Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't find where Amazon Assistant is coming from


  • Please log in to reply
5 replies to this topic

#1 aworrier

aworrier

  • Members
  • 73 posts
  • ONLINE
  •  
  • Local time:05:34 PM

Posted 12 November 2018 - 09:35 PM

As a routine, I ran Adware cleaner today, and as usual it caught nothing but I did notice the amazon assistant for chrome extension. Looking back through my log history, I've deleted this many times but it keeps popping up as soon as the computer is restarted. A while back a uninstalled the Amazon Assistant bloatware that came preloaded on the computer (Acer Predator). Where could the rest of this program be that keeps to install the Amazon Assistant extension into Chrome?



BC AdBot (Login to Remove)

 


#2 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted 13 November 2018 - 02:37 AM

Hi aworrier,

 

 

We need to see some information about what is happening in your machine. Please perform the following scan: 
 

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link
     
  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


#3 aworrier

aworrier
  • Topic Starter

  • Members
  • 73 posts
  • ONLINE
  •  
  • Local time:05:34 PM

Posted 13 November 2018 - 05:05 PM

Thank you, here are the logs:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by tiger (administrator) on LAPTOP-O5PRNDGO (13-11-2018 17:02:54)
Running from C:\Users\tiger\Downloads
Loaded Profiles: tiger &  (Available Profiles: tiger)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\PredatorSense\PSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\PredatorSense\PSAgent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\PredatorSense\PSAdminAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [876032 2017-06-29] (Dolby Laboratories, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170030948\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170030999\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1390173d-46e0-413f-a281-c928fbca42d8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ac141110-6705-4a11-99fa-3411219cb7b4}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-142302071-4274366654-3623427842-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/hpnot13/1
HKU\S-1-5-21-142302071-4274366654-3623427842-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-142302071-4274366654-3623427842-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170031053\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/hpnot13/1
HKU\S-1-5-21-142302071-4274366654-3623427842-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170031053\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-22] (Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-11-02] (Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ozw4yk8w.default
FF DefaultProfile: yf34yda4.default
FF ProfilePath: C:\Users\tiger\AppData\Roaming\Zotero\Zotero\Profiles\ozw4yk8w.default [2018-09-09]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroOpenOfficeIntegration@zotero.org [2018-07-07] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero\extensions\zoteroWinWordIntegration@zotero.org [2018-07-07] [Legacy] [not signed]
FF ProfilePath: C:\Users\tiger\AppData\Roaming\Mozilla\Firefox\Profiles\yf34yda4.default [2018-11-12]
FF Homepage: Mozilla\Firefox\Profiles\yf34yda4.default -> about:home
FF Extension: (English (US) Language Pack) - C:\Users\tiger\AppData\Roaming\Mozilla\Firefox\Profiles\yf34yda4.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2018-10-27]
FF Extension: (Mozilla Partner Defaults) - C:\Users\tiger\AppData\Roaming\Mozilla\Firefox\Profiles\yf34yda4.default\Extensions\partnerdefaults@mozilla.com [2018-03-14] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-10-24] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-10-24] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-10-24] [Legacy]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default [2018-11-13]
CHR Extension: (Slides) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-14]
CHR Extension: (Docs) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-14]
CHR Extension: (Google Drive) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-14]
CHR Extension: (YouTube) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-14]
CHR Extension: (Zotero Connector) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2018-10-26]
CHR Extension: (Sheets) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (AdBlock) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\tiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [347024 2017-06-01] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9667872 2018-10-24] (Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Corporation)
R2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [169576 2017-07-28] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R3 PSSvc; C:\Program Files (x86)\Acer\PredatorSense\PSSvc.exe [716592 2017-08-13] (Acer Incorporated)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-08-11] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-08-11] (Acer Incorporated)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-05-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18232 2016-08-25] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\BASHDefs\20181106.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605584 2017-06-01] (Qualcomm)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153280 2018-10-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20181112.061\IDSvia64.sys [1305072 2018-10-09] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-12] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_2c1963eafb6d29f5\nvlddmkm.sys [17524720 2018-02-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-10] (NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-12] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-04-11] (Realsil Semiconductor Corporation)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-05] (Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.12.0.104\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66144 2016-09-06] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-13 17:02 - 2018-11-13 17:03 - 000024225 _____ C:\Users\tiger\Downloads\FRST.txt
2018-11-13 17:02 - 2018-11-13 17:02 - 000000000 ____D C:\FRST
2018-11-13 17:01 - 2018-11-13 17:01 - 002415616 _____ (Farbar) C:\Users\tiger\Downloads\FRST64.exe
2018-11-13 16:59 - 2018-11-13 16:59 - 000000000 ___HD C:\OneDriveTemp
2018-11-12 21:44 - 2018-11-12 21:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-11-12 21:39 - 2018-11-12 21:39 - 006981240 _____ (ESET spol. s r.o.) C:\Users\tiger\Downloads\esetonlinescanner_enu.exe
2018-11-12 21:39 - 2018-11-12 21:39 - 000000000 ____D C:\Users\tiger\AppData\Local\ESET
2018-11-12 21:18 - 2018-11-12 21:18 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-12 20:55 - 2018-11-12 20:55 - 007592144 _____ (Malwarebytes) C:\Users\tiger\Downloads\AdwCleaner (2).exe
2018-11-12 20:54 - 2018-11-12 20:54 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-12 20:54 - 2018-11-12 20:54 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-12 20:54 - 2018-11-12 20:54 - 000000000 ____D C:\Users\tiger\AppData\Local\mbamtray
2018-11-12 20:54 - 2018-11-12 20:54 - 000000000 ____D C:\Users\tiger\AppData\Local\mbam
2018-11-12 20:54 - 2018-11-12 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-12 20:53 - 2018-11-12 20:53 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\tiger\Downloads\rkill.exe
2018-11-12 20:53 - 2018-11-12 20:53 - 000002592 _____ C:\Users\tiger\Desktop\Rkill.txt
2018-11-12 20:53 - 2018-11-12 20:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-12 20:53 - 2018-11-12 20:53 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-12 20:53 - 2018-10-18 09:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-12 20:52 - 2018-11-12 20:52 - 080891656 _____ (Malwarebytes ) C:\Users\tiger\Downloads\mb3-setup-54035.54035-3.6.1.2711-1.0.482-1.0.7469.exe
2018-11-12 20:51 - 2018-11-12 21:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-11-12 20:51 - 2018-11-12 20:51 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-13 16:59 - 2018-03-14 19:49 - 000000000 ___RD C:\Users\tiger\OneDrive
2018-11-13 16:59 - 2018-03-14 19:47 - 000000000 __SHD C:\Users\tiger\IntelGraphicsProfiles
2018-11-13 16:59 - 2017-10-24 09:47 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-13 01:29 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-13 01:10 - 2018-05-16 01:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-12 22:46 - 2018-03-14 22:45 - 000000000 ____D C:\Users\tiger\AppData\Local\Jagex
2018-11-12 22:46 - 2018-03-14 22:44 - 000000000 ____D C:\ProgramData\Jagex
2018-11-12 22:04 - 2018-05-16 01:10 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-142302071-4274366654-3623427842-1001
2018-11-12 22:04 - 2018-05-16 01:09 - 000002367 _____ C:\Users\tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-12 21:32 - 2018-03-14 22:04 - 000000000 ____D C:\Users\tiger\AppData\LocalLow\Mozilla
2018-11-12 21:24 - 2018-06-09 19:09 - 000000000 ____D C:\Users\tiger\AppData\Local\D3DSCache
2018-11-12 21:24 - 2018-05-16 01:17 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-12 21:24 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-12 21:18 - 2018-05-16 01:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-12 21:18 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-12 21:18 - 2018-03-14 22:23 - 000002330 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-11-12 21:17 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-12 21:17 - 2017-10-24 10:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-12 21:17 - 2017-10-24 10:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-12 21:16 - 2018-03-14 22:51 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-12 20:51 - 2018-04-11 16:04 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2018-11-12 20:51 - 2018-03-17 17:47 - 000000000 ____D C:\Users\tiger\AppData\Local\CrashDumps
2018-11-12 20:51 - 2018-03-14 22:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-11-12 19:01 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-12 19:00 - 2018-03-14 22:05 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-12 19:00 - 2018-03-14 22:05 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-10 21:01 - 2018-03-14 21:16 - 000000000 ____D C:\Users\tiger\AppData\Local\Packages
2018-11-09 01:16 - 2018-05-16 01:09 - 000000000 ____D C:\Users\tiger
2018-11-07 11:42 - 2017-10-24 10:03 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-02 20:16 - 2017-10-24 10:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-01 15:25 - 2017-08-20 22:15 - 000000000 ____D C:\Users\tiger\Desktop\EVMS
2018-10-22 21:46 - 2018-09-17 15:00 - 000000000 ____D C:\Users\tiger\AppData\Local\Package Cache
2018-10-22 21:43 - 2017-10-24 09:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-22 21:42 - 2018-09-17 15:01 - 000000000 ____D C:\Users\tiger\AppData\Local\XLSTAT
2018-10-15 20:55 - 2018-06-21 19:01 - 000000000 ____D C:\ProgramData\Packages
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-16 01:06
 
==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by tiger (13-11-2018 17:03:22)
Running from C:\Users\tiger\Downloads
Windows 10 Home Version 1803 17134.345 (X64) (2018-05-16 06:13:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-142302071-4274366654-3623427842-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-142302071-4274366654-3623427842-503 - Limited - Disabled)
Guest (S-1-5-21-142302071-4274366654-3623427842-501 - Limited - Disabled)
tiger (S-1-5-21-142302071-4274366654-3623427842-1001 - Administrator - Enabled) => C:\Users\tiger
WDAGUtilityAccount (S-1-5-21-142302071-4274366654-3623427842-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{4B92BFBE-917D-4FA1-97E9-DB9D91286E90}) (Version: 3.0.18135.100 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3015 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3004 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.01 - NVIDIA Corporation) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{EF9495BF-843A-4F81-ACC5-40F51748D462}) (Version: 0.8.4.73 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1713.2 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11001.20074 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11001.20074 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-142302071-4274366654-3623427842-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-142302071-4274366654-3623427842-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170031053\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 63.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.1 (x64 en-US)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
NVIDIA 3D Vision Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20074 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20074 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20074 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11001.20074 - Microsoft Corporation) Hidden
PredatorSense (HKLM-x32\...\{5A98D6E3-1EDC-43B9-B4F6-0A2B7F872F22}) (Version: 2.01.3005 - Acer Incorporated)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10434 - Qualcomm)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.312 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8224 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
XLSTAT 2018 (HKLM-x32\...\{1079AF36-79F8-41B7-A519-DFD5816B165E}) (Version: 20.6.53964 - Addinsoft) Hidden
XLSTAT 2018 (HKU\S-1-5-21-142302071-4274366654-3623427842-1001\...\{203d7ee4-b1d2-42b2-82fd-b09de6973a28}) (Version: 20.6.53964 - Addinsoft)
XLSTAT 2018 (HKU\S-1-5-21-142302071-4274366654-3623427842-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170031053\...\{203d7ee4-b1d2-42b2-82fd-b09de6973a28}) (Version: 20.6.53964 - Addinsoft)
XSplit Gamecaster (HKLM-x32\...\{6653CF8C-38BE-4F69-8AB8-77E20E4F841E}) (Version: 2.8.1607.2032 - SplitmediaLabs)
Zotero (HKLM-x32\...\Zotero 5.0.47 (x86 en-US)) (Version: 5.0.47 - Corporation for Digital Scholarship)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxDTCM.dll [2017-08-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05B6218C-F56C-461A-8928-76DCDEA048CD} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {15EBCF0E-7FB6-4CCD-B799-2F14DD0D81AB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {1C43B2C7-F85D-4C16-B691-F03BECE2E3F5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {1EC166EF-B2B3-4BDE-A2D2-BEA42196EC47} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {204991B6-4451-4EF8-B458-C03A10A63734} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {25DEA83E-7D4C-4F17-A0D6-68FA67A02B61} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2017-05-24] ()
Task: {320BF4ED-C5C4-4131-90EF-F9EBCF8339D1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-24] (Intel® Corporation)
Task: {34BA17FA-BF95-4312-900E-E626C85C3ABD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-10-24] (Microsoft Corporation)
Task: {38F2720B-6D7D-44B1-BC43-4E21CF14F923} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-14] (Google Inc.)
Task: {4A16970C-54E8-43C0-A6E1-D891E205FEE2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-11-02] (Microsoft Corporation)
Task: {4C3C0DA5-07C3-4E5A-9A7D-133D93928187} - System32\Tasks\PredatorSense => C:\Program Files (x86)\Acer\PredatorSense\PSLauncher.exe [2017-08-13] (Acer Incorporated)
Task: {4F74CE8C-8EDC-483B-913D-606E564CCE4A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2017-05-24] ()
Task: {5BC8BE60-0AD1-495A-8333-BC88C2E4F04E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {5C697305-98B3-481A-8375-97B470438A19} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2017-05-24] ()
Task: {61F89A5B-1A23-4561-8481-31D491EB6DBF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-02] (Microsoft Corporation)
Task: {634D9C15-8EA7-4F51-91B1-B14D2F7E8B46} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-11-03] (Symantec Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7BDB4878-A18C-446E-8C2C-3F03F5AAC86C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {869588C3-3914-4AEF-BD12-DB933989A60A} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [2017-12-14] ()
Task: {8AD30359-44FB-4F52-93FA-CD28FA73D53D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
Task: {92F3587C-B162-4AB4-BB52-709B46862D78} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-10-24] (Microsoft Corporation)
Task: {96F31414-670E-4DE3-A94C-251BBA9FEACD} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [2018-09-26] (Acer)
Task: {9BCEE8D4-FA2C-4E8D-93F4-6775F996AEC2} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2017-08-11] (Acer Incorporated)
Task: {9D8FC6DC-A7A3-443F-8529-1584DD400732} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-11-02] (Microsoft Corporation)
Task: {9F483A9E-62B3-4F4C-8D0A-5B55E9608C0A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-02] (Microsoft Corporation)
Task: {A5BAA3F1-8B93-43BF-9C7F-08D52A7155F3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-02] (Microsoft Corporation)
Task: {AF9F91B5-EF93-4476-A4A4-ACC1DBA88AAF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-11-02] (Microsoft Corporation)
Task: {B0B185F9-7CD9-41C0-8C02-47F6804F163A} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2017-08-11] (Acer Incorporated)
Task: {B6D6E3C8-F8AA-476E-8F18-718332A5D488} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-10-24] (Microsoft Corporation)
Task: {BE10710B-C368-43AB-91F0-A69C11BD831F} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [2017-12-13] (Acer Incorporated)
Task: {C16984BD-F656-40A9-AF44-876643E62722} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {C3BE8E42-F914-4B7D-9ABC-24448B94C883} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-14] (Google Inc.)
Task: {C6593D32-B692-41C6-B9CA-1F2E8EC482A1} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2017-05-23] (TODO: <Company name>)
Task: {CF3E60E1-6EA4-4CFF-A66C-EB077A250ECA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {D37A7A93-B011-46FA-A939-8CFB35EC3CAC} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {D5E2E706-494B-44AD-93E6-E24370A62479} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-02] (Microsoft Corporation)
Task: {D669327F-A3AA-4EAD-B18D-5724CF218A6E} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {E46D1647-91FF-4E76-BA35-EC295901C193} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2017-08-11] (Acer Incorporated)
Task: {F53B47C4-88CC-4987-B8D6-21937D155B62} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-24 09:55 - 2017-07-28 03:42 - 000423016 ____N () C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelSstPpDll.dll
2018-01-04 23:14 - 2018-01-04 23:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-04 23:13 - 2018-01-04 23:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-24 09:48 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-12 20:53 - 2018-10-18 09:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-09 21:28 - 2018-09-19 22:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-12 19:00 - 2018-11-12 19:01 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-11-12 19:00 - 2018-11-12 19:01 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-03 22:32 - 2018-10-03 22:32 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-12 19:00 - 2018-11-12 19:01 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-12 19:00 - 2018-11-12 19:01 - 010873344 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-11-12 19:00 - 2018-11-12 19:01 - 002834432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\skypert.dll
2018-11-12 19:00 - 2018-11-12 19:01 - 000685568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-06-26 18:27 - 2018-06-26 18:28 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-01-22 02:15 - 2018-01-22 02:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 02:15 - 2018-01-22 02:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-11-12 19:00 - 2018-11-08 17:14 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\libglesv2.dll
2018-11-12 19:00 - 2018-11-08 17:14 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\libegl.dll
2017-12-14 17:10 - 2017-12-14 17:10 - 000479024 _____ () C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
2017-05-24 22:11 - 2017-05-24 22:11 - 004645168 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2018-10-09 15:46 - 2018-10-09 15:46 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-10-19 19:23 - 2018-10-19 19:23 - 008034816 _____ () C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4\AcerCollection.dll
2017-06-06 02:23 - 2017-06-06 02:23 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-10-24 09:48 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-10-24 09:48 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170030948\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170030999\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-142302071-4274366654-3623427842-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tiger\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rajatheroarer.jpg
HKU\S-1-5-21-142302071-4274366654-3623427842-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132018170031053\Control Panel\Desktop\\Wallpaper -> C:\Users\tiger\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rajatheroarer.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{49C5E6E3-7F14-4D1C-8C42-693CE4B29BA5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{600CD391-3791-4EAB-8727-782DB83F0E73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1E552B3-7A8D-4D47-B70F-E05E66BB9C26}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6CCA2321-4926-4FC6-8B7D-DDFA44208FB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA0F3C6B-A5BB-4EB8-8219-DFC4FFD4B96B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D823E221-D1A9-4398-AE44-CF7286153024}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F3D581F7-6C14-45DC-95DB-B088E149C619}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2A24A7F6-8B56-4EFB-8BE7-2453C2B3BFA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A19AEE7F-2918-416E-A54C-F6C40E6A39D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CB7A1B25-2B7F-455A-A4F6-A4049CB2FBCF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{97B0CB05-9ED5-4AFD-95B2-7951368326BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B27AD1A6-0565-411D-80BD-6DD7E556A45D}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{17A3DD01-2AA3-40FD-9958-8EF0E73001EA}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{EF55E677-ACBB-48B4-B767-8D84FDDB6896}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5625D0E5-A5FC-497D-96D4-01F9EF2F708E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E23EB69B-37E4-4089-AD95-340DB2AFE93D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BE570AD-2B85-43C2-8E2C-FCDDA4D9C38D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A9E6C156-F1F2-40CF-A1CE-665161A39136}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2C5EAED3-C105-4D0B-B063-2C636D74F5C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A4B54211-D298-44E4-8A29-2FEC97BE5246}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{112F7996-6291-4105-B5B4-4D3F6AFF6413}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8ADF6766-C0E7-4FF5-9719-DF7F958A327D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6B8DA508-E31B-4E0C-B357-0118BFAAEB23}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A46A8D92-99E5-4F9B-B91E-EA94EA0BE1BA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{75006476-EF0B-479C-9D5F-33D0431744CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A2F53CE3-B900-4FA0-AF20-8CDD6FE4A9D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{CF6BD537-20BA-48E1-89C7-0F3E61B71B3B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{433F1FD9-6C1D-4324-AA57-488A352BA1B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2A7C7653-877A-4852-9C66-0DEF3D456D5C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1BC90CED-6F50-4DE6-A3F2-A5287DAB2445}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{756E9720-534D-4833-8C8E-0E6456771DFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-11-2018 15:25:29 Scheduled Checkpoint
09-11-2018 16:36:50 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2018 08:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 1.16.1804.1012, time stamp: 0x5bc7c851
Faulting module name: CoreUIComponents.dll, version: 10.0.17134.112, time stamp: 0xad174454
Exception code: 0xc0000005
Fault offset: 0x0000000000083d22
Faulting process id: 0x2a44
Faulting application start time: 0x01d478500908ca96
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Report Id: c026deff-81ba-4f86-bdcb-89d60b7a458a
Faulting package full name: Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (11/12/2018 07:00:29 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (11/11/2018 06:36:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1969
 
Error: (11/11/2018 06:36:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1969
 
Error: (11/11/2018 06:36:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/11/2018 04:07:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3969
 
Error: (11/11/2018 04:07:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3969
 
Error: (11/11/2018 04:07:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (11/13/2018 05:02:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2018 04:59:48 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-O5PRNDGO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-O5PRNDGO\tiger SID (S-1-5-21-142302071-4274366654-3623427842-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2018 04:59:35 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-O5PRNDGO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user LAPTOP-O5PRNDGO\tiger SID (S-1-5-21-142302071-4274366654-3623427842-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2018 04:59:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2018 04:59:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2018 04:59:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2018 01:10:26 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-O5PRNDGO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-O5PRNDGO\tiger SID (S-1-5-21-142302071-4274366654-3623427842-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2018 12:44:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-07-24 22:01:56.222
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180724.062\IPSEng64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-23 23:01:43.555
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180723.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-21 18:10:02.452
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180720.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-18 17:37:16.381
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180717.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-17 13:26:27.402
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180716.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-14 15:24:16.565
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180713.062\IPSEng64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-13 15:13:58.015
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180712.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 16:49:11.119
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180711.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 16267.6 MB
Available physical RAM: 10494.29 MB
Total Virtual: 18699.6 MB
Available Virtual: 11818.69 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:237.36 GB) (Free:41.55 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:931.26 GB) NTFS
Drive e: () (Removable) (Total:14.58 GB) (Free:0 GB) FAT32
 
\\?\Volume{9296adb3-f9a3-45d2-a87d-e93fbdafe90f}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS
\\?\Volume{67330ce8-077f-48e2-a51c-61b6ae8a53f5}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 4A3D07E5)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4A3D0783)
 
Partition: GPT.
 
========================================================
Disk: 2 (Protective MBR) (Size: 14.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by aworrier, 13 November 2018 - 05:20 PM.


#4 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted 16 November 2018 - 05:01 AM

Hi,

 

Thank you for providing me with the information.

 

While i'm looking at your issue please go through few notes.

  • I am currently in training and analyzing logs takes time.My reply need to be approved by instructor so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.

  • Please do not seek assistance elsewhere without letting me know.

  • Please do not run any malware removal tools unless directed.

  • Make sure to read my instructions fully before attempting a step.

  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you.If you don't reply after 5 days, it'll be closed.

  • Please understand that I am a volunteer, so I may get busy in real life, and that can further delay my responses.

---

 

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Copy and Paste following script into Notepad and save it as fixlist.txt(in same folder where FRST.exe is located)
CreateRestorePoint:
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

NYA5Cbr.png

  • Click on the Fix button.
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad.
  • Copy/paste the content from fixlog.txt (located in same folder where you ran FRST) in your next reply.


#5 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted Today, 01:57 AM

Do you still need help?



#6 aworrier

aworrier
  • Topic Starter

  • Members
  • 73 posts
  • ONLINE
  •  
  • Local time:05:34 PM

Posted Today, 04:56 PM

Sorry for the delay. Thank you for your help. Here is the fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by tiger (19-11-2018 16:55:59) Run:1
Running from C:\Users\tiger\Downloads
Loaded Profiles: tiger (Available Profiles: tiger)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
*****************
 
Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam => removed successfully
 
==== End of Fixlog 16:56:10 ====





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users