,

    I stupidly downloaded install.365-stream.com which is now continually giving me advertisements from within my chrome browser. Through google searches I can see that this is a dangerous malware. I've downloaded the spybot software and carried out the scan but nothing has changed with regards to the browser malware that has got into my laptop. Any help would be appreciated. I searched on the forum for similar issues but didn't find anything.

    Regards

    Phil

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Mar 2019
    Posts
    3

    Default FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2019 01
    Ran by Phil (administrator) on LAPTOP-CR9VHLAG (16-03-2019 12:56:46)
    Running from C:\Users\Phil\Downloads
    Loaded Profiles: Phil (Available Profiles: Phil)
    Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\igfxCUIService.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\IntelCpHDCPSvc.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel(R) Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\IntelCpHeciSvc.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\igfxEM.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
    (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Avanquest Software SAS -> Avanquest Software) C:\Users\Phil\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
    (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.57.1939\GoogleDriveFS.exe
    (Google LLC -> ) C:\Program Files\Google\Drive File Stream\29.1.57.1939\crashpad_handler.exe
    (Zwift, Inc. -> ) C:\Program Files (x86)\Zwift\ZwiftLauncher.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\igfxext.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Phil\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
    (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
    (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Phil\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
    (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
    (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
    (Corel Corporation -> Gravit GmbH) C:\Program Files\Gravit GmbH\Gravit Designer\Gravit Designer.exe
    (Corel Corporation -> Gravit GmbH) C:\Program Files\Gravit GmbH\Gravit Designer\Gravit Designer.exe
    (Corel Corporation -> Gravit GmbH) C:\Program Files\Gravit GmbH\Gravit Designer\Gravit Designer.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\coNatHst.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1893312 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391504 2018-03-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502672 2018-03-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502672 2018-03-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
    HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [1234816 2017-11-02] (Zwift, Inc. -> )
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Run: [Avanquest Message] => C:\Users\Phil\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software SAS -> Avanquest Software)
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe [33291560 2019-02-06] (Google LLC -> Google, Inc.)
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Phil\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Phil\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\RunOnce: [Uninstall 19.002.0107.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phil\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64"
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\RunOnce: [Uninstall 19.002.0107.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phil\AppData\Local\Microsoft\OneDrive\19.002.0107.0008"
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-13] (Google LLC -> Google Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{bb25d207-0732-40ad-bca4-42b1569601ca}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{c4214918-640e-4b2e-ab25-e3c90d0caee3}: [DhcpNameServer] 10.66.184.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
    SearchScopes: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001 -> DefaultScope {E27C68B8-CBD9-4671-BCE5-3D4FCDDB0E00} URL =
    SearchScopes: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001 -> {E27C68B8-CBD9-4671-BCE5-3D4FCDDB0E00} URL =

    FireFox:
    ========
    FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-11-18] [Legacy]
    FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-11-18] [Legacy]
    FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-11-18] [Legacy]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc -> Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc -> Google Inc.)
    FF Plugin HKU\S-1-5-21-2431328955-3914487260-2808363909-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Phil\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-02-06] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

    Chrome:
    =======
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default [2019-03-16]
    CHR Extension: (Slides) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-11]
    CHR Extension: (Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-11]
    CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-11]
    CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-11]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-03-14]
    CHR Extension: (Sheets) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-22]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-03-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
    CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-11]
    CHR Extension: (Chrome Media Router) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-02]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-14] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-25] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-25] (Intel(R) Trust Services -> Intel(R) Corporation)
    R2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [179272 2018-03-19] (Intel(R) Smart Sound Technology -> Intel)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> )
    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-12] (Symantec Corporation -> Symantec Corporation)
    R3 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation -> Symantec Corporation)
    S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-06-06] (Acer Incorporated -> Acer Incorporated)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-06-06] (Acer Incorporated -> Acer Incorporated)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-05-23] (Acer Incorporated -> acer)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
    S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
    S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\BASHDefs\20180627.005\BHDrvx64.sys [1879632 2018-05-09] (Symantec Corporation -> Symantec Corporation)
    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
    R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-05-11] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-05-11] (Symantec Corporation -> Symantec Corporation)
    R1 googledrivefs2622; C:\WINDOWS\System32\DRIVERS\googledrivefs2622.sys [122920 2019-01-09] (Google LLC -> Google, Inc.)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-14] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R3 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\IPSDefs\20180628.061\IDSvia64.sys [1298000 2018-05-24] (Symantec Corporation -> Symantec Corporation)
    R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2015-06-24] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
    R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Microsoft Windows -> Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvac.inf_amd64_39272b911ad4f51f\nvlddmkm.sys [17036560 2018-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-07] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-08-18] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
    R3 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation -> Symantec Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation -> Symantec Corporation)
    S3 SymEvnt; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\SymPlatform\SymEvnt.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-03-16 12:56 - 2019-03-16 12:57 - 000028279 _____ C:\Users\Phil\Downloads\FRST.txt
    2019-03-16 12:55 - 2019-03-16 12:56 - 000000000 ____D C:\FRST
    2019-03-16 12:55 - 2019-03-16 12:55 - 002433536 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe
    2019-03-16 12:52 - 2019-03-16 12:52 - 001792000 _____ (Farbar) C:\Users\Phil\Downloads\FRST.exe
    2019-03-15 08:53 - 2017-03-19 01:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190315-085342.backup
    2019-03-15 07:04 - 2019-03-15 15:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2019-03-15 07:04 - 2019-03-15 07:10 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2019-03-15 07:04 - 2019-03-15 07:04 - 000001468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2019-03-15 07:04 - 2019-03-15 07:04 - 000001456 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2019-03-15 07:04 - 2019-03-15 07:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2019-03-15 07:04 - 2019-03-15 07:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2019-03-15 07:04 - 2019-03-15 07:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2019-03-15 07:04 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
    2019-03-15 06:58 - 2019-03-15 07:01 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\Phil\Downloads\spybotsd-2.7.64.0.exe
    2019-03-14 07:52 - 2019-03-14 07:52 - 000037005 _____ C:\Users\Phil\Downloads\Profit+Margin+Calculator.xlsx
    2019-03-14 05:33 - 2019-03-14 05:33 - 000049415 _____ C:\Users\Phil\Downloads\AndersenEV-financials.xlsx
    2019-03-05 21:19 - 2019-03-05 21:36 - 419430400 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part4.rar
    2019-03-05 21:19 - 2019-03-05 21:36 - 372826668 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part5.rar
    2019-03-05 21:19 - 2019-03-05 21:32 - 419430400 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part3.rar
    2019-03-05 20:57 - 2019-03-05 20:57 - 001185968 _____ (Igor Pavlov) C:\Users\Phil\Downloads\7z1900.exe
    2019-03-05 20:57 - 2019-03-05 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2019-03-05 20:57 - 2019-03-05 20:57 - 000000000 ____D C:\Program Files (x86)\7-Zip
    2019-03-05 20:39 - 2019-03-05 20:54 - 419430400 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part2.rar
    2019-03-05 20:35 - 2019-03-05 20:52 - 419430400 _____ C:\Users\Phil\Downloads\G.V.R.S. A.S.RE.part1.rar
    2019-02-23 20:59 - 2019-02-23 20:59 - 000473971 _____ C:\Users\Phil\Downloads\Makup+Pads+Requirements.pdf
    2019-02-23 20:56 - 2019-02-23 20:56 - 014360711 _____ C:\Users\Phil\Downloads\Quote+about+make-up+pads.pdf
    2019-02-23 20:24 - 2019-02-23 20:24 - 000286327 _____ C:\Users\Phil\Downloads\quotation+sheet+for+remover+pads-+Yiwu+Niki.pdf
    2019-02-18 21:42 - 2019-02-18 21:42 - 000001554 _____ C:\Users\Phil\Downloads\DINR_535_12_02_2019.xls
    2019-02-16 19:56 - 2019-02-16 19:56 - 000002354 _____ C:\Users\Phil\Downloads\c16c63201e57b52fad02ecfcd4dbcc5f (1).pdf

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-03-16 12:56 - 2018-04-12 03:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-03-16 12:55 - 2018-04-12 03:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-03-16 12:53 - 2018-08-18 11:16 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{11E608BC-7369-4500-BEAA-FD3D97F4A7FC}
    2019-03-16 12:53 - 2018-08-18 11:16 - 000003508 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
    2019-03-16 12:50 - 2018-05-11 18:20 - 000000000 ____D C:\Users\Phil\AppData\Local\Host App Service
    2019-03-16 12:50 - 2018-04-12 03:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-03-15 09:58 - 2018-08-18 11:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-03-15 09:38 - 2019-01-22 22:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
    2019-03-14 18:13 - 2018-05-18 16:09 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-03-14 18:03 - 2018-05-18 16:09 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-03-14 14:06 - 2018-12-21 20:56 - 000000000 ____D C:\Users\Phil\AppData\Roaming\GravitDesigner
    2019-03-14 05:03 - 2018-04-12 03:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-03-13 14:45 - 2018-05-11 22:31 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-03-13 14:03 - 2017-11-18 00:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-03-05 21:38 - 2018-08-18 11:16 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2431328955-3914487260-2808363909-1001
    2019-03-05 21:38 - 2018-08-18 11:13 - 000002368 _____ C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-03-05 21:38 - 2018-05-11 18:25 - 000000000 ___RD C:\Users\Phil\OneDrive
    2019-03-02 16:00 - 2018-05-11 18:13 - 000000000 ____D C:\Program Files\rempl
    2019-03-02 15:56 - 2018-05-18 15:55 - 000000000 ____D C:\Road Grand Tours
    2019-02-23 18:46 - 2018-07-29 18:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-08-18 11:12

    ==================== End of FRST.txt ============================

  4. #4
    Junior Member
    Join Date
    Mar 2019
    Posts
    3

    Default Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
    Ran by Phil (16-03-2019 12:57:42)
    Running from C:\Users\Phil\Downloads
    Windows 10 Home Version 1803 17134.523 (X64) (2018-08-18 07:17:06)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2431328955-3914487260-2808363909-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2431328955-3914487260-2808363909-503 - Limited - Disabled)
    Guest (S-1-5-21-2431328955-3914487260-2808363909-501 - Limited - Disabled)
    Phil (S-1-5-21-2431328955-3914487260-2808363909-1001 - Administrator - Enabled) => C:\Users\Phil
    WDAGUtilityAccount (S-1-5-21-2431328955-3914487260-2808363909-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Security (Disabled - Out of date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Disabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
    Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
    Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
    Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3014 - Acer Incorporated)
    Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3004 - Acer Incorporated)
    App Explorer (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Host App Service) (Version: 0.273.2.988 - SweetLabs) <==== ATTENTION
    Avanquest Message (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
    Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
    Egistec Touch Fingerprint Sensor WBF Driver (HKLM-x32\...\{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.3.10 - Egis Technology Inc.) Hidden
    EgisTec Touch Fingerprint Sensor WBF Driver (HKLM-x32\...\InstallShield_{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.3.10 - Egis Technology Inc.)
    Garmin VIRB Edit (HKLM\...\{E392085B-28B2-412F-8F1E-428FF49EDAE5}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin VIRB Edit (HKLM-x32\...\{cc055528-a612-43bb-abc2-46ea35d6306e}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
    Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 29.1.85.2056 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    Gravit Designer 3.5.10 (HKLM\...\73ce129c-e9ab-5027-8f0d-8b378da1411c) (Version: 3.5.10 - Gravit GmbH)
    inPixio Photo Clip 8 (HKLM-x32\...\{65634D2B-B6D1-4B35-B4C9-F3999B8D008B}) (Version: 8.5.0 - InPixio)
    InPixio Photo Focus (HKLM-x32\...\{D7DF4A1C-F5CD-49F6-927E-12E6A8EF4174}) (Version: 3.7 - InPixio)
    InPixio Photo Maximizer 4 (HKLM-x32\...\{AC2A153C-6E2B-486D-B048-55DA6A855B32}) (Version: 4.0.2 - InPixio)
    InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.7.0 - InPixio)
    Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4735 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1724.2 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
    Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
    Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1 - Mozilla)
    Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
    NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
    NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
    NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
    NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
    NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
    osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8224 - Realtek Semiconductor Corp.)
    Road Grand Tours (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Road Grand Tours) (Version: 1.0.0.0 - RoadGrandTours Inc.)
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    The Sufferfest Training System (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\sufferfest) (Version: 5.4.2 - The Sufferfest Pte Ltd)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    Zoom (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\ZoomUMX) (Version: 4.3 - Zoom Video Communications, Inc.)
    Zwift version 1.0.39 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.0.39 - Zwift, LLC)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
    ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
    ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4d5442f36485a5e3\igfxDTCM.dll [2017-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation -> Symantec Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02EDEBD4-0BE0-4511-9074-1D273CB5B934} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe (Symantec Corporation -> Symantec Corporation)
    Task: {0B1080F2-4C47-453F-B03C-9C0708163E2C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {0BB861DD-62D6-4F4E-8EDD-106704CCA3E0} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
    Task: {0F673FA9-A0DA-4D53-913A-507CEBBCD5DF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {115A039F-C62D-4372-B059-C9D5A5A7FABA} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated -> )
    Task: {15187A40-58C7-45D9-B5C8-2B84DEFEA750} - System32\Tasks\App Explorer => C:\Users\Phil\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
    Task: {15E68E3B-5E0D-4A71-BF31-B8D6B46835FE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {163287B2-C1D7-4634-A42B-E71458AF4104} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {1C6FA830-F073-4123-B093-42A85336FF48} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe (Symantec Corporation -> Symantec Corporation)
    Task: {1E039A2D-DE16-4C29-8381-7A8E985F47BB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {347E67AE-1CD0-408E-9548-C58209D23B14} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation)
    Task: {34C4E44E-187B-4691-B919-7AFB319991CA} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe (Acer Incorporated -> Acer Incorporated)
    Task: {36A45984-8D98-47BF-A4CA-73E2FFB683E9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {43F9709C-8AB2-4E3F-B1D4-64D544712EEE} - System32\Tasks\PicstreamAgent => C:\Program [Argument = Files (x86)\Acer\AOP Framework\uwplauncher.exe AcerIncorporated.6245439DEEE9E_48frkmn4z8aw4!abPhoto]
    Task: {4E11FAF2-F3EA-48C3-8D90-F22FEB9FB988} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe (Symantec Corporation -> Symantec Corporation)
    Task: {575BD99C-4428-47DA-B102-94A678596DB9} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe (Acer Incorporated -> TODO: <Company name>)
    Task: {59026369-52AA-4D10-8823-AAD87D335EEB} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
    Task: {5D3C382B-F947-4B02-B05A-B274A199148D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {5D947284-6B05-40A3-8167-716930CCCACF} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe (Symantec Corporation -> Symantec Corporation)
    Task: {645C6100-46A4-4A5D-BE85-D54B4EB5D238} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {662F3296-BD25-4285-8EB2-E896834A3D94} - System32\Tasks\AcerCloud => C:\ProgramData\acer\Acer Portal\launchPortal.exe (Acer Incorporated -> )
    Task: {67405FF2-09FE-487F-AB0C-6A6DE6BB82AD} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe (Acer Incorporated -> Acer Incorporated)
    Task: {72C7C76E-D5DD-49A4-A9F8-2F3A76B8DA9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {73B004F8-5E38-4E69-AAF0-253ADE7CF04A} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
    Task: {77F92380-8834-42D1-A6BB-106FCA7468CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {912AA5B7-9A6F-4ECB-B21E-66E75170539C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
    Task: {A00B91EE-C88D-4DD4-AF2E-851A7626EA59} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {BA13B0B1-1B8E-4637-8964-6C99EF5343D5} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe (Acer Incorporated -> Acer Incorporated)
    Task: {C01CEF7D-A4A8-4C17-82C9-9BADD75581D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {D2557AF0-3AA6-40B6-8D11-B4E39D683902} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe (Acer Incorporated -> )
    Task: {D9E67261-0CFA-44F3-8603-4E7F0AF59555} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe (Acer Incorporated -> )
    Task: {DDD44B2D-FB29-47FE-8374-FE132FB1A88F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {E97A55DA-F0F8-482D-86A4-8B8CABFB0DD4} - System32\Tasks\MonitorAcerPortal => C:\ProgramData\acer\Acer Portal\monitorPortal.exe (Acer Incorporated -> )
    Task: {EF098B0F-A59E-4E3C-9D7A-775364C92179} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {FBA16F88-99FA-45AA-8C7B-198549E11104} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FBD8C69F-AF29-42A9-9A5E-31EEC7173057} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-12-21 20:52 - 2019-02-06 21:51 - 001945600 _____ () [File not signed] C:\Program Files\Gravit GmbH\Gravit Designer\ffmpeg.dll
    2018-12-21 20:52 - 2019-02-06 21:51 - 017888768 _____ (Node.js) [File not signed] C:\Program Files\Gravit GmbH\Gravit Designer\node.dll
    2018-12-21 20:52 - 2019-02-06 21:51 - 003424256 _____ () [File not signed] C:\Program Files\Gravit GmbH\Gravit Designer\libglesv2.dll
    2018-12-21 20:52 - 2019-02-06 21:51 - 000017408 _____ () [File not signed] C:\Program Files\Gravit GmbH\Gravit Designer\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7943 more sites.

    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\123simsen.com -> www.123simsen.com

    There are 7943 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-03-19 01:03 - 2019-03-15 08:53 - 000454790 ____R C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15610 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{B827B0C2-1C52-4680-9280-AF5F9D7BC6CA}C:\users\phil\appdata\local\sufferfest\app-5.4.2\sufferfest.exe] => (Block) C:\users\phil\appdata\local\sufferfest\app-5.4.2\sufferfest.exe (The Sufferfest Pte Ltd -> The Sufferfest Pte Ltd) [File not signed]
    FirewallRules: [TCP Query User{9E58A9BA-AFAF-4377-AE03-DAD7A58555F9}C:\users\phil\appdata\local\sufferfest\app-5.4.2\sufferfest.exe] => (Block) C:\users\phil\appdata\local\sufferfest\app-5.4.2\sufferfest.exe (The Sufferfest Pte Ltd -> The Sufferfest Pte Ltd) [File not signed]
    FirewallRules: [UDP Query User{6966709E-C91B-45E9-BC7A-38A9CF0AA163}C:\users\phil\appdata\local\sufferfest\app-5.4.1\sufferfest.exe] => (Block) C:\users\phil\appdata\local\sufferfest\app-5.4.1\sufferfest.exe (The Sufferfest Pte Ltd -> The Sufferfest Pte Ltd) [File not signed]
    FirewallRules: [TCP Query User{03E87C9D-97EE-4626-BCB1-BC2FAD333A29}C:\users\phil\appdata\local\sufferfest\app-5.4.1\sufferfest.exe] => (Block) C:\users\phil\appdata\local\sufferfest\app-5.4.1\sufferfest.exe (The Sufferfest Pte Ltd -> The Sufferfest Pte Ltd) [File not signed]
    FirewallRules: [{CAD3FF32-9C8E-4F2C-8199-57D57462A5E2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
    FirewallRules: [{CB2D5834-9B06-4EA9-A3A1-5FCB5F8022CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{5B8BBA33-0C01-4DD7-838B-FF62DB2CA180}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{CACDB7AB-75AD-4E41-A4DE-1E34E3906EF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{A5082AE0-699E-4AAE-88A6-DE40FFE0DAC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{BBC7B5BD-EE97-4597-93B1-C77EDC96C819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{D09BDD6B-438C-4330-8C9B-22369F388F55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{9BCEFB54-99BB-4593-BF61-075BFB04E7F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{BE16DADC-D0B8-4906-9FD5-58A2437F2594}] => (Allow) C:\Users\Phil\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{5D704F5A-4863-40FF-913A-1A2C197AEB22}] => (Allow) C:\Users\Phil\AppData\Roaming\Zoom\bin\airhost.exe No File
    FirewallRules: [{E4068A69-E5CA-4A6D-9F22-C829FF3C506B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    25-02-2019 21:07:50 Scheduled Checkpoint
    02-03-2019 15:58:22 Windows Update
    12-03-2019 07:56:37 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/15/2019 07:59:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SDScan.exe version 2.7.64.191 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 5490

    Start Time: 01d4dadf94521ec9

    Termination Time: 24

    Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

    Report Id: 2cc656de-d985-4470-b906-a42d1af70d14

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (03/14/2019 05:32:55 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft.Photos.exe, version: 2019.18114.17710.0, time stamp: 0x5c3f716e
    Faulting module name: SharedLibrary.dll, version: 2.2.27011.1, time stamp: 0x5bc013a9
    Exception code: 0x00001007
    Fault offset: 0x00000000007e368e
    Faulting process id: 0x7124
    Faulting application start time: 0x01d4d9a35a2ba415
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27011.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
    Report Id: 57658766-dda9-44b9-8eb1-6b011cc9271d
    Faulting package full name: Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App

    Error: (03/12/2019 08:34:10 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft.Photos.exe, version: 2019.18114.17710.0, time stamp: 0x5c3f716e
    Faulting module name: SharedLibrary.dll, version: 2.2.27011.1, time stamp: 0x5bc013a9
    Exception code: 0x00001007
    Fault offset: 0x00000000007e368e
    Faulting process id: 0x6704
    Faulting application start time: 0x01d4d3768efaf740
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27011.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
    Report Id: 677c7054-ae84-45d6-8127-589c9ef6dca0
    Faulting package full name: Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App

    Error: (02/18/2019 09:43:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.17134.165, time stamp: 0x4031a9f8
    Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
    Exception code: 0xc0000374
    Fault offset: 0x00000000000f47fb
    Faulting process id: 0x1970
    Faulting application start time: 0x01d4b27e0933fa17
    Faulting application path: C:\WINDOWS\Explorer.EXE
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 2b35a9cc-ac76-45b7-80dc-2f46257d88e2
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/22/2019 10:15:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating Norton Security status to SECURITY_PRODUCT_STATE_EXPIRED.

    Error: (01/22/2019 10:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
    Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
    Exception code: 0xc0000409
    Fault offset: 0x000000000022af80
    Faulting process id: 0xf98
    Faulting application start time: 0x01d4ac3cf8f014fd
    Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    Report Id: 475c5d8e-0215-47ef-8fe5-f0843b138b51
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/17/2019 08:07:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
    Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- A later version of Update for Windows 10 for x64-based Systems (KB4023057) is already installed. Setup will now exit.

    Error: (01/14/2019 11:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
    Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
    Exception code: 0xc0000409
    Fault offset: 0x000000000022af80
    Faulting process id: 0x1348
    Faulting application start time: 0x01d4a044fe5ae781
    Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    Report Id: 69f4a6b5-e7c7-4d67-8465-4b9e9f92ce18
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (03/16/2019 12:53:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/16/2019 12:51:00 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 03:10:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 03:09:41 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 03:06:12 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 04:47:57 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 04:43:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2019 04:42:15 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-CR9VHLAG)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user LAPTOP-CR9VHLAG\Phil SID (S-1-5-21-2431328955-3914487260-2808363909-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-12-27 16:55:42.565
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {B3904CAF-D482-4A5A-9F1A-A004ECADC805}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-12-27 16:37:31.519
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {3516D43F-93B4-446C-AE33-28429A9841AE}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-12-27 16:12:32.190
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {57860659-F6DA-4C33-AA21-F08B37C67ABF}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-03-13 13:17:15.477
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.289.433.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.9
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2019-03-13 13:17:15.476
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.289.433.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.9
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2019-03-13 13:17:15.476
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.289.433.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.9
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2019-03-13 13:17:15.464
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.289.433.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.9
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2019-03-13 13:17:15.464
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.289.433.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15700.9
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
    Percentage of memory in use: 79%
    Total physical RAM: 8069.22 MB
    Available physical RAM: 1648.53 MB
    Total Virtual: 15724.14 MB
    Available Virtual: 1853.18 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:237.36 GB) (Free:170.43 GB) NTFS
    Drive g: (Google Drive File Stream) (Fixed) (Total:30 GB) (Free:29.75 GB) FAT32

    \\?\Volume{4028697c-accc-401e-af9d-0db20c51a9f6}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.44 GB) NTFS
    \\?\Volume{4803e8ba-cf76-4ba0-a7e6-fd886eddae3e}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 8565B4B8)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    May need to temporarily disable your antivirus to run these tools, please do not forget to turn it back on.


    The below needs to be removed from your add/remove programs list located in the control panel.
    App Explorer (HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\...\Host App Service) (Version: 0.273.2.988 - SweetLabs) <==== ATTENTION
    https://support.microsoft.com/en-us/...emove-programs

    ~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    SearchScopes: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001 -> DefaultScope {E27C68B8-CBD9-4671-BCE5-3D4FCDDB0E00} URL =
    SearchScopes: HKU\S-1-5-21-2431328955-3914487260-2808363909-1001 -> {E27C68B8-CBD9-4671-BCE5-3D4FCDDB0E00} URL =
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2431328955-3914487260-2808363909-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    Task: {15187A40-58C7-45D9-B5C8-2B84DEFEA750} - System32\Tasks\App Explorer => C:\Users\Phil\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    ~~
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    created by Aura

    When finished, please post these 3 logs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    bump.....
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Due to lack of feedback this topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •