HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Task: {64125247-62B7-46F5-A6C6-8E9F061F5F4B} - System32\Tasks\Norton Product Installer => C:\ProgramData\NortonInstaller\NSSInstallStub.exe [1843440 2019-03-27] (Symantec Corporation -> Symantec Corporation)
Task: {76B90AEF-D6E5-435D-B862-0462A1477038} - System32\Tasks\Norton Product InstallerIdle => C:\ProgramData\NortonInstaller\NSSInstallStub.exe [1843440 2019-03-27] (Symantec Corporation -> Symantec Corporation)
Task: C:\Windows\Tasks\Norton Product Installer.job => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
HKU\S-1-5-21-752817650-2183412088-3519692294-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com?prt=ns&chn=1000880&geo=us&ver=22.9.1.12&locale=en_us&guid=99bdb360-45bd-11de-bea5-00248c7dd45b&doi=2016-03-14&o=APN11915
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-752817650-2183412088-3519692294-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.15.2.22&locale=en_US&guid=99bdb360-45bd-11de-bea5-00248c7dd45b&doi=2016-09-01&gct=kwd&qsrc=2869
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2018-10-06]
CHR Extension: (Norton Safe Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-11-05]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-11-26]
CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-14]
S3 msiserver; %systemroot%\system32\msiexec /V [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20170430.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20170430.001\NAVEX15.SYS [X]
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
CMD: sc delete i8042prt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: