PDA

View Full Version : Spybot located virus Gen:Variant.Jaik.16274.



AlexaSD
2019-12-31, 03:48
After I have spybot delete the file I rescanned and it was back. This is the location: C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220\Assets\RadarHost

Here is FRST: 13210

The "Addition.txt file was 1kb too large for the attachements manager so I copied and pasted it below.
Got error from aswmbr virtualization technology question after clicking yes and computer was restarted twice, so I then clicked no.
Then got error and computer restart after clicking scan twice, Stop code: DRIVER_IRQL_NOT_LESS_OR_EQUAL aswMBR.sys, so I have no log file to post for that program.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Alexa (30-12-2019 20:21:16)
Running from C:\Users\Alexa\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-07-27 23:16:41)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3759400987-4214920439-3437108526-500 - Administrator - Disabled)
Alexa (S-1-5-21-3759400987-4214920439-3437108526-1003 - Administrator - Enabled) => C:\Users\Alexa
Brandon (S-1-5-21-3759400987-4214920439-3437108526-1004 - Administrator - Enabled) => C:\Users\Brandon
DefaultAccount (S-1-5-21-3759400987-4214920439-3437108526-503 - Limited - Disabled)
Guest (S-1-5-21-3759400987-4214920439-3437108526-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3759400987-4214920439-3437108526-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Documentation Manager (HKLM\...\{3EF18AD4-8F08-42FE-B2A4-F2DDB1DFB5D0}) (Version: 21.50.1.1 - Intel Corporation) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{3EAAD5EA-1D87-442D-8426-FD4FCE62119D}) (Version: 19.12.50.5 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{AE956AB9-CD98-4F1E-8B9E-C3C66E290D64}) (Version: 3.4.2072 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000050-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.50.0.1 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{8d174f37-ea1a-4e4d-be82-c10521a3c687}) (Version: 19.12.50.5 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6aa2484c-1a35-428e-a857-8ee0a874d2d1}) (Version: 20.110.0 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{2DF17C75-9627-4213-8612-17955E92F782}) (Version: 1.6.101.32869 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{e2b4037f-6ffc-4200-8b24-fdc8512f0dc9}) (Version: 21.50.1.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
LibreOffice 5.4.2.2 (HKLM\...\{71F5B603-BA9F-41E1-BC94-9839DFE5A83E}) (Version: 5.4.2.2 - The Document Foundation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.1.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.1.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 441.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8010 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-18] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-15] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.5.1.3_x86__h6adky7gbf63m [2019-12-18] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.105.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-11-20] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-09-14 12:51 - 2016-09-14 12:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2016-09-14 12:51 - 2016-09-14 12:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7943 more sites.

IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\123simsen.com -> www.123simsen.com

There are 7946 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2019-09-10 19:47 - 000455006 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15616 more lines.

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
Wi-Fi: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F859A27E-5B42-43FC-8254-B74485E98E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 2 BIOHAZARD RE2\re2.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{FF41A1A5-7710-4190-AA62-BA4392ABFE48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 2 BIOHAZARD RE2\re2.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{A9141E70-0AF7-4B28-98E9-DF012F0D761E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{DDE52180-00FF-4DCF-A584-9C3C9D3FB55A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{01E02995-A6DD-45DB-BC09-77F733EAE0DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{4FC02FE4-A1F1-47A0-B7B4-21080EAFBEF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{3388E838-C71D-4F18-A095-93C890CE0F0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)
FirewallRules: [{C523494F-F21E-462E-BC6E-6C8409BDAD11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)
FirewallRules: [{0A6123E5-01ED-4897-8B5A-C0041D3F57D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed]
FirewallRules: [{8DD6DFDB-827F-42A9-9B43-1EA738E7E6AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed]
FirewallRules: [{C74A7378-3DCF-448D-B642-C51621E69B52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grimoire_Heralds_of_the_Winged_Exemplar\Grimoire.exe () [File not signed]
FirewallRules: [{E9870213-CED6-4AB0-887F-0FF094CD2A02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grimoire_Heralds_of_the_Winged_Exemplar\Grimoire.exe () [File not signed]
FirewallRules: [{C097F00F-B588-48E9-9330-B2B2121FDC93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
FirewallRules: [{80CB594D-067F-480D-BA4C-D4AB7EC00FB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
FirewallRules: [{46E78626-78AD-48C3-A4A3-4B92944CBC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe No File
FirewallRules: [{C0AEE527-2C6A-441E-9F71-D545ED7457F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe No File
FirewallRules: [{ACAFA4F6-E7CF-4C0E-9C9D-659DFC665859}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe No File
FirewallRules: [{FFEB8FA8-CA7F-4DC4-964C-EECC7A62EF5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe No File
FirewallRules: [{47986002-6662-4BAA-B5F7-A805F25B1351}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{A786B2A0-040C-4788-A316-59D2278B2EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{95A24584-F7AB-4C47-B96F-ECEA35A7D835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed]
FirewallRules: [{1F27FB1F-4CBF-458F-82B2-215C574ADAA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed]
FirewallRules: [UDP Query User{D81C456C-B69A-4484-AB02-A50A63D42CC0}C:\program files (x86)\steam\steamapps\common\phantomdoctrine\iwtb\binaries\win64\iwtb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\phantomdoctrine\iwtb\binaries\win64\iwtb-win64-shipping.exe (CreativeForge Games) [File not signed]
FirewallRules: [TCP Query User{038FBC86-6F78-4DEF-992C-6B036E1A0376}C:\program files (x86)\steam\steamapps\common\phantomdoctrine\iwtb\binaries\win64\iwtb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\phantomdoctrine\iwtb\binaries\win64\iwtb-win64-shipping.exe (CreativeForge Games) [File not signed]
FirewallRules: [{C728DA6B-5DFD-4A56-B85D-4DE76AF4BF49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PhantomDoctrine\IWTB.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{07ADB0EB-F66F-42C9-8092-3BD2A9BFE3D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PhantomDoctrine\IWTB.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F4D42DF3-298D-4C8B-A566-B9F52FBC2530}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
FirewallRules: [{9A04BE8F-116E-4EF2-BF71-6F80685C756D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
FirewallRules: [{271F50AD-7613-4A78-9709-AFC7C836A593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DRAGON QUEST XI\Game\Binaries\Win64\OverwriteSettings.exe () [File not signed]
FirewallRules: [{CCEDBCDE-FFB4-4A52-B68F-1ABDAB0D4D57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DRAGON QUEST XI\Game\Binaries\Win64\OverwriteSettings.exe () [File not signed]
FirewallRules: [{32BE9CB5-00CF-4D93-BBE3-5F6D52BD5A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DRAGON QUEST XI\Game\Binaries\Win64\DRAGON QUEST XI.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{3F6A357F-9435-4502-84DE-964EA2BBE097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DRAGON QUEST XI\Game\Binaries\Win64\DRAGON QUEST XI.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{05B9E27F-6186-4E43-BD79-9CB35CAD56F6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{F1B26A92-14FD-40EC-8561-14E67FE1240F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{93035125-2B34-4F3B-8763-AC1CFB4E192A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{F1BB5D98-3838-4636-828B-4CD92D60C560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{56B7DE1B-0D1F-4690-B3A7-5386A5FE1BC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{B80DD964-B9D4-4D3F-A274-1B4566840388}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe () [File not signed]
FirewallRules: [{FA18EEEF-9351-4A6C-B5F1-3FD5124745F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe () [File not signed]
FirewallRules: [{827015EA-7DD6-49C0-A294-D29BB77DC87A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HELLGATE_London\Hellgate.exe (Hanbitsoft, inc.) [File not signed]
FirewallRules: [{B989D61D-EB73-4BFD-A281-34D9472B884B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HELLGATE_London\Hellgate.exe (Hanbitsoft, inc.) [File not signed]
FirewallRules: [{064BED59-F339-4D84-9426-33D54F134959}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crest\Crest.exe No File
FirewallRules: [{315EE0EF-AE07-4702-8ECF-85FA4BED2745}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crest\Crest.exe No File
FirewallRules: [{56F5E796-E82D-4C15-814F-E2FBFB66D833}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Balrum\Balrum.exe () [File not signed]
FirewallRules: [{10950EF1-8DDB-4C47-82A0-7C936CF0BF99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Balrum\Balrum.exe () [File not signed]
FirewallRules: [{6990B182-93B0-4745-803F-73DBCC8D4EA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Hour One Life\steamGateClient.exe () [File not signed]
FirewallRules: [{DFBF751A-9A96-4D0E-9ACB-E1795E68B5FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Hour One Life\steamGateClient.exe () [File not signed]
FirewallRules: [{361CDD12-1BAE-42A3-8E0D-A7A71E212BEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6_Launcher.exe () [File not signed]
FirewallRules: [{01900879-4934-43B0-B36B-FDCA9685C412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6_Launcher.exe () [File not signed]
FirewallRules: [{CE0606F3-0918-429D-8952-29119D0AE3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6.exe () [File not signed]
FirewallRules: [{B6AB938B-49D9-46C1-9EEC-1B1401287B8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6.exe () [File not signed]
FirewallRules: [{8E2A35E0-D0A9-4AD8-8CA5-4A81DF3A1547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe (SilverSecond) [File not signed]
FirewallRules: [{6FBF6DA6-1A4F-471E-803C-98C107428EF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe (SilverSecond) [File not signed]
FirewallRules: [{7F4B49FF-BE18-476F-97F8-C6F5DB4D0CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCatLady\TheCatLady.exe ( ) [File not signed]
FirewallRules: [{9BF17E51-DDAC-46B4-BFA4-9672B260D739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCatLady\TheCatLady.exe ( ) [File not signed]
FirewallRules: [UDP Query User{CD0C1701-EA95-4851-9121-DD901725020E}C:\users\alexa\desktop\downloader_diablo2_enus.exe] => (Allow) C:\users\alexa\desktop\downloader_diablo2_enus.exe No File
FirewallRules: [TCP Query User{B24442E6-05C9-4FD5-B23B-0450AF847AA8}C:\users\alexa\desktop\downloader_diablo2_enus.exe] => (Allow) C:\users\alexa\desktop\downloader_diablo2_enus.exe No File
FirewallRules: [UDP Query User{B09E8273-263C-4FE4-AF5A-AE519D3627DC}C:\users\alexa\desktop\msiproductreghelper.exe] => (Allow) C:\users\alexa\desktop\msiproductreghelper.exe No File
FirewallRules: [TCP Query User{048CF24A-CBF5-432C-854E-B4C186F9AD57}C:\users\alexa\desktop\msiproductreghelper.exe] => (Allow) C:\users\alexa\desktop\msiproductreghelper.exe No File
FirewallRules: [{C4B573F1-8002-44F4-A4C2-02E73F47A7A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{64178229-6A07-4498-A77B-223A428A3918}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{B51DFDAF-E31A-449B-9DED-A6870BCBD816}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OneShot\steamshim.exe () [File not signed]
FirewallRules: [{CE43EBF5-C42C-4145-BEF4-BCD3A958B377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OneShot\steamshim.exe () [File not signed]
FirewallRules: [{8D981B4F-A1EC-4EF4-8005-CDDCAD7DF33F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Echo of the Wilds\Echo of the Wilds.exe ( ) [File not signed]
FirewallRules: [{E3AE976D-0BC6-42AF-A8F9-F63A1D1A707C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Echo of the Wilds\Echo of the Wilds.exe ( ) [File not signed]
FirewallRules: [{A6A23493-5F76-49DC-9596-F9E7FA567B99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect64.exe () [File not signed]
FirewallRules: [{1C12618B-2826-499A-9AC4-95409C5C71F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect64.exe () [File not signed]
FirewallRules: [{0B218D72-20AF-47FC-88C6-907444C8D728}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
FirewallRules: [{9272163B-B608-44AF-A5F6-414609A404C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
FirewallRules: [{5F943F94-8139-4A65-8917-C1C3D7975B26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{0D304D49-D526-495B-94FB-8E1D7ECE6578}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{FDB35216-4BA6-4B39-9FA3-1664D539D7C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{12CE2698-34D3-494F-9281-A5A27C25E4CB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2BFC3141-04B3-466F-B492-4C8CBB4DE244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [{AFF77D57-FCCD-482C-94C2-556DCEC4F938}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [{9E9C448B-E1BF-4B5D-BB05-13E17B3C6C14}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{03521296-B129-477C-AA1E-88D09D2917F2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A3D72F14-0129-45A6-80F6-17A34776A717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\kenshi_x64.exe () [File not signed]
FirewallRules: [{C9A0D68D-AB83-4547-B821-8DC8E13EFF0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\kenshi_x64.exe () [File not signed]
FirewallRules: [{D92923B0-6A58-4405-808D-3530E7E009F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\forgotten construction set.exe (LoFi Games) [File not signed]
FirewallRules: [{732790E0-D2D1-4091-B64B-0DBBE41FEB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\forgotten construction set.exe (LoFi Games) [File not signed]
FirewallRules: [{64259F30-2432-4F09-8D69-000E89BA4EC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Founders Fortune\Founders Fortune.exe () [File not signed]
FirewallRules: [{A2173B30-B427-4BD3-9663-019C452D5BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Founders Fortune\Founders Fortune.exe () [File not signed]
FirewallRules: [{3FE67233-F1ED-4F72-8764-7D3797097C41}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B4FAF54E-7D16-42E8-99EA-AF810ED96ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wayward\wayward.exe (Unlok) [File not signed]
FirewallRules: [{E6CA50D5-02AA-4CDA-B25A-8B1DA680BB5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wayward\wayward.exe (Unlok) [File not signed]
FirewallRules: [{1DDC6C08-6567-447E-8459-8C703F0054AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{31BF8E66-B1F9-4C4E-BD48-23E0800C0EDE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3AB9654C-763E-4D67-8A8F-9F9F82770D0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe No File
FirewallRules: [{BD7C84ED-07BA-4A96-9F41-146ABE6AB48A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe No File
FirewallRules: [{C2571D72-3378-472E-994B-B341AA32F43E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe No File
FirewallRules: [{F5B1E028-4807-42DA-A793-5C066C7F3A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe No File
FirewallRules: [{21665B92-FA55-4FB0-9FDF-7865BDF3E2DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{58D7C3B4-8E53-43AC-95CB-9852FC0C2FA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{EFC842D1-D32C-4752-A14E-7669036F74CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{DD5E13F5-7554-4C44-AFC2-20CEDAC90B9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{B92A0525-3AF8-4CAC-9983-B8CC482AAF66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{AA6784A1-158A-433D-8CF5-0D867BA64CAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{FBA37510-7C75-4456-A5E3-1235E08DC51A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C8CF39E5-55AE-4BE9-AD81-069647957ADD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{CD0F2B92-B549-4A9D-B75D-4CA9FEB53AF7}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [UDP Query User{48E3ED49-6E07-45BF-8581-F516F6EACE31}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [{8E1679EE-A758-4D83-B461-FC19F9F62DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero-U Rogue to Redemption\Hero-U.exe () [File not signed]
FirewallRules: [{9F909402-A1B9-4C04-A823-F0A105FBC626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero-U Rogue to Redemption\Hero-U.exe () [File not signed]
FirewallRules: [TCP Query User{8053B81D-D9D8-4BFC-9F44-2E1DD1DB5635}C:\program files (x86)\steam\steamapps\common\avorion\bin\avorionserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\avorion\bin\avorionserver.exe () [File not signed]
FirewallRules: [UDP Query User{CF708CFD-D91D-46A4-AAAF-612F5C19B683}C:\program files (x86)\steam\steamapps\common\avorion\bin\avorionserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\avorion\bin\avorionserver.exe () [File not signed]
FirewallRules: [{8AAE54E0-6E57-45F0-9217-B3E2607A071B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F3792AE3-0329-4630-81E2-D73EB4991EE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{99DDF2A7-CE57-4B76-AF96-711250FFE813}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05349130-B373-426C-84E9-A812EF46BE61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CBA36077-F6D5-4D21-AAFC-A6BA1BE48051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disco Elysium\disco.exe () [File not signed]
FirewallRules: [{D5D44493-8ED2-4FAE-9850-F9A81E6BFEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disco Elysium\disco.exe () [File not signed]
FirewallRules: [{88DD5521-DF62-4A79-8275-724A74ADD0D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation Empire\AutomationEmpire.exe () [File not signed]
FirewallRules: [{AC9BE2C4-B31A-405D-8ABC-7D16179138CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation Empire\AutomationEmpire.exe () [File not signed]
FirewallRules: [{B8A843B9-0277-4CF1-8722-4D5D5521F293}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TPH\TPH.exe () [File not signed]
FirewallRules: [{6CD17394-96CC-4B19-87C4-6EEF33DB36D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TPH\TPH.exe () [File not signed]
FirewallRules: [{990F5A47-47CD-49BE-A667-0D9B3250CC85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Visage\Visage.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{2F7F395F-B98E-48B1-BD63-6A6E2DBB8227}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Visage\Visage.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{35B55829-2A91-446E-94D2-F5E137FB3EF2}C:\program files (x86)\steam\steamapps\common\visage\visage\binaries\win64\visage-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\visage\visage\binaries\win64\visage-win64-shipping.exe (CN=SadSquare Studio) [File not signed]
FirewallRules: [UDP Query User{7D45A4D2-123A-4573-A88B-F519915CA6E4}C:\program files (x86)\steam\steamapps\common\visage\visage\binaries\win64\visage-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\visage\visage\binaries\win64\visage-win64-shipping.exe (CN=SadSquare Studio) [File not signed]
FirewallRules: [{F08C75BA-59DC-4FED-9385-B1C2A2B00A07}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{074B5567-88A9-4BE7-9AB1-54E7C2E32769}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Avorion\bin\Avorion.exe () [File not signed]
FirewallRules: [{B044971C-2892-4C12-9661-CD9CB357B31B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Avorion\bin\Avorion.exe () [File not signed]
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

11-12-2019 01:56:16 Windows Update
17-12-2019 19:36:33 Intel® Driver & Support Assistant

==================== Faulty Device Manager Devices ============

Name: Intel(R) Wireless Bluetooth(R)
Description: Intel(R) Wireless Bluetooth(R)
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/30/2019 08:18:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (185936,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/30/2019 07:56:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (174232,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/29/2019 04:16:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (171616,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/28/2019 09:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9812

Error: (12/28/2019 09:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9812

Error: (12/28/2019 09:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/28/2019 09:03:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8250

Error: (12/28/2019 09:03:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8250


System errors:
=============
Error: (12/17/2019 12:06:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/17/2019 12:06:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/16/2019 02:24:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JTDGVR7)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (12/11/2019 11:14:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:43:22 AM on ‎12/‎11/‎2019 was unexpected.

Error: (12/11/2019 11:09:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/11/2019 11:09:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/11/2019 02:42:55 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Error: (12/11/2019 02:42:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================

Date: 2019-12-30 20:07:28.194
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2019-12-30 20:05:14.352
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2019-12-30 19:52:31.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2019-12-30 19:37:28.202
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2019-12-30 19:32:43.863
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-30 19:32:43.490
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-30 19:32:08.604
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

Date: 2019-12-30 19:32:08.354
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.20 04/07/2017
Motherboard: MSI Z270-A PRO (MS-7A71)
Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Percentage of memory in use: 22%
Total physical RAM: 32735.85 MB
Available physical RAM: 25381.27 MB
Total Virtual: 37599.85 MB
Available Virtual: 25218.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.37 GB) (Free:72.39 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:2794.39 GB) (Free:2794.13 GB) NTFS

\\?\Volume{c8dd3706-3566-4fdc-ab25-2a213fcf9e84}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{04015f3a-347f-4031-83e9-5d7fc7e4f793}\ () (Fixed) (Total:0.83 GB) (Free:0.41 GB) NTFS
\\?\Volume{8e6a62d9-4499-4e0e-9465-ac658f3d7553}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6437ED14)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Juliet
2019-12-31, 12:56
This isn't malware. This has been placed on the computer through Windows updates/Microsoft Apps store.

As part of an agreement between Microsoft and Dolby, all versions of Windows 10 Fall Creators edition and later will feature the Dolby Atmos for Headphones option in the audio spatial sound settings. The option to choose Dolby Atmos for Headphones is hard-coded into the OS and will always be there regardless if the app is installed or not.

Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-18] (Dolby Laboratories)

We can try to remove it out of programs and features.

Open WinX menu by holding Windows and X keys together, and then click Programs and Features.

Look for Dolby Digital Plus Advanced Audio in the list, click on it and then click Uninstall to initiate the uninstallation.

AlexaSD
2019-12-31, 17:56
This isn't malware. This has been placed on the computer through Windows updates/Microsoft Apps store.

Thats weird because spybot details specifically called it a virus with a threat level medium, and I've never gotten such results before. I uninstalled it as per your instructions, then ran spybot virus scanner again and I am still getting the same results. I have attached the scan results in case that helps.13211

I am also concerned I am infected because I was unable to run the aswMBR.

Juliet
2020-01-01, 04:33
Let's try this

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220\Assets\RadarHost
C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220
SearchScopes: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
SearchScopes: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~``


Download AdwCleaner (https://www.malwarebytes.com/adwcleaner/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan Now
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



~~~~~~~~~~~~~~~~~`

http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply



Post these 3 logs in your next reply.

AlexaSD
2020-01-01, 05:40
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Alexa (31-12-2019 22:03:31) Run:1
Running from C:\Users\Alexa\Desktop
Loaded Profiles: Alexa (Available Profiles: Alexa & Brandon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220\Assets\RadarHost
C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220
SearchScopes: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
SearchScopes: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220\Assets\RadarHost => moved successfully
C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 => moved successfully
"HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D825E1D-057D-4728-8F64-0608FB9D5669} => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

Could not move "C:\Windows\Temp\.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log" => Scheduled to move on reboot.
Could not move "C:\Windows\Temp\.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log" => Scheduled to move on reboot.
C:\Windows\Temp\.ses => moved successfully
C:\Windows\Temp\A.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log => moved successfully
C:\Windows\Temp\A.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log => moved successfully
C:\Windows\Temp\a67cb766-88a3-4911-84ef-a1001ad03cf5.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log => moved successfully
C:\Windows\Temp\a67cb766-88a3-4911-84ef-a1001ad03cf5.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log => moved successfully
C:\Windows\Temp\C.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log => moved successfully
C:\Windows\Temp\C.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191214-1549.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2036.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2037.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2042.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2044.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2050.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-0419.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-1009.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-1101.log => moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-1106.log => moved successfully
Could not move "C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-2203.log" => Scheduled to move on reboot.
C:\Windows\Temp\mat-debug-10268.log => moved successfully
C:\Windows\Temp\mat-debug-12392.log => moved successfully
C:\Windows\Temp\mat-debug-12700.log => moved successfully
C:\Windows\Temp\mat-debug-14512.log => moved successfully
C:\Windows\Temp\mat-debug-20244.log => moved successfully
C:\Windows\Temp\mat-debug-3200.log => moved successfully
C:\Windows\Temp\mat-debug-3208.log => moved successfully
C:\Windows\Temp\mat-debug-3476.log => moved successfully
C:\Windows\Temp\mat-debug-3580.log => moved successfully
C:\Windows\Temp\mat-debug-3612.log => moved successfully
C:\Windows\Temp\mat-debug-6416.log => moved successfully
Could not move "C:\Windows\Temp\mat-debug-9992.log" => Scheduled to move on reboot.
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191214154941319C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191230203558DFC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191230203748E1C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191230204206C80).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191231110106D94).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(201912312203312708).log" => Scheduled to move on reboot.
C:\Windows\Temp\TBitDefenderUpdaterThread.log => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44507277 B
Java, Flash, Steam htmlcache => 275826767 B
Windows/system/drivers => 0 B
Edge => 6933695 B
Chrome => 0 B
Firefox => 156518487 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 169752 B
NetworkService => 209660 B
Alexa => 433421601 B
Brandon => 435085200 B

RecycleBin => 90841130 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-12-2019 22:05:40)

C:\Windows\Temp\.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log => Is moved successfully
C:\Windows\Temp\.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log => Is moved successfully
C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-2203.log => Is moved successfully
C:\Windows\Temp\mat-debug-9992.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201912312203312708).log => Is moved successfully

==== End of Fixlog 22:05:40 ====

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2019-12-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-31-2019
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 7
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted Amazon Assistant for Firefox

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2107 octets] - [31/12/2019 22:08:15]
AdwCleaner_Debug.log - [12819 octets] - [31/12/2019 22:11:38]
AdwCleaner[S01].txt - [2230 octets] - [31/12/2019 22:12:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
RogueKiller Anti-Malware V14.0.3.0 (x64) [Dec 23 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : Alexa [Administrator]
Started from : C:\Users\Alexa\Desktop\RogueKiller_portable64.exe
Signatures : 20191231_112221, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/12/31 22:33:29 (Duration : 00:04:03)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Juliet
2020-01-01, 13:35
ESET Online Scanner

Download ESET Online Scanner (https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner_enu.exe) and save it to your desktop.

Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

-----------------------


Hows the computer now?

AlexaSD
2020-01-02, 00:08
No threats were detected. I tried to save the scan log but I must have messed something up because I can't find it now. Spybot virus scanner is still detecting that same file as a threat.

Juliet
2020-01-02, 01:09
Download Sophos Free Virus Removal Tool https://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx
and save it to your desktop.


If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...


Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program
If no threats were found please confirm that result....




The Virus Removal Tool scans the following areas of your computer:

Memory, including system memory on 32-bit (x86) versions of Windows
The Windows registry
All local hard drives, fixed and removable
Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

AlexaSD
2020-01-03, 07:52
No threats were found.

2020-01-03 05:34:31.243 Sophos Virus Removal Tool version 2.8.0
2020-01-03 05:34:31.243 Copyright (c) 2009-2019 Sophos Limited. All rights reserved.

2020-01-03 05:34:31.243 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2020-01-03 05:34:31.243 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2020-01-03 05:34:31.243 Checking for updates...
2020-01-03 05:34:31.249 Update progress: proxy server not available
2020-01-03 05:34:35.592 Downloading updates...
2020-01-03 05:34:35.593 Update progress: [I96736] sdds.svrt_v1.15: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2020-01-03 05:34:35.600 Update progress: [I95020] sdds.svrt_v1.15: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2020-01-03 05:34:35.600 Update progress: [I22529] sdds.svrt_v1.15: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2020-01-03 05:34:35.600 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS
2020-01-03 05:34:35.600 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2020-01-03 05:34:35.600 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2020-01-03 05:34:35.600 Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 78 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 33b99c19a5b8e02d8695ecf0c8500bc7x000.xml: 2521 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 33b99c19a5b8e02d8695ecf0c8500bc7x000.xml: 32 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9ed18d9dc4a751d0f8a6da0934a80cedx000.xml: 8673 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9ed18d9dc4a751d0f8a6da0934a80cedx000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE573/54a92a4bd3e9b576ad1f41229a9a241dx000.xml: 590 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE573/54a92a4bd3e9b576ad1f41229a9a241dx000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 598 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 16 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE565/1ce171d7f5b9565065bf17a44774f0a1x000.xml: 601 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE565/1ce171d7f5b9565065bf17a44774f0a1x000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE569/248a1f9123c16937d1a142b9bd2a4596x000.xml: 601 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE569/248a1f9123c16937d1a142b9bd2a4596x000.xml: 47 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE567/7b23de79c99d2127137bb3a2e2e9ab95x000.xml: 601 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE567/7b23de79c99d2127137bb3a2e2e9ab95x000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE568/848b908325eda99060171b6fb57a995dx000.xml: 601 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE568/848b908325eda99060171b6fb57a995dx000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE570/c4215464d25d3865903108d821935879x000.xml: 601 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE570/c4215464d25d3865903108d821935879x000.xml: 16 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE566/d051415c7c83e949b41461e8db404aedx000.xml: 601 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE566/d051415c7c83e949b41461e8db404aedx000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE571/edf129287364b01442832aa2cf0459d1x000.xml: 601 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE571/edf129287364b01442832aa2cf0459d1x000.xml: 32 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE572/cfee4315b39d58b13baf42c05a5b5b39x000.xml: 1585 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE572/cfee4315b39d58b13baf42c05a5b5b39x000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 72fe09f50715f4ab81c151dfe950af3dx000.xml: 615 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 72fe09f50715f4ab81c151dfe950af3dx000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b8f6314c93aaa75d6fc272a3b1304d69x000.xml: 320 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b8f6314c93aaa75d6fc272a3b1304d69x000.xml: 16 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 753 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 47 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 331 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 15 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 32f2c03993b8d3414be5d9d714792de3x000.xml: 1027 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 32f2c03993b8d3414be5d9d714792de3x000.xml: 47 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 13ff2225063d88f220fa6841f37c8371x000.xml: 338 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 13ff2225063d88f220fa6841f37c8371x000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6af07560e7f7cbe00e191bfa0abee6e0x000.xml: 1027 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6af07560e7f7cbe00e191bfa0abee6e0x000.xml: 32 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 76f3567164278171cca28fc8121461d1x000.xml: 338 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 76f3567164278171cca28fc8121461d1x000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 78c5bd6e43890df1ecf3457a9b5a5dd1x000.xml: 1027 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 78c5bd6e43890df1ecf3457a9b5a5dd1x000.xml: 31 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2302ad75630d4b58cca278062b8b5de4x000.xml: 338 bytes
2020-01-03 05:34:35.600 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2302ad75630d4b58cca278062b8b5de4x000.xml: 47 ms
2020-01-03 05:34:35.600 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: aa6f963652fadc6cdeff28b207423ccbx000.xml: 1027 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: aa6f963652fadc6cdeff28b207423ccbx000.xml: 31 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2604e1b742f72c5b2358230ceb552befx000.xml: 338 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2604e1b742f72c5b2358230ceb552befx000.xml: 16 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 87666e9540b89546868b55d119c7b029x000.xml: 1027 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 87666e9540b89546868b55d119c7b029x000.xml: 47 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 332f16f3f32467ddbe44773d18577bccx000.xml: 338 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 332f16f3f32467ddbe44773d18577bccx000.xml: 31 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f22440c76fa98b33be36804ffa922b99x000.xml: 1027 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f22440c76fa98b33be36804ffa922b99x000.xml: 47 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 677c6984b6b0fcb32a84bb4f05a2e35ax000.xml: 338 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 677c6984b6b0fcb32a84bb4f05a2e35ax000.xml: 31 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a13db9de3890166bfd908f854b655c37x000.xml: 1027 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a13db9de3890166bfd908f854b655c37x000.xml: 31 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: fc4049d7c7119b0048a7d49548ad3f97x000.xml: 338 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: fc4049d7c7119b0048a7d49548ad3f97x000.xml: 16 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 64a7ab69840549916680700b8a7164bex000.xml: 877 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 64a7ab69840549916680700b8a7164bex000.xml: 31 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f678b3730925f55fed6e0076bd53ccc5x000.xml: 338 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f678b3730925f55fed6e0076bd53ccc5x000.xml: 31 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2815d26fee3ab9249849d5daf86bbbcdx000.xml: 877 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2815d26fee3ab9249849d5daf86bbbcdx000.xml: 32 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d11d0252efbf3b002f53e483b0c63482x000.xml: 338 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d11d0252efbf3b002f53e483b0c63482x000.xml: 31 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 611e324775cf06c3d137a07b9e7bdc89x000.xml: 1027 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 611e324775cf06c3d137a07b9e7bdc89x000.xml: 16 ms
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5063cabb2ae287caf3b26c72cc4fa866x000.xml: 338 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5063cabb2ae287caf3b26c72cc4fa866x000.xml: 31 ms
2020-01-03 05:34:35.601 Update progress: [I49502] sdds.data0910.xml: found supplement IDE569 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2020-01-03 05:34:35.601 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE569 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE569 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I49502] sdds.data0910.xml: found supplement IDE570 LATEST path= baseVersion= [included from product IDE569 LATEST path=]
2020-01-03 05:34:35.601 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE570 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE570 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I49502] sdds.data0910.xml: found supplement IDE571 LATEST path= baseVersion= [included from product IDE570 LATEST path=]
2020-01-03 05:34:35.601 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE571 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE571 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I49502] sdds.data0910.xml: found supplement IDE572 LATEST path= baseVersion= [included from product IDE571 LATEST path=]
2020-01-03 05:34:35.601 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE572 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE572 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I49502] sdds.data0910.xml: found supplement IDE573 LATEST path= baseVersion= [included from product IDE572 LATEST path=]
2020-01-03 05:34:35.601 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE573 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE573 LATEST path=
2020-01-03 05:34:35.601 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2020-01-03 05:34:35.601 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 81ddcd3ecd90d6668b9fc5b0a8b77901x000.xml: 73670 bytes
2020-01-03 05:34:35.601 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 81ddcd3ecd90d6668b9fc5b0a8b77901x000.xml: 94 ms
2020-01-03 05:34:35.601 Update progress: [I19463] Product download size 202307273 bytes
2020-01-03 05:34:37.283 Update progress: [I19463] Syncing product IDE569 LATEST path=
2020-01-03 05:34:37.283 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0f3305a3f210dc482321fe6f92f6ee1cx000.xml: 26472 bytes
2020-01-03 05:34:37.283 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0f3305a3f210dc482321fe6f92f6ee1cx000.xml: 94 ms
2020-01-03 05:34:37.283 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f9e1dee73077ed671be15a92e52c768dx000.xml: 397 bytes
2020-01-03 05:34:37.283 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f9e1dee73077ed671be15a92e52c768dx000.xml: 31 ms
2020-01-03 05:34:37.283 Update progress: [I19463] Product download size 1732491 bytes
2020-01-03 05:34:37.371 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 63297fb4a9cb677745e67060e88d726ex000.xml: 3155 bytes
2020-01-03 05:34:37.371 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 63297fb4a9cb677745e67060e88d726ex000.xml: 32 ms
2020-01-03 05:34:37.457 Update progress: [I19463] Syncing product IDE570 LATEST path=
2020-01-03 05:34:37.457 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5ccd6a45ae68aab76b89f87138a59402x000.xml: 28460 bytes
2020-01-03 05:34:37.457 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5ccd6a45ae68aab76b89f87138a59402x000.xml: 62 ms
2020-01-03 05:34:37.457 Update progress: [I19463] Product download size 1905546 bytes
2020-01-03 05:34:37.585 Update progress: [I19463] Syncing product IDE571 LATEST path=
2020-01-03 05:34:37.585 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d220e3eb0c0580a2840126302368f29bx000.xml: 25989 bytes
2020-01-03 05:34:37.585 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d220e3eb0c0580a2840126302368f29bx000.xml: 31 ms
2020-01-03 05:34:37.585 Update progress: [I19463] Product download size 2049625 bytes
2020-01-03 05:34:37.695 Update progress: [I19463] Syncing product IDE572 LATEST path=
2020-01-03 05:34:37.695 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e48eed1819602933d7223afeda3a86a5x000.xml: 42343 bytes
2020-01-03 05:34:37.695 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e48eed1819602933d7223afeda3a86a5x000.xml: 32 ms
2020-01-03 05:34:37.695 Update progress: [I19463] Product download size 2639596 bytes
2020-01-03 05:34:37.816 Update progress: [I19463] Syncing product IDE573 LATEST path=
2020-01-03 05:34:37.816 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes
2020-01-03 05:34:37.816 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 31 ms
2020-01-03 05:34:37.828 Installing updates...
2020-01-03 05:34:38.289 Option all = no
2020-01-03 05:34:38.892 Option recurse = yes
2020-01-03 05:34:38.892 Option archive = no
2020-01-03 05:34:38.892 Option service = yes
2020-01-03 05:34:38.892 Option confirm = yes
2020-01-03 05:34:38.892 Option sxl = yes
2020-01-03 05:34:38.892 Option max-data-age = 35
2020-01-03 05:34:38.892 Option vdl-logging = yes
2020-01-03 05:34:38.892 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2020-01-03 05:34:38.892 Machine ID: 4f20c14a88334f6da300b6650ee9b338
2020-01-03 05:34:38.892 Component SVRTcli.exe version 2.8.0
2020-01-03 05:34:38.892 Component control.dll version 2.8.0
2020-01-03 05:34:38.892 Component SVRTservice.exe version 2.8.0
2020-01-03 05:34:38.892 Component engine\osdp.dll version 1.44.1.2461
2020-01-03 05:34:38.892 Component engine\veex.dll version 3.77.1.2461
2020-01-03 05:34:38.892 Component engine\savi.dll version 9.0.15.2461
2020-01-03 05:34:38.892 Component rkdisk.dll version 1.5.33.1
2020-01-03 05:34:38.892 Version info: Product version 2.8.0
2020-01-03 05:34:38.892 Version info: Detection engine 3.77.1
2020-01-03 05:34:38.892 Version info: Detection data 5.68
2020-01-03 05:34:38.892 Version info: Build date 9/24/2019
2020-01-03 05:34:38.892 Version info: Data files added 494
2020-01-03 05:34:38.892 Version info: Last successful update (not yet updated)
2020-01-03 05:34:38.892 Error level 1
2020-01-03 05:34:41.141 Update successful
2020-01-03 05:34:48.713 Option all = no
2020-01-03 05:34:48.713 Option recurse = yes
2020-01-03 05:34:48.713 Option archive = no
2020-01-03 05:34:48.713 Option service = yes
2020-01-03 05:34:48.713 Option confirm = yes
2020-01-03 05:34:48.713 Option sxl = yes
2020-01-03 05:34:48.714 Option max-data-age = 35
2020-01-03 05:34:48.714 Option vdl-logging = yes
2020-01-03 05:34:48.715 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2020-01-03 05:34:48.715 Machine ID: 4f20c14a88334f6da300b6650ee9b338
2020-01-03 05:34:48.716 Component SVRTcli.exe version 2.8.0
2020-01-03 05:34:48.716 Component control.dll version 2.8.0
2020-01-03 05:34:48.716 Component SVRTservice.exe version 2.8.0
2020-01-03 05:34:48.716 Component engine\osdp.dll version 1.44.1.2461
2020-01-03 05:34:48.716 Component engine\veex.dll version 3.77.1.2461
2020-01-03 05:34:48.716 Component engine\savi.dll version 9.0.15.2461
2020-01-03 05:34:48.716 Component rkdisk.dll version 1.5.33.1
2020-01-03 05:34:48.716 Version info: Product version 2.8.0
2020-01-03 05:34:48.716 Version info: Detection engine 3.77.1
2020-01-03 05:34:48.716 Version info: Detection data 5.68
2020-01-03 05:34:48.717 Version info: Build date 9/24/2019
2020-01-03 05:34:48.717 Version info: Data files added 494
2020-01-03 05:34:48.717 Version info: Last successful update 1/3/2020 12:34:41 AM

2020-01-03 05:37:59.727 Could not open C:\hiberfil.sys
2020-01-03 05:37:59.727 Could not open C:\pagefile.sys
2020-01-03 05:38:26.036 Could not open C:\Program Files\Microsoft Office\root\client\AppvIsvStream32.dll
2020-01-03 05:38:26.036 Could not open C:\Program Files\Microsoft Office\root\client\AppvIsvStream64.dll
2020-01-03 05:38:29.748 Could not open C:\Program Files\Microsoft Office\root\Office16\AppvIsvStream64.dll
2020-01-03 05:38:35.692 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\AppvIsvStream32.dll
2020-01-03 05:38:36.976 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll
2020-01-03 05:38:39.964 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream32.dll
2020-01-03 05:38:40.183 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\AppvIsvStream32.dll
2020-01-03 05:38:46.448 Could not open C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\AppvIsvStream32.dll
2020-01-03 05:41:58.026 Could not open C:\swapfile.sys
2020-01-03 05:41:58.048 Could not open C:\System Volume Information\{04b4d70e-1f7a-11ea-a048-309c23226c49}{3808876b-c176-4e48-b7ae-04046e6cc752}
2020-01-03 05:41:58.048 Could not open C:\System Volume Information\{04ba579a-29a1-11ea-a048-309c23226c49}{3808876b-c176-4e48-b7ae-04046e6cc752}
2020-01-03 05:41:58.048 Could not open C:\System Volume Information\{04ba57c7-29a1-11ea-a048-309c23226c49}{3808876b-c176-4e48-b7ae-04046e6cc752}
2020-01-03 05:41:58.049 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2020-01-03 05:41:58.049 Could not open C:\System Volume Information\{38c71c94-2c47-11ea-a050-309c23226c49}{3808876b-c176-4e48-b7ae-04046e6cc752}
2020-01-03 05:41:58.049 Could not open C:\System Volume Information\{38c723f2-2c47-11ea-a050-309c23226c49}{3808876b-c176-4e48-b7ae-04046e6cc752}
2020-01-03 05:41:58.049 Could not open C:\System Volume Information\{bc044b94-2be6-11ea-a04d-309c23226c49}{3808876b-c176-4e48-b7ae-04046e6cc752}
2020-01-03 05:42:04.351 Could not open C:\Users\Alexa\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe
2020-01-03 05:42:04.353 Could not open C:\Users\Alexa\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
2020-01-03 05:42:04.353 Could not open C:\Users\Alexa\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
2020-01-03 05:42:04.355 Could not open C:\Users\Alexa\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2020-01-03 05:42:04.356 Could not open C:\Users\Alexa\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe
2020-01-03 05:42:04.356 Could not open C:\Users\Alexa\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2020-01-03 05:42:04.357 Could not open C:\Users\Alexa\AppData\Local\Microsoft\WindowsApps\python.exe
2020-01-03 05:42:04.357 Could not open C:\Users\Alexa\AppData\Local\Microsoft\WindowsApps\python3.exe
2020-01-03 05:43:26.686 Could not open C:\Users\Brandon\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe
2020-01-03 05:43:26.688 Could not open C:\Users\Brandon\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
2020-01-03 05:43:26.688 Could not open C:\Users\Brandon\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
2020-01-03 05:43:26.690 Could not open C:\Users\Brandon\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2020-01-03 05:43:26.691 Could not open C:\Users\Brandon\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe
2020-01-03 05:43:26.691 Could not open C:\Users\Brandon\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2020-01-03 05:43:26.692 Could not open C:\Users\Brandon\AppData\Local\Microsoft\WindowsApps\python.exe
2020-01-03 05:43:26.692 Could not open C:\Users\Brandon\AppData\Local\Microsoft\WindowsApps\python3.exe
2020-01-03 05:43:29.820 Could not open C:\Users\Brandon\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
2020-01-03 05:43:29.822 Could not open C:\Users\Brandon\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
2020-01-03 05:45:24.382 Could not open C:\Windows\System32\config\BBI
2020-01-03 05:49:23.252 Error level 0

Juliet
2020-01-03, 13:09
My thinking is, SpyBot is detecting this as a false-positive. At times this can happen and we work to gather information to supply and have the team remedy the error.

use the support form and provide a link back to his topic: https://www.safer-networking.org/support/#contactform

They'll get this figured out.

Also, please download a tool to remove tools and quarantine folders.


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

AlexaSD
2020-01-03, 19:43
Ok. Thank you so much for your time and assistance, Juliet. I really appreciate you and all the other volunteers at spybot for your dedication to the online community. Have a happy new year.

Juliet
2020-01-04, 13:05
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.