Results 1 to 10 of 12

Thread: Spybot located virus Gen:Variant.Jaik.16274.

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2019-12-31, 02:48 #1
    AlexaSD
    AlexaSD is offline
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Default Spybot located virus Gen:Variant.Jaik.16274.

    After I have spybot delete the file I rescanned and it was back. This is the location: C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220\Assets\RadarHost

    Here is FRST: FRST.txt

    The "Addition.txt file was 1kb too large for the attachements manager so I copied and pasted it below.
    Got error from aswmbr virtualization technology question after clicking yes and computer was restarted twice, so I then clicked no.
    Then got error and computer restart after clicking scan twice, Stop code: DRIVER_IRQL_NOT_LESS_OR_EQUAL aswMBR.sys, so I have no log file to post for that program.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
    Ran by Alexa (30-12-2019 20:21:16)
    Running from C:\Users\Alexa\Desktop
    Windows 10 Home Version 1903 18362.535 (X64) (2019-07-27 23:16:41)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3759400987-4214920439-3437108526-500 - Administrator - Disabled)
    Alexa (S-1-5-21-3759400987-4214920439-3437108526-1003 - Administrator - Enabled) => C:\Users\Alexa
    Brandon (S-1-5-21-3759400987-4214920439-3437108526-1004 - Administrator - Enabled) => C:\Users\Brandon
    DefaultAccount (S-1-5-21-3759400987-4214920439-3437108526-503 - Limited - Disabled)
    Guest (S-1-5-21-3759400987-4214920439-3437108526-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-3759400987-4214920439-3437108526-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
    Diablo II (HKLM-x32\...\Diablo II) (Version: - )
    Documentation Manager (HKLM\...\{3EF18AD4-8F08-42FE-B2A4-F2DDB1DFB5D0}) (Version: 21.50.1.1 - Intel Corporation) Hidden
    Intel Driver && Support Assistant (HKLM-x32\...\{3EAAD5EA-1D87-442D-8426-FD4FCE62119D}) (Version: 19.12.50.5 - Intel) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
    Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{AE956AB9-CD98-4F1E-8B9E-C3C66E290D64}) (Version: 3.4.2072 - Intel Corporation) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000050-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.50.0.1 - Intel Corporation)
    Intel® Driver & Support Assistant (HKLM-x32\...\{8d174f37-ea1a-4e4d-be82-c10521a3c687}) (Version: 19.12.50.5 - Intel)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{6aa2484c-1a35-428e-a857-8ee0a874d2d1}) (Version: 20.110.0 - Intel Corporation)
    Intel® Software Guard Extensions Platform Software (HKLM\...\{2DF17C75-9627-4213-8612-17955E92F782}) (Version: 1.6.101.32869 - Intel Corporation)
    Intel® Software Installer (HKLM-x32\...\{e2b4037f-6ffc-4200-8b24-fdc8512f0dc9}) (Version: 21.50.1.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
    LibreOffice 5.4.2.2 (HKLM\...\{71F5B603-BA9F-41E1-BC94-9839DFE5A83E}) (Version: 5.4.2.2 - The Document Foundation)
    Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
    Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
    NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 3.20.1.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.1.57 - NVIDIA Corporation)
    NVIDIA Graphics Driver 441.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.41 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8010 - Realtek Semiconductor Corp.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

    Packages:
    =========
    Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
    Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-18] (Dolby Laboratories)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-15] (HP Inc.)
    March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.5.1.3_x86__h6adky7gbf63m [2019-12-18] (Gameloft.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
    Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.105.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Studios)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-11-20] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2016-09-14 12:51 - 2016-09-14 12:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
    2016-09-14 12:51 - 2016-09-14 12:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7943 more sites.

    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\123simsen.com -> www.123simsen.com

    There are 7946 more sites.


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 06:47 - 2019-09-10 19:47 - 000455006 ____R C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15616 more lines.

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    Network Binding:
    =============
    Ethernet: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
    Wi-Fi: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{F859A27E-5B42-43FC-8254-B74485E98E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 2 BIOHAZARD RE2\re2.exe (CAPCOM CO., LTD. -> )
    FirewallRules: [{FF41A1A5-7710-4190-AA62-BA4392ABFE48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 2 BIOHAZARD RE2\re2.exe (CAPCOM CO., LTD. -> )
    FirewallRules: [{A9141E70-0AF7-4B28-98E9-DF012F0D761E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
    FirewallRules: [{DDE52180-00FF-4DCF-A584-9C3C9D3FB55A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
    FirewallRules: [{01E02995-A6DD-45DB-BC09-77F733EAE0DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)
    FirewallRules: [{4FC02FE4-A1F1-47A0-B7B4-21080EAFBEF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)
    FirewallRules: [{3388E838-C71D-4F18-A095-93C890CE0F0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)
    FirewallRules: [{C523494F-F21E-462E-BC6E-6C8409BDAD11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)
    FirewallRules: [{0A6123E5-01ED-4897-8B5A-C0041D3F57D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed]
    FirewallRules: [{8DD6DFDB-827F-42A9-9B43-1EA738E7E6AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed]
    FirewallRules: [{C74A7378-3DCF-448D-B642-C51621E69B52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grimoire_Heralds_of_the_Winged_Exemplar\Grimoire.exe () [File not signed]
    FirewallRules: [{E9870213-CED6-4AB0-887F-0FF094CD2A02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grimoire_Heralds_of_the_Winged_Exemplar\Grimoire.exe () [File not signed]
    FirewallRules: [{C097F00F-B588-48E9-9330-B2B2121FDC93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
    FirewallRules: [{80CB594D-067F-480D-BA4C-D4AB7EC00FB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
    FirewallRules: [{46E78626-78AD-48C3-A4A3-4B92944CBC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe No File
    FirewallRules: [{C0AEE527-2C6A-441E-9F71-D545ED7457F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe No File
    FirewallRules: [{ACAFA4F6-E7CF-4C0E-9C9D-659DFC665859}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe No File
    FirewallRules: [{FFEB8FA8-CA7F-4DC4-964C-EECC7A62EF5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe No File
    FirewallRules: [{47986002-6662-4BAA-B5F7-A805F25B1351}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
    FirewallRules: [{A786B2A0-040C-4788-A316-59D2278B2EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
    FirewallRules: [{95A24584-F7AB-4C47-B96F-ECEA35A7D835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed]
    FirewallRules: [{1F27FB1F-4CBF-458F-82B2-215C574ADAA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed]
    FirewallRules: [UDP Query User{D81C456C-B69A-4484-AB02-A50A63D42CC0}C:\program files (x86)\steam\steamapps\common\phantomdoctrine\iwtb\binaries\win64\iwtb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\phantomdoctrine\iwtb\binaries\win64\iwtb-win64-shipping.exe (CreativeForge Games) [File not signed]
    FirewallRules: [TCP Query User{038FBC86-6F78-4DEF-992C-6B036E1A0376}C:\program files (x86)\steam\steamapps\common\phantomdoctrine\iwtb\binaries\win64\iwtb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\phantomdoctrine\iwtb\binaries\win64\iwtb-win64-shipping.exe (CreativeForge Games) [File not signed]
    FirewallRules: [{C728DA6B-5DFD-4A56-B85D-4DE76AF4BF49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PhantomDoctrine\IWTB.exe (Epic Games, Inc.) [File not signed]
    FirewallRules: [{07ADB0EB-F66F-42C9-8092-3BD2A9BFE3D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PhantomDoctrine\IWTB.exe (Epic Games, Inc.) [File not signed]
    FirewallRules: [{F4D42DF3-298D-4C8B-A566-B9F52FBC2530}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
    FirewallRules: [{9A04BE8F-116E-4EF2-BF71-6F80685C756D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
    FirewallRules: [{271F50AD-7613-4A78-9709-AFC7C836A593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DRAGON QUEST XI\Game\Binaries\Win64\OverwriteSettings.exe () [File not signed]
    FirewallRules: [{CCEDBCDE-FFB4-4A52-B68F-1ABDAB0D4D57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DRAGON QUEST XI\Game\Binaries\Win64\OverwriteSettings.exe () [File not signed]
    FirewallRules: [{32BE9CB5-00CF-4D93-BBE3-5F6D52BD5A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DRAGON QUEST XI\Game\Binaries\Win64\DRAGON QUEST XI.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
    FirewallRules: [{3F6A357F-9435-4502-84DE-964EA2BBE097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DRAGON QUEST XI\Game\Binaries\Win64\DRAGON QUEST XI.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
    FirewallRules: [{05B9E27F-6186-4E43-BD79-9CB35CAD56F6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
    FirewallRules: [{F1B26A92-14FD-40EC-8561-14E67FE1240F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
    FirewallRules: [{93035125-2B34-4F3B-8763-AC1CFB4E192A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
    FirewallRules: [{F1BB5D98-3838-4636-828B-4CD92D60C560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
    FirewallRules: [{56B7DE1B-0D1F-4690-B3A7-5386A5FE1BC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
    FirewallRules: [{B80DD964-B9D4-4D3F-A274-1B4566840388}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe () [File not signed]
    FirewallRules: [{FA18EEEF-9351-4A6C-B5F1-3FD5124745F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe () [File not signed]
    FirewallRules: [{827015EA-7DD6-49C0-A294-D29BB77DC87A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HELLGATE_London\Hellgate.exe (Hanbitsoft, inc.) [File not signed]
    FirewallRules: [{B989D61D-EB73-4BFD-A281-34D9472B884B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HELLGATE_London\Hellgate.exe (Hanbitsoft, inc.) [File not signed]
    FirewallRules: [{064BED59-F339-4D84-9426-33D54F134959}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crest\Crest.exe No File
    FirewallRules: [{315EE0EF-AE07-4702-8ECF-85FA4BED2745}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crest\Crest.exe No File
    FirewallRules: [{56F5E796-E82D-4C15-814F-E2FBFB66D833}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Balrum\Balrum.exe () [File not signed]
    FirewallRules: [{10950EF1-8DDB-4C47-82A0-7C936CF0BF99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Balrum\Balrum.exe () [File not signed]
    FirewallRules: [{6990B182-93B0-4745-803F-73DBCC8D4EA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Hour One Life\steamGateClient.exe () [File not signed]
    FirewallRules: [{DFBF751A-9A96-4D0E-9ACB-E1795E68B5FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Hour One Life\steamGateClient.exe () [File not signed]
    FirewallRules: [{361CDD12-1BAE-42A3-8E0D-A7A71E212BEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6_Launcher.exe () [File not signed]
    FirewallRules: [{01900879-4934-43B0-B36B-FDCA9685C412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6_Launcher.exe () [File not signed]
    FirewallRules: [{CE0606F3-0918-429D-8952-29119D0AE3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6.exe () [File not signed]
    FirewallRules: [{B6AB938B-49D9-46C1-9EEC-1B1401287B8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6.exe () [File not signed]
    FirewallRules: [{8E2A35E0-D0A9-4AD8-8CA5-4A81DF3A1547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe (SilverSecond) [File not signed]
    FirewallRules: [{6FBF6DA6-1A4F-471E-803C-98C107428EF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe (SilverSecond) [File not signed]
    FirewallRules: [{7F4B49FF-BE18-476F-97F8-C6F5DB4D0CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCatLady\TheCatLady.exe ( ) [File not signed]
    FirewallRules: [{9BF17E51-DDAC-46B4-BFA4-9672B260D739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCatLady\TheCatLady.exe ( ) [File not signed]
    FirewallRules: [UDP Query User{CD0C1701-EA95-4851-9121-DD901725020E}C:\users\alexa\desktop\downloader_diablo2_enus.exe] => (Allow) C:\users\alexa\desktop\downloader_diablo2_enus.exe No File
    FirewallRules: [TCP Query User{B24442E6-05C9-4FD5-B23B-0450AF847AA8}C:\users\alexa\desktop\downloader_diablo2_enus.exe] => (Allow) C:\users\alexa\desktop\downloader_diablo2_enus.exe No File
    FirewallRules: [UDP Query User{B09E8273-263C-4FE4-AF5A-AE519D3627DC}C:\users\alexa\desktop\msiproductreghelper.exe] => (Allow) C:\users\alexa\desktop\msiproductreghelper.exe No File
    FirewallRules: [TCP Query User{048CF24A-CBF5-432C-854E-B4C186F9AD57}C:\users\alexa\desktop\msiproductreghelper.exe] => (Allow) C:\users\alexa\desktop\msiproductreghelper.exe No File
    FirewallRules: [{C4B573F1-8002-44F4-A4C2-02E73F47A7A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
    FirewallRules: [{64178229-6A07-4498-A77B-223A428A3918}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
    FirewallRules: [{B51DFDAF-E31A-449B-9DED-A6870BCBD816}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OneShot\steamshim.exe () [File not signed]
    FirewallRules: [{CE43EBF5-C42C-4145-BEF4-BCD3A958B377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OneShot\steamshim.exe () [File not signed]
    FirewallRules: [{8D981B4F-A1EC-4EF4-8005-CDDCAD7DF33F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Echo of the Wilds\Echo of the Wilds.exe ( ) [File not signed]
    FirewallRules: [{E3AE976D-0BC6-42AF-A8F9-F63A1D1A707C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Echo of the Wilds\Echo of the Wilds.exe ( ) [File not signed]
    FirewallRules: [{A6A23493-5F76-49DC-9596-F9E7FA567B99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect64.exe () [File not signed]
    FirewallRules: [{1C12618B-2826-499A-9AC4-95409C5C71F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect64.exe () [File not signed]
    FirewallRules: [{0B218D72-20AF-47FC-88C6-907444C8D728}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
    FirewallRules: [{9272163B-B608-44AF-A5F6-414609A404C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
    FirewallRules: [{5F943F94-8139-4A65-8917-C1C3D7975B26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
    FirewallRules: [{0D304D49-D526-495B-94FB-8E1D7ECE6578}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
    FirewallRules: [{FDB35216-4BA6-4B39-9FA3-1664D539D7C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
    FirewallRules: [{12CE2698-34D3-494F-9281-A5A27C25E4CB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
    FirewallRules: [{2BFC3141-04B3-466F-B492-4C8CBB4DE244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
    FirewallRules: [{AFF77D57-FCCD-482C-94C2-556DCEC4F938}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
    FirewallRules: [{9E9C448B-E1BF-4B5D-BB05-13E17B3C6C14}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{03521296-B129-477C-AA1E-88D09D2917F2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{A3D72F14-0129-45A6-80F6-17A34776A717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\kenshi_x64.exe () [File not signed]
    FirewallRules: [{C9A0D68D-AB83-4547-B821-8DC8E13EFF0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\kenshi_x64.exe () [File not signed]
    FirewallRules: [{D92923B0-6A58-4405-808D-3530E7E009F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\forgotten construction set.exe (LoFi Games) [File not signed]
    FirewallRules: [{732790E0-D2D1-4091-B64B-0DBBE41FEB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\forgotten construction set.exe (LoFi Games) [File not signed]
    FirewallRules: [{64259F30-2432-4F09-8D69-000E89BA4EC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Founders Fortune\Founders Fortune.exe () [File not signed]
    FirewallRules: [{A2173B30-B427-4BD3-9663-019C452D5BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Founders Fortune\Founders Fortune.exe () [File not signed]
    FirewallRules: [{3FE67233-F1ED-4F72-8764-7D3797097C41}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B4FAF54E-7D16-42E8-99EA-AF810ED96ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wayward\wayward.exe (Unlok) [File not signed]
    FirewallRules: [{E6CA50D5-02AA-4CDA-B25A-8B1DA680BB5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wayward\wayward.exe (Unlok) [File not signed]
    FirewallRules: [{1DDC6C08-6567-447E-8459-8C703F0054AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{31BF8E66-B1F9-4C4E-BD48-23E0800C0EDE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{3AB9654C-763E-4D67-8A8F-9F9F82770D0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe No File
    FirewallRules: [{BD7C84ED-07BA-4A96-9F41-146ABE6AB48A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe No File
    FirewallRules: [{C2571D72-3378-472E-994B-B341AA32F43E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe No File
    FirewallRules: [{F5B1E028-4807-42DA-A793-5C066C7F3A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe No File
    FirewallRules: [{21665B92-FA55-4FB0-9FDF-7865BDF3E2DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
    FirewallRules: [{58D7C3B4-8E53-43AC-95CB-9852FC0C2FA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
    FirewallRules: [{EFC842D1-D32C-4752-A14E-7669036F74CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
    FirewallRules: [{DD5E13F5-7554-4C44-AFC2-20CEDAC90B9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
    FirewallRules: [{B92A0525-3AF8-4CAC-9983-B8CC482AAF66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive Ab (Publ) -> )
    FirewallRules: [{AA6784A1-158A-433D-8CF5-0D867BA64CAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive Ab (Publ) -> )
    FirewallRules: [{FBA37510-7C75-4456-A5E3-1235E08DC51A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{C8CF39E5-55AE-4BE9-AD81-069647957ADD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [TCP Query User{CD0F2B92-B549-4A9D-B75D-4CA9FEB53AF7}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
    FirewallRules: [UDP Query User{48E3ED49-6E07-45BF-8581-F516F6EACE31}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
    FirewallRules: [{8E1679EE-A758-4D83-B461-FC19F9F62DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero-U Rogue to Redemption\Hero-U.exe () [File not signed]
    FirewallRules: [{9F909402-A1B9-4C04-A823-F0A105FBC626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero-U Rogue to Redemption\Hero-U.exe () [File not signed]
    FirewallRules: [TCP Query User{8053B81D-D9D8-4BFC-9F44-2E1DD1DB5635}C:\program files (x86)\steam\steamapps\common\avorion\bin\avorionserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\avorion\bin\avorionserver.exe () [File not signed]
    FirewallRules: [UDP Query User{CF708CFD-D91D-46A4-AAAF-612F5C19B683}C:\program files (x86)\steam\steamapps\common\avorion\bin\avorionserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\avorion\bin\avorionserver.exe () [File not signed]
    FirewallRules: [{8AAE54E0-6E57-45F0-9217-B3E2607A071B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{F3792AE3-0329-4630-81E2-D73EB4991EE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{99DDF2A7-CE57-4B76-AF96-711250FFE813}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{05349130-B373-426C-84E9-A812EF46BE61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{CBA36077-F6D5-4D21-AAFC-A6BA1BE48051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disco Elysium\disco.exe () [File not signed]
    FirewallRules: [{D5D44493-8ED2-4FAE-9850-F9A81E6BFEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disco Elysium\disco.exe () [File not signed]
    FirewallRules: [{88DD5521-DF62-4A79-8275-724A74ADD0D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation Empire\AutomationEmpire.exe () [File not signed]
    FirewallRules: [{AC9BE2C4-B31A-405D-8ABC-7D16179138CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation Empire\AutomationEmpire.exe () [File not signed]
    FirewallRules: [{B8A843B9-0277-4CF1-8722-4D5D5521F293}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TPH\TPH.exe () [File not signed]
    FirewallRules: [{6CD17394-96CC-4B19-87C4-6EEF33DB36D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TPH\TPH.exe () [File not signed]
    FirewallRules: [{990F5A47-47CD-49BE-A667-0D9B3250CC85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Visage\Visage.exe (Epic Games, Inc.) [File not signed]
    FirewallRules: [{2F7F395F-B98E-48B1-BD63-6A6E2DBB8227}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Visage\Visage.exe (Epic Games, Inc.) [File not signed]
    FirewallRules: [TCP Query User{35B55829-2A91-446E-94D2-F5E137FB3EF2}C:\program files (x86)\steam\steamapps\common\visage\visage\binaries\win64\visage-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\visage\visage\binaries\win64\visage-win64-shipping.exe (CN=SadSquare Studio) [File not signed]
    FirewallRules: [UDP Query User{7D45A4D2-123A-4573-A88B-F519915CA6E4}C:\program files (x86)\steam\steamapps\common\visage\visage\binaries\win64\visage-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\visage\visage\binaries\win64\visage-win64-shipping.exe (CN=SadSquare Studio) [File not signed]
    FirewallRules: [{F08C75BA-59DC-4FED-9385-B1C2A2B00A07}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{074B5567-88A9-4BE7-9AB1-54E7C2E32769}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Avorion\bin\Avorion.exe () [File not signed]
    FirewallRules: [{B044971C-2892-4C12-9661-CD9CB357B31B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Avorion\bin\Avorion.exe () [File not signed]
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    11-12-2019 01:56:16 Windows Update
    17-12-2019 19:36:33 Intel® Driver & Support Assistant

    ==================== Faulty Device Manager Devices ============

    Name: Intel(R) Wireless Bluetooth(R)
    Description: Intel(R) Wireless Bluetooth(R)
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Intel Corporation
    Service: BTHUSB
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (12/30/2019 08:18:49 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (185936,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (12/30/2019 07:56:49 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (174232,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (12/29/2019 04:16:13 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (171616,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (12/28/2019 09:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9812

    Error: (12/28/2019 09:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9812

    Error: (12/28/2019 09:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/28/2019 09:03:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8250

    Error: (12/28/2019 09:03:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8250


    System errors:
    =============
    Error: (12/17/2019 12:06:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (12/17/2019 12:06:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (12/16/2019 02:24:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JTDGVR7)
    Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

    Error: (12/11/2019 11:14:44 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 2:43:22 AM on ‎12/‎11/‎2019 was unexpected.

    Error: (12/11/2019 11:09:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (12/11/2019 11:09:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (12/11/2019 02:42:55 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

    Error: (12/11/2019 02:42:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.


    CodeIntegrity:
    ===================================

    Date: 2019-12-30 20:07:28.194
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2019-12-30 20:05:14.352
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2019-12-30 19:52:31.795
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2019-12-30 19:37:28.202
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2019-12-30 19:32:43.863
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-12-30 19:32:43.490
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-12-30 19:32:08.604
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

    Date: 2019-12-30 19:32:08.354
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 1.20 04/07/2017
    Motherboard: MSI Z270-A PRO (MS-7A71)
    Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
    Percentage of memory in use: 22%
    Total physical RAM: 32735.85 MB
    Available physical RAM: 25381.27 MB
    Total Virtual: 37599.85 MB
    Available Virtual: 25218.65 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:464.37 GB) (Free:72.39 GB) NTFS
    Drive e: (New Volume) (Fixed) (Total:2794.39 GB) (Free:2794.13 GB) NTFS

    \\?\Volume{c8dd3706-3566-4fdc-ab25-2a213fcf9e84}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
    \\?\Volume{04015f3a-347f-4031-83e9-5d7fc7e4f793}\ () (Fixed) (Total:0.83 GB) (Free:0.41 GB) NTFS
    \\?\Volume{8e6a62d9-4499-4e0e-9465-ac658f3d7553}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 6437ED14)

    Partition: GPT.

    ==========================================================
    Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt =======================
  2. 2019-12-31, 11:56 #2
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    This isn't malware. This has been placed on the computer through Windows updates/Microsoft Apps store.

    As part of an agreement between Microsoft and Dolby, all versions of Windows 10 Fall Creators edition and later will feature the Dolby Atmos for Headphones option in the audio spatial sound settings. The option to choose Dolby Atmos for Headphones is hard-coded into the OS and will always be there regardless if the app is installed or not.

    Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-18] (Dolby Laboratories)

    We can try to remove it out of programs and features.

    Open WinX menu by holding Windows and X keys together, and then click Programs and Features.

    Look for Dolby Digital Plus Advanced Audio in the list, click on it and then click Uninstall to initiate the uninstallation.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  3. 2019-12-31, 16:56 #3
    AlexaSD
    AlexaSD is offline
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Default

    Quote Originally Posted by Juliet View Post
    This isn't malware. This has been placed on the computer through Windows updates/Microsoft Apps store.
    Thats weird because spybot details specifically called it a virus with a threat level medium, and I've never gotten such results before. I uninstalled it as per your instructions, then ran spybot virus scanner again and I am still getting the same results. I have attached the scan results in case that helps.Scan Results.191231-1055.txt

    I am also concerned I am infected because I was unable to run the aswMBR.
  4. 2020-01-01, 03:33 #4
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's try this

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220\Assets\RadarHost
    C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220
    SearchScopes: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
    SearchScopes: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~``

    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan Now
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    ~~~~~~~~~~~~~~~~~`

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply



    Post these 3 logs in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  5. 2020-01-01, 04:40 #5
    AlexaSD
    AlexaSD is offline
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
    Ran by Alexa (31-12-2019 22:03:31) Run:1
    Running from C:\Users\Alexa\Desktop
    Loaded Profiles: Alexa (Available Profiles: Alexa & Brandon)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220\Assets\RadarHost
    C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220
    SearchScopes: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
    SearchScopes: HKU\S-1-5-21-3759400987-4214920439-3437108526-1003 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220\Assets\RadarHost => moved successfully
    C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 => moved successfully
    "HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-3759400987-4214920439-3437108526-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D825E1D-057D-4728-8F64-0608FB9D5669} => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    Could not move "C:\Windows\Temp\.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log" => Scheduled to move on reboot.
    Could not move "C:\Windows\Temp\.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log" => Scheduled to move on reboot.
    C:\Windows\Temp\.ses => moved successfully
    C:\Windows\Temp\A.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log => moved successfully
    C:\Windows\Temp\A.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log => moved successfully
    C:\Windows\Temp\a67cb766-88a3-4911-84ef-a1001ad03cf5.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log => moved successfully
    C:\Windows\Temp\a67cb766-88a3-4911-84ef-a1001ad03cf5.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log => moved successfully
    C:\Windows\Temp\C.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log => moved successfully
    C:\Windows\Temp\C.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191214-1549.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2036.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2037.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2042.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2044.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191230-2050.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-0400.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-0419.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-1009.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-1101.log => moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-1106.log => moved successfully
    Could not move "C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-2203.log" => Scheduled to move on reboot.
    C:\Windows\Temp\mat-debug-10268.log => moved successfully
    C:\Windows\Temp\mat-debug-12392.log => moved successfully
    C:\Windows\Temp\mat-debug-12700.log => moved successfully
    C:\Windows\Temp\mat-debug-14512.log => moved successfully
    C:\Windows\Temp\mat-debug-20244.log => moved successfully
    C:\Windows\Temp\mat-debug-3200.log => moved successfully
    C:\Windows\Temp\mat-debug-3208.log => moved successfully
    C:\Windows\Temp\mat-debug-3476.log => moved successfully
    C:\Windows\Temp\mat-debug-3580.log => moved successfully
    C:\Windows\Temp\mat-debug-3612.log => moved successfully
    C:\Windows\Temp\mat-debug-6416.log => moved successfully
    Could not move "C:\Windows\Temp\mat-debug-9992.log" => Scheduled to move on reboot.
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191214154941319C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191230203558DFC).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191230203748E1C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191230204206C80).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191231110106D94).log => moved successfully
    Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(201912312203312708).log" => Scheduled to move on reboot.
    C:\Windows\Temp\TBitDefenderUpdaterThread.log => moved successfully
    C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10248192 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44507277 B
    Java, Flash, Steam htmlcache => 275826767 B
    Windows/system/drivers => 0 B
    Edge => 6933695 B
    Chrome => 0 B
    Firefox => 156518487 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 169752 B
    NetworkService => 209660 B
    Alexa => 433421601 B
    Brandon => 435085200 B

    RecycleBin => 90841130 B
    EmptyTemp: => 1.4 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-12-2019 22:05:40)

    C:\Windows\Temp\.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.ERROR..log => Is moved successfully
    C:\Windows\Temp\.DESKTOP-JTDGVR7.DESKTOP-JTDGVR7$.log.WARNING..log => Is moved successfully
    C:\Windows\Temp\DESKTOP-JTDGVR7-20191231-2203.log => Is moved successfully
    C:\Windows\Temp\mat-debug-9992.log => Is moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(201912312203312708).log => Is moved successfully

    ==== End of Fixlog 22:05:40 ====

    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.1.0
    # -------------------------------
    # Build: 12-17-2019
    # Database: 2019-12-17.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 12-31-2019
    # Duration: 00:00:07
    # OS: Windows 10 Home
    # Cleaned: 7
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    Deleted Amazon Assistant for Firefox

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete IFEO
    [+] Delete Prefetch
    [+] Delete Tracing Keys
    [+] Reset BITS
    [+] Reset Windows Firewall
    [+] Reset Hosts File
    [+] Reset IPSec
    [+] Reset Chromium Policies
    [+] Reset IE Policies
    [+] Reset Proxy Settings
    [+] Reset TCP/IP
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2107 octets] - [31/12/2019 22:08:15]
    AdwCleaner_Debug.log - [12819 octets] - [31/12/2019 22:11:38]
    AdwCleaner[S01].txt - [2230 octets] - [31/12/2019 22:12:56]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
    RogueKiller Anti-Malware V14.0.3.0 (x64) [Dec 23 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.18362) 64 bits
    Started in : Normal mode
    User : Alexa [Administrator]
    Started from : C:\Users\Alexa\Desktop\RogueKiller_portable64.exe
    Signatures : 20191231_112221, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2019/12/31 22:33:29 (Duration : 00:04:03)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  6. 2020-01-01, 12:35 #6
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    ESET Online Scanner

    Download ESET Online Scanner and save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • When the tool opens, click Get Started.
    • Read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get Started.
    • Select whether you would like to send anonymous data to ESET.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

    -----------------------


    Hows the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules