Tech Support Guy banner
Cancel
Create thread New Forums
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

popups everywhere

Solved
1 reading
Jump to Latest
413 views 23 replies 2 participants last post by  DR M  
V
#1 ·
Hi, my computer has been most likely infected. I opened it to use it and there are pop ups everywhere and I cannot prevent them from showing up. Help
 
V
#2 ·
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 11 Home, 64 bit, Build 26100, Installed 20250706095855.000000-420
Processor: AMD Ryzen 5 7520U with Radeon Graphics, AMD64 Family 23 Model 160 Stepping 0, CPU Count: 8
Total Physical RAM: 16 GB
Graphics Card: AMD Radeon(TM) Graphics, 512 MB
Hard Drives: C: 952 GB (869 GB Free);
Motherboard: MDC Herbag_MDU, ver V1.25, s/n NBKDE110094308FDAD3400
System: Insyde Corp., ver INSYDE - 2, s/n NXKM5AA0074300F4133400
Antivirus: Windows Defender, Enabled and Updated
 
#3 ·
Hello, vladimirkoscal.

Welcome to TSG Forums.
Image


I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. If you are having problems with a business machine, please consult your IT Department or System Administrator. We do not fix business/work computers.

6. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

7. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

P.S. My time zone is UTC +2. If there is a time difference, do not worry, be happy. We will deal.
Image


========================================================

Let's start.

Download Farbar Recovery Scan Tool (64-Bit Version) and save it to your desktop. --> IMPORTANT

👉 If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
👉 If English is not your primary language, right click on FRST64.exe and rename to FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
Note: it's better not to use your computer while using the tools I recommend. The above scan usually takes no longer than 15 minutes.
 
V
#4 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2025
Ran by vladi (administrator) on SVEZNALICA (Acer Aspire A315-24P) (20-09-2025 13:49:49)
Running from C:\Users\vladi\Downloads\FRST64.exe
Loaded Profiles: vladi
Platform: Microsoft Windows 11 Home Version 24H2 26100.6584 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe ->) (Acer Incorporated -> ) C:\Program Files\Acer\User Experience Improvement Program Service\Framework\CamUsage.exe
(C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe ->) (Acer Incorporated -> ) C:\Program Files\Acer\User Experience Improvement Program Service\Framework\MicUsage.exe
(C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\User Experience Improvement Program Service\Plugin\AppMonitor\AppMonitorPlugIn.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\amdow.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.24401.50.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\140.0.3485.66\msedgewebview2.exe <7>
(DriverStore\FileRepository\acerdeviceenablingservicecomponent.inf_amd64_2cdf5cd411dbbf8e\ADESv2Svc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Windows\System32\DriverStore\FileRepository\acerdeviceenablingservicecomponent.inf_amd64_2cdf5cd411dbbf8e\ADESv2BW.exe
(DriverStore\FileRepository\acergaicameracomponent.inf_amd64_3d28e0967b3f8b98\AcerGAICameraService.exe ->) (Acer Incorporated -> Acer Inc.) C:\Windows\System32\DriverStore\FileRepository\acergaicameracomponent.inf_amd64_3d28e0967b3f8b98\AcerGAICameraW.exe
(DriverStore\FileRepository\acerservicecomponent.inf_amd64_dc983e19363ee831\AcerServiceWrapper.exe ->) (ULIC TEK INC. -> Node.js) C:\Windows\System32\DriverStore\FileRepository\acerservicecomponent.inf_amd64_dc983e19363ee831\AcerService.exe
(DriverStore\FileRepository\sysmonitorservice.inf_amd64_58adec8bbcd5aac3\x64\AcerSystemCentralService.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Windows\System32\DriverStore\FileRepository\sysmonitorservice.inf_amd64_58adec8bbcd5aac3\x64\AcerSysHardwareService.exe
(DriverStore\FileRepository\sysmonitorservice.inf_amd64_58adec8bbcd5aac3\x64\AcerSystemCentralService.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Windows\System32\DriverStore\FileRepository\sysmonitorservice.inf_amd64_58adec8bbcd5aac3\x64\AcerSysMonitorService.exe
(DriverStore\FileRepository\u0399259.inf_amd64_91ce8c34032dc40f\B399013\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0399259.inf_amd64_91ce8c34032dc40f\B399013\atieclxx.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <47>
(I3D Technology Inc. -> I3D Technology Inc.) C:\Program Files\AcerCCAgent\ACCUserPS.exe
(I3D Technology Inc. -> I3D Technology Inc.) C:\Program Files\AcerQAAgent\AQAUserPS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.170.0901.0002\OneDrive.Sync.Service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_25227.203.3915.2444_x64__8wekyb3d8bbwe\ms-teams.exe <2>
(services.exe ->) (Acer Incorporated -> Acer Inc.) C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_850eb69cd4259377\AcerPixyService.exe
(services.exe ->) (Acer Incorporated -> Acer Inc.) C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_850eb69cd4259377\ARTAimmxService.exe
(services.exe ->) (Acer Incorporated -> Acer Inc.) C:\Windows\System32\DriverStore\FileRepository\acergaicameracomponent.inf_amd64_3d28e0967b3f8b98\AcerGAICameraService.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_850eb69cd4259377\AAADSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Windows\System32\DriverStore\FileRepository\acerdeviceenablingservicecomponent.inf_amd64_2cdf5cd411dbbf8e\ADESv2Svc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Windows\System32\DriverStore\FileRepository\sysmonitorservice.inf_amd64_58adec8bbcd5aac3\x64\AcerSystemCentralService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0399259.inf_amd64_91ce8c34032dc40f\B399013\atiesrxx.exe
(services.exe ->) (I3D Technology Inc. -> I3D Technology Inc.) C:\Windows\System32\AcerCCAgent.exe
(services.exe ->) (I3D Technology Inc. -> I3D Technology Inc.) C:\Windows\System32\AcerDIAgent.exe
(services.exe ->) (I3D Technology Inc. -> I3D Technology Inc.) C:\Windows\System32\AcerQAAgent.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <3>
(services.exe ->) (ULIC TEK INC. -> ) C:\Windows\System32\DriverStore\FileRepository\ezservicecomponent.inf_amd64_b8ac8921d0de9689\AcerEZService.exe
(services.exe ->) (ULIC TEK INC. -> CloudBees, Inc.) C:\Windows\System32\DriverStore\FileRepository\acerservicecomponent.inf_amd64_dc983e19363ee831\AcerServiceWrapper.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\CrossDeviceResume.exe
(svchost.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppActions.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\vladi\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [138214768 2022-11-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [91881832 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\140.0.3485.81\Installer\setup.exe [7630376 2025-09-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4992896 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4992896 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3100934639-3452577926-706200059-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4992896 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3100934639-3452577926-706200059-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [42449880 2025-09-08] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3100934639-3452577926-706200059-1001\...\Run: [MicrosoftEdgeAutoLaunch_D6A9AB16CB029BC01EF26654504C30D8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4241448 2025-09-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3100934639-3452577926-706200059-1001\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\OneDrive.Sync.Service.exe [978792 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3100934639-3452577926-706200059-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [176128 2025-07-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\140.0.7339.185\Installer\chrmstp.exe [2025-09-19] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4CD7E707-EA29-4FB8-9555-D261A1B0B22C} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [3089768 2023-02-04] (Acer Incorporated -> ) -> C:\Program Files (x86)\Acer\Care Center\-auto
Task: {D816DCD0-115D-45A3-95AE-A7F3B26DB261} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41832 2023-02-04] (Acer Incorporated -> )
Task: {73853E93-8A54-43CB-A9CF-843D3E0C1183} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4956008 2023-02-04] (Acer Incorporated -> )
Task: {F842C2D3-CD1D-4687-A61A-3C1A51321D5C} - System32\Tasks\AcerCMUpdateTask2.9.25180 => C:\Program Files (x86)\Acer\Amundsen\2.9.25180\awc.exe [97480 2025-06-24] (Acer Incorporated -> )
Task: {E702B6D4-3391-4B03-8242-F2595D921D9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1581568 2025-08-25] (Adobe Inc. -> Adobe Inc.)
Task: {DB76929A-336A-4DFE-8416-D8142C01E91A} - System32\Tasks\App Explorer => C:\Users\vladi\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [10519592 2025-08-13] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
Task: {47A704CA-BEC8-4DE9-8EE6-3D2FDC01AD7E} - System32\Tasks\DelayStartCareCenter2 => C:\Program Files\AcerCCAgent\Launcher.exe [157488 2025-05-19] (I3D Technology Inc. -> I3D Technology Inc.)
Task: {DDB9171A-4F95-4B4E-89D8-15F57C666232} - System32\Tasks\DelayStartDeviceInfo2 => C:\Program Files\AcerDIAgent\Launcher.exe AcerDIAgentSvis (No File)
Task: {BFFA5F69-2AB4-42B5-B4B3-23C4895A49A5} - System32\Tasks\DelayStartQuickAccess2 => C:\Program Files\AcerQAAgent\Launcher.exe [157504 2025-05-19] (I3D Technology Inc. -> I3D Technology Inc.)
Task: {C09633BC-1558-4F62-8751-B0FBC954BC23} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7376.0{50824359-A590-4A8C-9AE9-2C956F287ED7} => C:\Program Files (x86)\Google\GoogleUpdater\141.0.7376.0\updater.exe [6855320 2025-08-26] (Google LLC -> Google LLC)
Task: {2C59956F-60B7-4E8B-9D52-56627B8FE85C} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [17009032 2025-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {06CA5EE0-1862-44F3-9760-49BDDA55AF27} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29024664 2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {80F3066E-86F0-4B1E-BCE1-7C88D9274E49} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [70528 2025-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACD418D0-A4D6-48AF-B41C-738E334E2310} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29024664 2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {01CFDEC2-72C4-49D9-A8A3-633EF0ECCDD2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313744 2025-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {949062A5-DD4A-4779-860A-9BCC74859D41} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313744 2025-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9A9F0DD-AC52-4861-814A-D83464E07D9C} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1365272 2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {41031798-80DB-47AD-8385-BA6165B2BEA2} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4640320 2025-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {3A64CE08-A96A-4275-9A9F-90904008D963} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DB844F4F-2C1A-41ED-920C-AF85DEA20A99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {019B15D3-7158-462B-A088-ECE2D41D69BE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DDBE19C-7EDA-4232-B452-C466DC5B587A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {237D9413-8CFD-4B33-90E5-6FCA5DD60EF6} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {0613196B-8DD3-4652-98AA-7D80DBCD2C1F} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\NordVPN\wlanBroker.exe [18224 2021-03-22] (Acer Incorporated -> )
Task: {AA11183F-5DA4-43D2-98B2-440EE2B293F0} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4232552 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {3025CC32-7F57-4FB4-A2BB-1DE8F424A44A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3100934639-3452577926-706200059-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4232552 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {53EB57E8-7972-4F0D-9C29-FA4B9F264DC1} - System32\Tasks\OneDrive Startup Task-S-1-5-21-3100934639-3452577926-706200059-1001 => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\OneDriveLauncher.exe [725888 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {369EC0E4-D827-4C9D-B425-5EC8297AF2E8} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461672 2023-02-04] (Acer Incorporated -> Acer Incorporated)
Task: {84651975-280A-489E-B3A3-7E30603478E1} - System32\Tasks\StorPSCTL => C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe [153640 2021-03-29] (Acer Incorporated -> Microsoft)
Task: {E3D83322-131F-44F2-89BD-BAEEB8CA8863} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [333152 2022-08-03] (Acer Incorporated -> Acer Incorporated)
Task: {F0D853D1-1F18-4BCA-A6DF-F25E28026480} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2218336 2022-08-03] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DelayStartCareCenter2.job => C:\Program Files\AcerCCAgent\Launcher.exe
Task: C:\WINDOWS\Tasks\DelayStartDeviceInfo2.job => C:\Program Files\AcerDIAgent\Launcher.exe
Task: C:\WINDOWS\Tasks\DelayStartQuickAccess2.job => C:\Program Files\AcerQAAgent\Launcher.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b88e769d-53a7-4c54-b8bc-fc114ea45fe5}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\vladi\AppData\Local\Microsoft\Edge\User Data\Default [2025-09-20]
Edge HomePage: Default -> hxxp://google.com/
Edge Extension: (Google Docs Offline) - C:\Users\vladi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-02]
Edge Extension: (Edge relevant text changes) - C:\Users\vladi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-07-03]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-09-08] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\vladi\AppData\Local\Google\Chrome\User Data\Default [2025-09-20]
CHR Notifications: Default -> hxxps://2vwbit.agootictaticol.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Google Docs Offline) - C:\Users\vladi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vladi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-07-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259432 2023-02-04] (Acer Incorporated -> Acer Incorporated)
R2 AcerARTAIMMXDriverService; C:\WINDOWS\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_850eb69cd4259377\AAADSvc.exe [351512 2025-06-17] (Acer Incorporated -> Acer Incorporated)
R2 AcerARTAIMMXService; C:\WINDOWS\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_850eb69cd4259377\ARTAimmxService.exe [272168 2025-06-17] (Acer Incorporated -> Acer Inc.)
R2 AcerCCAgentSvis; C:\WINDOWS\system32\AcerCCAgent.exe [6006088 2025-05-19] (I3D Technology Inc. -> I3D Technology Inc.)
R2 AcerDeviceEnablingServiceV2; C:\WINDOWS\System32\DriverStore\FileRepository\acerdeviceenablingservicecomponent.inf_amd64_2cdf5cd411dbbf8e\ADESv2Svc.exe [667464 2024-10-15] (Acer Incorporated -> Acer Incorporated)
R2 AcerDIAgentSvis; C:\WINDOWS\system32\AcerDIAgent.exe [5692752 2024-10-16] (I3D Technology Inc. -> I3D Technology Inc.)
R2 AcerEZSvc; C:\WINDOWS\System32\DriverStore\FileRepository\ezservicecomponent.inf_amd64_b8ac8921d0de9689\AcerEZService.exe [12939112 2025-05-05] (ULIC TEK INC. -> )
R2 AcerGAICameraService; C:\WINDOWS\System32\DriverStore\FileRepository\acergaicameracomponent.inf_amd64_3d28e0967b3f8b98\AcerGAICameraService.exe [181600 2025-01-07] (Acer Incorporated -> Acer Inc.)
R2 AcerPixyService; C:\WINDOWS\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_850eb69cd4259377\AcerPixyService.exe [548112 2025-06-17] (Acer Incorporated -> Acer Inc.)
R2 AcerQAAgentSvis; C:\WINDOWS\system32\AcerQAAgent.exe [6182744 2025-05-19] (I3D Technology Inc. -> I3D Technology Inc.)
R2 AcerServiceSvc; C:\WINDOWS\System32\DriverStore\FileRepository\acerservicecomponent.inf_amd64_dc983e19363ee831\AcerServiceWrapper.exe [678712 2024-08-20] (ULIC TEK INC. -> CloudBees, Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174584 2025-08-25] (Adobe Inc. -> Adobe Inc.)
R2 ASMSvc; C:\WINDOWS\System32\DriverStore\FileRepository\sysmonitorservice.inf_amd64_58adec8bbcd5aac3\x64\AcerSystemCentralService.exe [327448 2025-05-19] (Acer Incorporated -> Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13287776 2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncHelper.exe [3625344 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [951024 2025-09-19] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe [2009656 2025-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.170.0901.0002\OneDriveUpdaterService.exe [3909480 2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [337760 2022-08-03] (Acer Incorporated -> Acer Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe [4414464 2025-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe [282480 2025-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\DriverStore\FileRepository\acerairplanemodecontroller.inf_amd64_36869d4d52526b5b\AcerAirplaneModeController.sys [36200 2024-06-04] (Acer Incorporated -> Acer Incorporated)
R3 AcerApplicationBaseDriver_Device; C:\WINDOWS\System32\DriverStore\FileRepository\acerapplicationbasedriver.inf_amd64_c0a33dc24fc750f9\AcerApplicationBaseDriver.sys [29128 2024-06-06] (Acer Incorporated -> )
R3 AcerDeviceEnablingServiceComponentService; C:\WINDOWS\System32\DriverStore\FileRepository\acerdeviceenablingservicecomponent.inf_amd64_2cdf5cd411dbbf8e\x64\AcerDeviceEnablingServiceComponent.sys [37704 2024-10-15] (Acer Incorporated -> )
R3 AcerGAICameraComponentService; C:\WINDOWS\System32\DriverStore\FileRepository\acergaicameracomponent.inf_amd64_3d28e0967b3f8b98\AcerGAICameraComponent.sys [37216 2025-01-07] (Acer Incorporated -> )
R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_f8b7b9ff8b9e6bf2\amdacpafd.sys [429984 2022-12-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [35344 2022-09-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0399259.inf_amd64_91ce8c34032dc40f\B399013\amdkmdag.sys [94458400 2024-01-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [222592 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [333216 2025-09-18] (Microsoft Windows -> Microsoft Corporation)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [140704 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 MTKBTFilterx64; C:\WINDOWS\System32\drivers\mtkbtfilterx.sys [503816 2024-06-12] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\WINDOWS\System32\DriverStore\FileRepository\mtkwl6ex.inf_amd64_8f315cad529f1a9f\mtkwl6ex.sys [1710704 2024-06-12] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [51192 2025-07-13] (OpenVPN Inc. -> The OpenVPN Project)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2025-07-06] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20880 2025-09-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [627104 2025-09-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [102816 2025-09-18] (Microsoft Windows -> Microsoft Corporation)
R3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_1f9e32519098c0b6\WSDPrint.sys [57344 2025-07-06] (Microsoft Windows -> Microsoft Corporation)
R3 WSDScan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_a6dc64e436f22951\WSDScan.sys [61440 2025-08-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-09-20 13:49 - 2025-09-20 13:50 - 000031188 _ C:\Users\vladi\Downloads\FRST.txt
2025-09-20 13:48 - 2025-09-20 13:50 - 000000000 ____D C:\FRST
2025-09-20 13:46 - 2025-09-20 13:46 - 002442752 _ (Farbar) C:\Users\vladi\Downloads\FRST64.exe
2025-09-20 09:45 - 2025-09-20 09:45 - 002270936 _ (Cermak Technologies, Inc.) C:\Users\vladi\Downloads\tsginfo (1).exe
2025-09-20 09:44 - 2025-09-20 09:44 - 002270936 _ (Cermak Technologies, Inc.) C:\Users\vladi\Downloads\tsginfo.exe
2025-09-14 21:04 - 2025-09-20 10:05 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-09-13 10:47 - 2025-09-13 10:47 - 000000000 ____D C:\Users\vladi\AppData\LocalLow\Temp
2025-09-10 07:10 - 2025-09-10 07:10 - 001159837 _ C:\Users\vladi\Downloads\PotentialandKineticEnergyCalculationsScienceColorByNumberwithText-1.pdf
2025-09-08 06:55 - 2025-09-08 06:55 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-09-02 21:20 - 2025-09-02 21:20 - 000000000 ____D C:\Users\vladi\AppData\Roaming\Microsoft\Document Building Blocks
2025-09-02 06:05 - 2025-09-02 06:05 - 000000000 ____D C:\Users\vladi\AppData\Roaming\Microsoft\Bibliography
2025-09-01 21:56 - 2025-09-01 21:56 - 000000000 ____D C:\Users\vladi\AppData\Roaming\Microsoft\QuickStyles
2025-08-30 09:37 - 2025-08-30 09:37 - 000077233 _ C:\WINDOWS\SysWOW64\ctac.json
2025-08-30 09:37 - 2025-08-30 09:37 - 000077233 _ C:\WINDOWS\system32\ctac.json
2025-08-30 09:37 - 2025-08-30 09:37 - 000001681 _ C:\WINDOWS\system32\DeviceFeatureDDF.json
2025-08-26 16:37 - 2025-08-26 16:37 - 000000000 ____D C:\Users\vladi\AppData\Roaming\Microsoft\PowerPoint

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-09-20 13:48 - 2024-04-01 00:24 - 000000000 ____D C:\WINDOWS\INF
2025-09-20 13:42 - 2025-07-06 09:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-09-20 13:42 - 2024-04-01 00:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-09-20 07:58 - 2025-07-03 08:30 - 000000000 ____D C:\Users\vladi\AppData\Local\Host App Service
2025-09-20 07:51 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-09-19 19:25 - 2025-07-06 06:36 - 000000000 ____D C:\Users\vladi\AppData\Local\CrashDumps
2025-09-19 19:25 - 2024-07-29 13:41 - 000002442 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-09-19 18:51 - 2024-04-01 00:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-09-19 18:50 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-09-19 05:52 - 2025-07-03 10:09 - 000000000 ____D C:\Users\vladi\AppData\Roaming\Microsoft\Word
2025-09-18 20:17 - 2025-07-03 09:18 - 000000000 ____D C:\Users\vladi\AppData\Local\D3DSCache
2025-09-18 20:08 - 2025-07-03 09:19 - 000000000 ____D C:\Users\vladi\AppData\Local\Packages
2025-09-18 20:08 - 2024-07-29 13:44 - 000000000 ____D C:\ProgramData\Packages
2025-09-18 18:43 - 2025-07-06 09:58 - 000003592 _ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3100934639-3452577926-706200059-1001
2025-09-18 18:43 - 2025-07-06 09:58 - 000003546 _ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-3100934639-3452577926-706200059-1001
2025-09-18 18:43 - 2025-07-06 09:58 - 000003194 _ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-09-18 18:43 - 2025-07-06 06:42 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-09-18 18:43 - 2025-07-03 10:14 - 000002136 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-09-18 18:43 - 2025-07-03 09:49 - 000000000 ___RD C:\Users\vladi\OneDrive - Board of Education of SD 39 (Vancouver)
2025-09-18 18:43 - 2025-07-03 09:21 - 000000000 ___RD C:\Users\vladi\OneDrive
2025-09-18 17:42 - 2025-07-03 09:36 - 000002251 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-09-18 06:51 - 2025-07-06 12:18 - 000007984 _ C:\WINDOWS\system32\Drivers\mtkRunTimeDataWdi.bin
2025-09-17 17:50 - 2024-07-29 13:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-09-16 06:25 - 2024-07-29 13:56 - 000000000 ____D C:\Program Files\Microsoft Office
2025-09-13 10:47 - 2025-07-09 09:14 - 000000000 ____D C:\Users\vladi\AppData\LocalLow\Adobe
2025-09-13 03:54 - 2025-07-06 09:58 - 000003536 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-09-13 03:54 - 2025-07-06 09:58 - 000003410 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-09-12 17:17 - 2025-07-03 09:32 - 000000000 ____D C:\Users\vladi\AppData\Local\VirtualStore
2025-09-10 22:09 - 2025-07-06 09:59 - 000836658 _ C:\WINDOWS\system32\PerfStringBackup.INI
2025-09-10 22:05 - 2025-07-06 09:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-09-10 22:05 - 2025-07-06 09:57 - 000003358 _ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-09-10 22:05 - 2024-07-29 13:55 - 000000000 ____D C:\Program Files\AcerQAAgent
2025-09-10 22:05 - 2024-07-29 13:52 - 000000000 ____D C:\ProgramData\Acer
2025-09-10 22:05 - 2024-07-29 13:40 - 000012288 ___SH C:\DumpStack.log.tmp
2025-09-10 22:04 - 2024-04-01 00:21 - 000786432 _ C:\WINDOWS\system32\config\BBI
2025-09-10 22:03 - 2025-07-06 15:50 - 000002077 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-09-09 19:28 - 2025-07-06 09:55 - 000001623 _ C:\WINDOWS\system32\config\VSMIDK
2025-09-09 19:27 - 2024-04-01 01:08 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-09-09 19:27 - 2024-04-01 00:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-09-09 19:27 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-09-09 19:27 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-09-09 19:27 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-09-09 19:27 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-09-09 19:27 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-09-09 19:27 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-09-09 18:46 - 2025-07-06 09:58 - 003270656 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-09-06 17:39 - 2025-07-06 15:50 - 000004562 _ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-08-30 09:50 - 2025-07-06 09:55 - 000472544 _ C:\WINDOWS\system32\FNTCACHE.DAT
2025-08-30 09:50 - 2024-04-01 00:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-08-30 09:50 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\UUS
2025-08-30 09:50 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-08-30 09:50 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2025-08-30 09:50 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-08-30 09:50 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2025-08-30 09:49 - 2025-07-06 09:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2025-08-30 09:49 - 2024-04-01 01:09 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-08-30 09:49 - 2024-04-01 01:08 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\Provisioning
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-08-30 09:49 - 2024-04-01 00:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-08-30 09:49 - 2024-04-01 00:21 - 000000000 ____D C:\WINDOWS\servicing
2025-08-30 09:47 - 2024-04-01 00:26 - 000282624 _ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2025-08-30 09:47 - 2024-04-01 00:26 - 000235520 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2025
Ran by vladi (20-09-2025 13:52:12)
Running from C:\Users\vladi\Downloads
Microsoft Windows 11 Home Version 24H2 26100.6584 (X64) (2025-07-06 16:58:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3100934639-3452577926-706200059-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3100934639-3452577926-706200059-503 - Limited - Disabled)
Guest (S-1-5-21-3100934639-3452577926-706200059-501 - Limited - Disabled)
vladi (S-1-5-21-3100934639-3452577926-706200059-1001 - Administrator - Enabled) => C:\Users\vladi
WDAGUtilityAccount (S-1-5-21-3100934639-3452577926-706200059-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{22165EE8-F79D-4400-A6FB-8E35391B8BEF}) (Version: 2.9.25180 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
AcerSense Config (HKLM\...\{3A8F56EF-FAF1-489B-9AEF-2208252D24B4}) (Version: 5.0.2005 - ULIC Tek Inc.)
AcerSense Installer (HKLM-x32\...\{7cfb3acc-b76c-46db-b17d-29269d105eeb}) (Version: 5.0.1223 - ULIC Tek Inc.)
AcerSense Prerequisites (HKLM\...\{C03E2274-2F3D-4E6F-B2FD-A3BA3229190F}) (Version: 5.0.1223 - ULIC Tek Inc.) Hidden
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FF00-7760-BC15014EA700}) (Version: 25.001.20693 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601120}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.4.452 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.4.452 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-21-3100934639-3452577926-706200059-1001\...\Host App Service) (Version: 0.273.5.170 - SweetLabs) <==== ATTENTION
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3054 - Acer Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 140.0.7339.185 - Google LLC)
Google Play Games beta (HKLM\...\GooglePlayGames) (Version: 23.5.1015.22 - Google LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.19127.20222 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 140.0.3485.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 140.0.3485.81 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.170.0901.0002 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.19127.20222 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.25.18302 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
NordVPN (HKLM-x32\...\{9EC178B2-ABCD-4833-B541-B535F7F04994}) (Version: 1.0.25068.2 - Acer)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19127.20154 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.30767 - Microsoft Corporation)
User Experience Improvement Program Service (HKLM\...\{323EA05D-046D-449D-9D7C-89243C957CCE}) (Version: 5.00.3018 - Acer Incorporated)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1070 - McAfee, LLC)

Packages:
=========
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 [2025-07-03] (Acer Incorporated)
Acer Purified Voice Console (R) -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPurifiedVoiceConsoleR_2.0.9.0_x64__48frkmn4z8aw4 [2025-07-03] (Acer Incorporated)
AcerSense -> C:\Program Files\WindowsApps\ULICTekInc.AcerSense5.0_5.0.2005.0_x64__nt9dgb7efx6bt [2025-08-18] (ULIC Tek Inc.) [Startup Task]
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets [2025-09-11] ()
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m [2025-07-06] (Advanced Micro Devices Inc.) [Startup Task]
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3054.0_x64__48frkmn4z8aw4 [2025-07-03] (Acer Incorporated)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.34.0_x64__xbfy0k16fey96 [2025-07-06] (Dropbox Inc.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.155.5.0_x64__q4d96b2w5wcc2 [2025-09-20] (Evernote) [Startup Task]
Local Artificial Intelligence Manager -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-09-16] ()
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-07-06] (Microsoft Corp.)
Microsoft.D3DMappingLayers -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2508.1.0_x64__8wekyb3d8bbwe [2025-08-28] (Microsoft Corporation)
Microsoft.HEVCVideoExtensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.4.15.0_x64__8wekyb3d8bbwe [2025-08-16] (Microsoft Corporation)
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-09-16] ()
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-09-16] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.294.0_x64__dt26b99r8h8gj [2025-07-03] (Realtek Semiconductor Corp)
Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.3899848563C1F_1.0.140.0_x64__kx24dqmazqk8j [2025-07-30] (Random Salad Games LLC)
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_6.1.137.0_x64__kx24dqmazqk8j [2025-07-06] (Random Salad Games LLC)
User Experience Improvement Program V5 -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgramV_5.0.3018.0_x64__48frkmn4z8aw4 [2025-07-03] (Acer Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3100934639-3452577926-706200059-1001_Classes\CLSID\{04271989-C4D2-EF74-CDD6-0E8E0C35DB6E} -> [OneDrive - Board of Education of SD 39 (Vancouver)] => C:\Users\vladi\OneDrive - Board of Education of SD 39 (Vancouver) [2025-07-03 09:49]
CustomCLSID: HKU\S-1-5-21-3100934639-3452577926-706200059-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3100934639-3452577926-706200059-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3100934639-3452577926-706200059-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\vladi\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-3100934639-3452577926-706200059-1001_Classes\CLSID\{EABAE40C-B27C-455A-B672-F234DD780948}\InprocServer32 -> C:\Users\vladi\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.25.18302\x64\Microsoft.Teams.MeetingAddin.DLL (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2025-09-08] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.170.0901.0002\FileSyncShell64.dll [2025-09-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2025-09-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3100934639-3452577926-706200059-1001\...\sharepoint.com -> hxxps://vsbworld-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-06 22:24 - 2025-08-09 22:52 - 000000822 _ C:\WINDOWS\system32\drivers\etc\hosts

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.1.1
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: MediaTek Wi-Fi 6 MT7921 Wireless LAN Card -> mtkwl6ex.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys

vms_vsf: Hyper-V Virtual Switch Extension Filter
ms_l1vhlwf: Nested Network Virtualization
vms_vsp: Hyper-V Virtual Switch Extension Protocol

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3100934639-3452577926-706200059-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\themec\img28.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C71FF87B-1DD9-45BD-AC72-1680A8FBFCD6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25163.3503.3756.9083_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{22AF8055-6593-4448-B7EA-7918CBB89ABD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25163.3503.3756.9083_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6EDF8651-AA60-466B-9E79-CFEBF75A0D45}] => (Allow) C:\Program Files\Google\Play Games\current\emulator\crosvm.exe => No File
FirewallRules: [{F33DDDB9-2BF6-4132-A1A1-7C25A27BFDF0}] => (Allow) C:\Program Files\Google\Play Games\current\emulator\crosvm.exe => No File
FirewallRules: [{2A90757B-C9E9-459A-AFFA-76ED4EB9FBC2}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25163.3503.3756.9083_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ACB01DA7-EC3E-4534-AB55-01CCC0F1BD42}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25163.3503.3756.9083_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B9E6D0A-A25A-450D-B7B1-C4A0672A3EC4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FA74C07D-F15A-474A-8650-D7328E84520E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12DA42E5-B2C1-44D9-86DC-7438BD65E16E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67FC4F70-E972-41D0-AF4D-6CD00A903B78}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1FB754E-937F-46B0-BDE8-FFB6F749F13D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BCB507B0-74A9-4221-B0BA-B01A5D65DA18}] => (Allow) C:\Program Files\WindowsApps\ULICTekInc.AcerSense5.0_5.0.2005.0_x64__nt9dgb7efx6bt\app\AcerSense.exe (F5240129-3993-455E-8347-B5A9BDDF4B89 -> ULIC Tek)
FirewallRules: [{137389E2-DF8D-4A1F-8B9D-EA29533FA869}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:952.6 GB) (Free:869.76 GB) (91%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (09/19/2025 07:25:04 PM) (Source: Application Error) (EventID: 1000) (User: SVEZNALICA)
Description: Faulting application name: ACCStd.exe, version: 4.0.3054.0, time stamp: 0x63dca85b
Faulting module name: KERNELBASE.dll, version: 10.0.26100.6584, time stamp: 0x0a9b38fe
Exception code: 0xe0434352
Fault offset: 0x00000000000c66ca
Faulting process id: 0x1ed8
Faulting application start time: 0x1dc22da0ea1881e
Faulting application path: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 644c497d-2ce9-4bf1-b711-79b64d3134b9
Faulting package full name:
Faulting package-relative application ID:

Error: (09/19/2025 07:25:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ACCStd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
at System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
at WiFiDevice.WiFiManager.GenerateDevices()
at Acer.CareCenter.Diagnostic.ADSPlgSimpleCtl.AddDeviceList(DiagnosticPlugin.DeviceManager)
at Acer.CareCenter.Diagnostic.ADSPlgSimpleCtl.InfoUpdate(System.Object, DiagnosticEvent.InformationUpdateEventArgs)
at WiFiDevice.WiFiManager.NetworkChange_NetworkAddressChanged(System.Object, System.EventArgs)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)
at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Error: (09/19/2025 06:51:28 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program dllhost.exe version 10.0.26100.1150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Error: (09/19/2025 12:21:44 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4276. Message ID: [0x2509].

Error: (09/19/2025 06:03:29 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 13068. Message ID: [0x2509].

Error: (09/19/2025 06:03:28 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 10856. Message ID: [0x2509].

Error: (09/19/2025 05:58:00 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 14096. Message ID: [0x2509].

Error: (09/19/2025 05:52:57 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 21712. Message ID: [0x2509].


System errors:
=============
Error: (09/20/2025 12:32:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcerDeviceEnablingServiceV2 service.

Error: (09/20/2025 01:51:44 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (09/19/2025 08:43:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcerPixyService service.

Error: (09/19/2025 08:43:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcerGAICameraService service.

Error: (09/19/2025 08:43:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcerDeviceEnablingServiceV2 service.

Error: (09/19/2025 08:43:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcerARTAIMMXDriverService service.

Error: (09/19/2025 06:50:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80073d02 = The package could not be installed because resources it modifies are currently in use.): 9WZDNCRFJ3P2-MICROSOFT.ZUNEVIDEO.

Error: (09/19/2025 11:36:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2025-09-19 21:01:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2025-09-18 18:28:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2025-09-16 12:48:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2025-09-15 14:13:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2025-09-14 10:37:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

CodeIntegrity:
===============
Date: 2025-08-09 20:33:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\wps\1.31.148.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.25 07/22/2025
Motherboard: MDC Herbag_MDU
Processor: AMD Ryzen 5 7520U with Radeon Graphics
Percentage of memory in use: 51%
Total physical RAM: 15605.25 MB
Available physical RAM: 7522.54 MB
Total Virtual: 16629.25 MB
Available Virtual: 4191.75 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:952.6 GB) (Free:869.76 GB) (Model: WD PC SN740 SDDQNQD-1T00-1014) NTFS

\\?\Volume{9aa065fd-2135-4120-ad2a-e3a2dbaf3a7b}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.38 GB) NTFS
\\?\Volume{27f69cc8-05df-4646-8648-8a2fb1d935c6}\ (ESP) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: C543AFE4)

Partition: GPT.

==================== End of Addition.txt =======================
 
#6 ·
Hello.

It seems that App Explorer by Sweetlabs, which is considered as a Potentially Unwanted Program, causes you issues.

Here are my first comments/instructions. First, please move FRST tool from your Downloads folder on to your Desktop, as instructed.

1. Uninstall App Explorer

Please, uninstall the App Explorer by Sweetlabs.
Restart the computer after the uninstall.


2. WebAdvisor by McAfee

Please uninstall the above. There may be conflicts with some other tools we will use later on.
Restart the computer after the uninstall.


3. FRST fix

Please download the attached fixlist.txt and save it on to your Desktop, without renaming it.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
RECOMMENDATION: Do not use the computer while running the fixlist. Have in mind that at some point there will be a restart of the system, so any unsaved work will be gone.


In your next reply, please post:
  1. If uninstalling App Explorer and the McAfee product ran smoothly
  2. The fixlog.txt
 

Attachments

V
#7 ·
Hello,

Thank you for your instructions and your help. I was able to locate the FRST tool and to move it to the desktop.

Problem arose with removal of the two apps. I can't locate them? Can you send more detailed instructions as I am not sure how to execute the above.

Thank you
 
#8 ·
Go to Settings (windows logo key + letter i) > Apps > Installed apps.

Check if it is located in the list.

If not, search for Host App Service.

Let me know if you have problems to find it again.
 
#10 ·
Great!

May I ask which was the name of the app you uninstalled? App Explorer or Host App Service?

Moving on:

1. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear in the menu at the left (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
  • Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
  • Return to the Dashboard and choose Scan.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click the Scan Now button.
  • Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
  • If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
  • Click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.
Note: Click Skip Basic Repair if you are asked to.


In your next reply, please post:
  1. The Malwarebytes report
  2. The AdwCleaner[S0*].txt
 
V
#11 ·
I uninstalled APP Explorer.
Here are the reports:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/21/2025
Scan Time: 10:13 AM
Log File: 3d4854c0-970e-11f0-96a3-c03532b2f268.json

-Software Information-
Version: 5.4.0.213
Components Version: 141.0.5376
Update Package Version: 1.0.103125
License: Trial

-System Information-
OS: Windows 11 (Build 26100.6584)
CPU: x64
File System: NTFS
User: Sveznalica\vladi

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 180748
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)





# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-21-2025
# Duration: 00:00:10
# OS: Windows 11 (Build 26100.6584)
# Scanned: 32108
# Detected: 26


* [ Services ] *

No malicious services found.

* [ Folders ] *

Adware.pokki C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

* [ Files ] *

Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
PUP.Optional.Booking C:\Users\vladi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Booking.com.lnk

* [ DLL ] *

No malicious DLLs found.

* [ WMI ] *

No malicious WMI found.

* [ Shortcuts ] *

No malicious shortcuts found.

* [ Tasks ] *

No malicious tasks found.

* [ Registry ] *

Adware.pokki HKU\S-1-5-19\Software\Host App Service
Adware.pokki HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki HKU\S-1-5-20\Software\Host App Service
Adware.pokki HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

* [ Chromium (and derivatives) ] *

No malicious Chromium entries found.

* [ Chromium URLs ] *

No malicious Chromium URLs found.

* [ Firefox (and derivatives) ] *

No malicious Firefox entries found.

* [ Firefox URLs ] *

No malicious Firefox URLs found.

* [ Hosts File Entries ] *

No malicious hosts file entries found.

* [ Preinstalled Software ] *

Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D816DCD0-115D-45A3-95AE-A7F3B26DB261}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73853E93-8A54-43CB-A9CF-843D3E0C1183}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D816DCD0-115D-45A3-95AE-A7F3B26DB261}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Preinstalled.AcerJumpstart Folder C:\Program Files (x86)\ACER\ACER JUMPSTART
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3D83322-131F-44F2-89BD-BAEEB8CA8863}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0D853D1-1F18-4BCA-A6DF-F25E28026480}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UEIPINVITATION
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.UserExperienceImprovementProgramService Folder C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
#12 ·
See that AdwCleaner detected instances of App Explorer in your system.

Let's clean.
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • Once the scan completes, AdwCleaner shows you what it found on your computer. Check the boxes next to any items you want to quarantine and disable, then click Next.
  • Now, AdwCleaner will show you any preinstalled software it found on your device. Again, check the boxes next to any items you want to quarantine and disable. If you don't want to remove any preinstalled software, click Cancel and continue.
  • Click Continue, then click Restart now, and you’re done.
  • Once your computer has restarted:
    • Click the Log Files tab.
    • Click Skip Basic Repair to finish the cleaning process
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. Feedback: How is the computer running now? Any improvement?
 
V
#13 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-21-2025
# Duration: 00:00:09
# OS: Windows 11 (Build 26100.6584)
# Scanned: 32107
# Detected: 26


* [ Services ] *

No malicious services found.

* [ Folders ] *

Adware.pokki C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

* [ Files ] *

Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
PUP.Optional.Booking C:\Users\vladi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Booking.com.lnk

* [ DLL ] *

No malicious DLLs found.

* [ WMI ] *

No malicious WMI found.

* [ Shortcuts ] *

No malicious shortcuts found.

* [ Tasks ] *

No malicious tasks found.

* [ Registry ] *

Adware.pokki HKU\S-1-5-19\Software\Host App Service
Adware.pokki HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki HKU\S-1-5-20\Software\Host App Service
Adware.pokki HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

* [ Chromium (and derivatives) ] *

No malicious Chromium entries found.

* [ Chromium URLs ] *

No malicious Chromium URLs found.

* [ Firefox (and derivatives) ] *

No malicious Firefox entries found.

* [ Firefox URLs ] *

No malicious Firefox URLs found.

* [ Hosts File Entries ] *

No malicious hosts file entries found.

* [ Preinstalled Software ] *

Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D816DCD0-115D-45A3-95AE-A7F3B26DB261}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73853E93-8A54-43CB-A9CF-843D3E0C1183}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D816DCD0-115D-45A3-95AE-A7F3B26DB261}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Preinstalled.AcerJumpstart Folder C:\Program Files (x86)\ACER\ACER JUMPSTART
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3D83322-131F-44F2-89BD-BAEEB8CA8863}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0D853D1-1F18-4BCA-A6DF-F25E28026480}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UEIPINVITATION
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.UserExperienceImprovementProgramService Folder C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK


AdwCleaner[S00].txt - [4292 octets] - [21/09/2025 10:15:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


Computer is running smooth and fine. No more popups or problems. Thank you and let me know what to do with programs that I have installed for cleanup.
 
V
#15 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-22-2025
# Duration: 00:00:02
# OS: Windows 11 (Build 26100.6584)
# Cleaned: 18
# Awaiting reboot:1
# Failed: 0


* [ Services ] *

No malicious services cleaned.

* [ Folders ] *

No malicious folders cleaned.

* [ Files ] *

No malicious files cleaned.

* [ DLL ] *

No malicious DLLs cleaned.

* [ WMI ] *

No malicious WMI cleaned.

* [ Shortcuts ] *

No malicious shortcuts cleaned.

* [ Tasks ] *

No malicious tasks cleaned.

* [ Registry ] *

No malicious registry entries cleaned.

* [ Chromium (and derivatives) ] *

No malicious Chromium entries cleaned.

* [ Chromium URLs ] *

No malicious Chromium URLs cleaned.

* [ Firefox (and derivatives) ] *

No malicious Firefox entries cleaned.

* [ Firefox URLs ] *

No malicious Firefox URLs cleaned.

* [ Hosts File Entries ] *

No malicious hosts file entries cleaned.

* [ Preinstalled Software ] *

Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D816DCD0-115D-45A3-95AE-A7F3B26DB261}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73853E93-8A54-43CB-A9CF-843D3E0C1183}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D816DCD0-115D-45A3-95AE-A7F3B26DB261}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Deleted Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Deleted Preinstalled.AcerJumpstart Folder C:\Program Files (x86)\ACER\ACER JUMPSTART
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3D83322-131F-44F2-89BD-BAEEB8CA8863}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0D853D1-1F18-4BCA-A6DF-F25E28026480}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Deleted Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Deleted Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UEIPINVITATION
Deleted Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Deleted Preinstalled.UserExperienceImprovementProgramService Folder C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK
Needs Reboot Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER


*

[+] Delete Tracing Keys
[+] Reset Winsock

*

* Reboot Required to Complete *


* [ Folders ] *

Cleaning failed C:\Program Files (x86)\ACER\CARE CENTER

*

AdwCleaner[S00].txt - [4292 octets] - [21/09/2025 10:15:53]
AdwCleaner[S01].txt - [4353 octets] - [21/09/2025 15:21:52]
AdwCleaner[C01].txt - [2235 octets] - [21/09/2025 15:22:45]
AdwCleaner[S02].txt - [3763 octets] - [22/09/2025 17:23:23]
AdwCleaner[S03].txt - [1666 octets] - [22/09/2025 17:24:24]
AdwCleaner[S04].txt - [3885 octets] - [22/09/2025 17:25:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########
 
#16 ·
That was a massive cleaning! (y)

Let's now check fresh FRST logs. Run the tool, as you did before, and attach for me the 2 logs (Addition and FRST).

Let me also know if there are any additional issues/questions/concerns.
 
#18 ·
A last fix for you, to remove some remnants and do some maintenance:

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Download the attached fixlist and save it on to your Desktop, without renaming it.
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
RECOMMENDATION: Do not use the computer while running the fixlist. Have in mind that at some point there will be a restart of the system, so any unsaved work will be gone.
 
#22 ·
Everything looks great!

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.
 
V
#23 ·
# Run at 2025-09-25 8:56:07 PM
# KpRm (Kernel-panik) version 2.20.0
# Website https://kernel-panik.me/tool/kprm/
# Run by vladi from C:\Users\vladi\OneDrive\Desktop
# Computer Name: SVEZNALICA
# OS: Windows 11 X64 (26100) (10.0.26100.6584)
# Number of passes: 1

- Checked options -

~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point

- Delete Tools -


## AdwCleaner
[OK] C:\Users\vladi\OneDrive\Desktop\AdwCleaner.exe deleted

## FRST
[OK] C:\Users\vladi\OneDrive\Desktop\Addition.txt deleted
[OK] C:\Users\vladi\OneDrive\Desktop\Fixlog.txt deleted
[OK] C:\Users\vladi\OneDrive\Desktop\FRST.txt deleted
[OK] C:\Users\vladi\OneDrive\Desktop\FRST64.exe deleted
[OK] C:\Users\vladi\Downloads\Addition.txt deleted
[OK] C:\Users\vladi\Downloads\fixlist (1).txt deleted
[OK] C:\Users\vladi\Downloads\fixlist (2).txt deleted
[OK] C:\Users\vladi\Downloads\fixlist (3).txt deleted
[OK] C:\Users\vladi\Downloads\fixlist (4).txt deleted
[OK] C:\Users\vladi\Downloads\Fixlog.txt deleted
[OK] C:\Users\vladi\Downloads\FRST.txt deleted

## Malwarebytes (log)
[OK] C:\Users\vladi\OneDrive\Desktop\Malwarebytes Scan Report 2025-09-21 171306.txt deleted

- Other Lines -


## Quarantines keeped
~ C:\AdwCleaner (AdwCleaner)
~ C:\FRST (FRST)

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Restore Point Created by FRST created at 09/21/2025 16:07:42 deleted
~ [OK] RP named AdwCleaner_BeforeCleaning_22/09/2025_17:25:14 created at 09/23/2025 00:25:15 deleted
~ [OK] RP named Restore Point Created by FRST created at 09/24/2025 00:30:26 deleted
~ [OK] RP named Restore Point Created by FRST created at 09/24/2025 13:49:30 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 09/26/2025 03:56:16

-- KPRM finished in 22.89s --
 
#24 ·
Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated too.

4. Be careful about what you download and what you open!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like BitTorrent, Vuze, Kazaa, BearShare, Imesh, Warez and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!
5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.
Image



I'm glad I was able to help you.
 
Tech Support Guy
posts
9.9M
members
873K
Since
1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking