Jump to content

malware threatening mbr:backboot-g .. can't be deleted

sabawarnali
 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted
Hello sabawarnali and welcome to Malwarebytes,

Continue with the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites
sabawarnali

sabawarnali

Posted
  • Author
Posted

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/21/20
Scan Time: 9:55 PM
Log File: 6af94348-43c6-11eb-944b-98fa9b2e6ad1.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.34583
License: Trial

-System Information-
OS: Windows 10 (Build 19041.685)
CPU: x64
File System: NTFS
User: DESKTOP-UAFJIBF\SabaFikra

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 314952
Threats Detected: 48
Threats Quarantined: 26
Time Elapsed: 2 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\KMSSS.exe, No Action By User, 10026, 805275, , , , , 525A481E7A32345DCCB665D203615A3F, 8D49A4E7F2CA1239311F6B1D69EBF3E95735DA9E0CDFBE8235A28E256CBAF6C9

Module: 1
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\KMSSS.exe, No Action By User, 10026, 805275, , , , , 525A481E7A32345DCCB665D203615A3F, 8D49A4E7F2CA1239311F6B1D69EBF3E95735DA9E0CDFBE8235A28E256CBAF6C9

Registry Key: 16
PUP.Optional.CleanMyPC, HKU\S-1-5-18\SOFTWARE\CleanMyPC, Quarantined, 8231, 423646, 1.0.34583, , ame, , , 
PUP.Optional.SearchYa, HKU\S-1-5-21-3088348026-8018339-403404452-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}, Quarantined, 2160, 242794, 1.0.34583, , ame, , , 
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, Quarantined, 11315, 551619, , , , , , 
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, Quarantined, 11315, 551619, 1.0.34583, , ame, , , 
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, Quarantined, 11315, 551614, 1.0.34583, , ame, , , 
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\MICROSOFT\TRACING\CleanMyPCService_RASAPI32, Quarantined, 8231, 424037, 1.0.34583, , ame, , , 
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\MICROSOFT\TRACING\CleanMyPCService_RASMANCS, Quarantined, 8231, 424037, 1.0.34583, , ame, , , 
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\MICROSOFT\TRACING\CleanMyPC_RASAPI32, Quarantined, 8231, 424037, 1.0.34583, , ame, , , 
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\MICROSOFT\TRACING\CleanMyPC_RASMANCS, Quarantined, 8231, 424037, 1.0.34583, , ame, , , 
HackTool.KMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KMSEmulator, No Action By User, 10026, 805275, , , , , , 
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\KMSAutoNet, Quarantined, 10026, 805275, , , , , , 
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C7E41EA-16D6-4DA6-9F5C-477D2ABDBD99}, Quarantined, 10026, 805275, , , , , , 
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3C7E41EA-16D6-4DA6-9F5C-477D2ABDBD99}, Quarantined, 10026, 805275, , , , , , 
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CMPCUAC, Quarantined, 8231, 855198, , , , , , 
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A5DF877-B362-42F9-A4F2-592F9EF39198}, Quarantined, 8231, 855198, , , , , , 
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A5DF877-B362-42F9-A4F2-592F9EF39198}, Quarantined, 8231, 855198, , , , , , 

Registry Value: 1
PUP.Optional.SearchYa, HKU\S-1-5-21-3088348026-8018339-403404452-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}|DISPLAYNAME, Quarantined, 2160, 242794, 1.0.34583, , ame, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64WDV, No Action By User, 10026, 805275, , , , , , 
Trojan.FakeTool.E, C:\Program Files (x86)\Seed Trade\Seed, Quarantined, 13440, 820424, , , , , , 
Trojan.FakeTool.E, C:\PROGRAM FILES (X86)\SEED TRADE, Quarantined, 13440, 820424, 1.0.34583, , ame, , , 

File: 26
Trojan.StolenData.Trace, C:\USERS\USER3\APPDATA\ROAMING\CONFIGSEX\2020 12 20 - 07 30 PM, Quarantined, 6710, 482835, 1.0.34583, , ame, , 7C2730CB55175061BE5F5A3706E3E492, 88E072F344E362C0526813BEE189433C91F7D23639BE09BE15B5EA5A7880D84C
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, Quarantined, 11315, 551609, 1.0.34583, , ame, , 2ED7F7F5AB4ACA410C9CE4DECB2B5820, B0BA95FE9B66D6ED70F184D11346C664611677B5BFC4A7B16DD5DF181CA463FD
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\devcon.exe, No Action By User, 10026, 805275, , , , , 3904D0698962E09DA946046020CBCB17, A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\devcon.exe, No Action By User, 10026, 805275, , , , , 7F0C8F7B6F6D22ECD83013F2F26A71AE, A4E561F666C08353C2226E8E264555C406893B0AD1B74FD05F4F29655E128809
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.inf, No Action By User, 10026, 805275, , , , , 61243CB103543EE3163BF16DF69BCB54, 1652B1DE2F15EEACBD06E0AB14ADA5A466316FFD3AB88D4A2A46CFCBD25FDFA1
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.sys, No Action By User, 10026, 805275, , , , , 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64WDV\FakeClient.exe, No Action By User, 10026, 805275, , , , , B85F4CE841F3AE1EBDF76835D2EADBEF, CE28748F6AE7B54AB35FC31D825E80A26E143737CF4748FFF523781E04C1EE79
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WdfCoInstaller01009.dll, No Action By User, 10026, 805275, , , , , BE566E174EAF5B93B0474593CD8F2715, CEE8496BFA1080FD84FC48BA4375625238900FE93EA739B2DC0300206FDE8330
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.dll, No Action By User, 10026, 805275, , , , , 3F0C03E5076C7E6B404F894FF4DC5BB1, 4E7EBED8410C83B73A23185AA94680143DA2933305CD6DEEFE8EC0B51B7EE6F3
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.inf, No Action By User, 10026, 805275, , , , , A94D989905A248AFCA52BC3CBFCB248B, 6C9F7DEA4F9A47788D5D2BA110B08457FD00DBABE4812EBCA6F022300843A75D
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.sys, No Action By User, 10026, 805275, , , , , A0D15D8727D0780C51628DF46B7268B3, 5E23F3ED1D6620C39A644F9879404A22DED86B3B076EC4A898B4B6BE244AFD64
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\oas_sert.cer, No Action By User, 10026, 805275, , , , , 0041584E5F66762B1FA9BE8910D0B92B, BB27684B569CBB72DEC63EA6FDEF8E5F410CDAEB73717EEE1B36478DBCFF94CC
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\driver\tap0901.cer, No Action By User, 10026, 805275, , , , , 3D5FFD53BE77C32CBB147F32423C0A86, 669C56DB590C0308EA25C4508375BB88611B06B1AE689A895DC6B19F4DF5619C
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\KMSSS.exe, No Action By User, 10026, 805275, , , , , 525A481E7A32345DCCB665D203615A3F, 8D49A4E7F2CA1239311F6B1D69EBF3E95735DA9E0CDFBE8235A28E256CBAF6C9
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\KMSSS.log, No Action By User, 10026, 805275, , , , , 2751723664E2B30644613784BD85370C, D20AC99D58798FE0CD841032A519AACAD80BAF7AEB9CE0D14791CBDB38FAE18E
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\TunMirror.exe, No Action By User, 10026, 805275, , , , , FB5F055633E4F7890004972E108A07CD, 02145C3F60E704DF17919CD26CB79BD31A12B98D66B0B7FD1CF7EA894AD1F871
HackTool.KMS, C:\ProgramData\KMSAutoS\bin\TunMirror2.exe, No Action By User, 10026, 805275, , , , , 3B33E3AB6E91806DF4CAE19405AB8846, D9CD47831FABA4053225DAC181709FD7AB9D066C3DE6F541968FFFEEEE4A9BF9
HackTool.KMS, C:\ProgramData\KMSAutoS\KMSAuto Net.exe, No Action By User, 10026, 805275, , , , , 1A5459413F4858D5EEA4FEB8F1AE1783, 5AA87CBACA5673B6566C19A3B41492FE30243F68DAE694AD704FB6EFFD292CE9
HackTool.KMS, C:\ProgramData\KMSAutoS\kmsauto.ini, No Action By User, 10026, 805275, , , , , C89B2676670AB0F85146A3E506A6DF60, EFD58731EC404B023CF3A4244BB2C75609E2E2972610ABBBBF15FB2BF20A7C6C
HackTool.KMS, C:\WINDOWS\SYSTEM32\TASKS\KMSAutoNet, No Action By User, 10026, 805275, , , , , DB88093623274E281131A5544845C13E, 0CEF1032ECA00FDE969F80E6D4D98A696F8B15BAC1F1158BC8A21E5AFE2B8FC1
PUP.Optional.CleanMyPC, C:\WINDOWS\SYSTEM32\TASKS\CMPCUAC, Quarantined, 8231, 855198, 1.0.34583, , ame, , 0951784119CD1D5B1C69C30F1849C400, 5BA697B3C8A90DFED890E727F7573CEF9A7C8484D7ADD6BAE051A549F0680D7E
Generic.Malware/Suspicious, C:\PROGRAMDATA\KMSAUTO\KMSAUTO NET.EXE, Quarantined, 0, 392686, 1.0.34583, , shuriken, , 1A5459413F4858D5EEA4FEB8F1AE1783, 5AA87CBACA5673B6566C19A3B41492FE30243F68DAE694AD704FB6EFFD292CE9
HackTool.AutoKMS, C:\PROGRAMDATA\KMSAUTO\BIN\TUNMIRROR2.EXE, Quarantined, 8374, 764226, 1.0.34583, , ame, , 3B33E3AB6E91806DF4CAE19405AB8846, D9CD47831FABA4053225DAC181709FD7AB9D066C3DE6F541968FFFEEEE4A9BF9
HackTool.AutoKMS, C:\PROGRAMDATA\KMSAUTO\BIN\KMSSS.EXE, Quarantined, 8374, 734057, 1.0.34583, 36542CA8C977CF56F7DD9CBC, dds, 01037794, 525A481E7A32345DCCB665D203615A3F, 8D49A4E7F2CA1239311F6B1D69EBF3E95735DA9E0CDFBE8235A28E256CBAF6C9
MachineLearning/Anomalous.93%, C:\USERS\USER3\DESKTOP\P_SUPRAM_SIGMA4PC.COM (1).RAR, Quarantined, 0, 392687, 1.0.34583, , shuriken, , 7D52B2744119148CC1EA1DF7A241B315, 9E082DBF0299679F460792C6E356F51FB0EA3630A5E1402442D84078F708D56B
PUP.Optional.BundleInstaller, C:\USERS\USER3\DESKTOP\SUPRAM.7.6.1.2020_SIGMA4PC.COM.RAR, Quarantined, 150, 385980, 1.0.34583, , ame, , E4C2BD6022D2118A9A010CB92D5D3689, 68500D216D54B8BF104EE6570D51C2E033F798F15E65D9E14FC17F1AF344DAE3

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
sabawarnali

sabawarnali

Posted
  • Author
Posted

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-12-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-22-2020
# Duration: 00:00:02
# OS:       Windows 10 Pro
# Cleaned:  18
# Failed:   2


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\User3\AppData\Roaming\Smart Clock
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\SOFTWARE\EB5738A3744F385EA363
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Restoro
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

***** [ Chromium (and derivatives) ] *****

Deleted       Save Image As PNG - nkokmeaibnajheohncaamjggkanfbphi
Deleted       Touch VPN - Secure and unlimited VPN proxy - bihmplhobchoageeokmgbdihknkjbknd

***** [ Chromium URLs ] *****

Deleted       Search Here
Not Deleted   Search Here
Not Deleted   blekko

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4165 octets] - [22/12/2020 11:19:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites
sabawarnali

sabawarnali

Posted
  • Author
Posted


==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [117352 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2596704 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-10-12] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-10-12] (Adobe Inc. -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3088348026-8018339-403404452-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [677512 2020-11-11] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3088348026-8018339-403404452-1001\...\Run: [Figma Agent] => C:\Users\User3\AppData\Local\FigmaAgent\figma_agent.exe [6098120 2020-06-17] (Figma, Inc. -> )
HKU\S-1-5-21-3088348026-8018339-403404452-1001\...\Run: [uTorrent] => C:\Users\User3\AppData\Roaming\uTorrent\uTorrent.exe [2142936 2020-12-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3088348026-8018339-403404452-1001\...\Winlogon: [Shell] explorer.exe,Explorer.exe <==== ATTENTION
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65488 2020-02-05] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{AC76BA86-0000-0000-7760-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll [2020-02-05] (Adobe Inc. -> Adobe Systems, Inc.)
BootExecute: autocheck autochk *  icarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03259C1E-68FE-48F9-804F-09F6D11A356E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {13850B36-53F4-4CE5-9848-96B5577FD86A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {26B6678F-7312-48DF-9BC2-9120F852F468} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-11] (Google Inc -> Google LLC)
Task: {4334B94D-630A-4CFE-B5CB-90EDC7BA4A59} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5442656 2020-11-25] (Avast Software s.r.o. -> Avast Software)
Task: {43C6ACBF-FFCE-4497-A0C7-62AEEB5FEA4E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {5A593754-AD48-4EE6-A2FA-BF031D890D05} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4621920 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
Task: {6C936A6F-19A1-4998-8902-5D5E88033892} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3088348026-8018339-403404452-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-11] (Microsoft Windows -> )
Task: {7552B7EE-F7B3-408E-9472-26D8499E07C7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B4403F9-0793-4C4C-A526-3BF86377AFEC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-12-21] (Avast Software s.r.o. -> Avast Software)
Task: {87CF229F-6099-47F0-8F1A-9EF4773F500B} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\WINDOWS\System32\ibmpmsvc.exe [891584 2020-09-24] (Lenovo -> Lenovo.)
Task: {8AC4E6F4-903D-47F5-A4B7-006AA85F6696} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {9CC39B6F-564E-4514-937E-0FA7379C0091} - System32\Tasks\Avast Software\Avast Cleanup Update BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [2812624 2020-12-21] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid ad97fa2d-6ad8-4c00-86c9-d80b6b9a30b5
Task: {AB899C7C-081C-4927-AA90-42AD45DAAC06} - System32\Tasks\Lenovo\Lenovo ITS PnP Task => C:\WINDOWS\System32\LITSSvc.exe [940224 2020-09-06] (Lenovo -> Lenovo.)
Task: {B0008597-5235-4186-A9FB-F3F4C1205D6E} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3088348026-8018339-403404452-1001 => C:\Users\User3\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87336 2020-11-26] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {B597BDB1-FAD2-469B-A118-3A009E6DB5A2} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-08-18] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {C41CA656-143B-4365-BC93-ED8F6B0B2D85} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [60616 2020-10-13] (Lenovo -> )
Task: {C452F7E0-D465-417A-95FD-EDE7784D2989} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612232 2020-11-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA5E2A6B-55DE-4A56-BA6E-836FEEDF7AA4} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112840 2020-10-13] (Lenovo -> Lenovo)
Task: {CCBE6B73-7596-4F98-856E-1E43ABB14165} - System32\Tasks\HPCustParticipation HP ColorLaserJet MFP M278-M281 => C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\Bin\HPCustPartic.exe [6659488 2020-01-22] (HP Inc -> HP Inc.)
Task: {D2B4C811-FC1D-4649-A55C-98F2C0661D17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-11] (Google Inc -> Google LLC)
Task: {D864739C-AF04-4DD7-86F4-17D7C29FF052} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC125B40-00BB-44FB-93D5-F7716B89034B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {E5E55A4F-E3D4-46A6-AA71-35A96B72B493} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {EA80924F-D19E-4E7A-9C10-B60F34591394} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612232 2020-11-30] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.200.253 8.8.8.8
Tcpip\..\Interfaces\{c798833d-1611-4ef3-b0ef-5fc1ca053bea}: [DhcpNameServer] 192.168.200.253 8.8.8.8
Tcpip\..\Interfaces\{e3a572ff-1949-4376-bd4a-b8561017c85c}: [DhcpNameServer] 192.168.1.1

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User3\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-21]
Edge HomePage: Default -> hxxps://www.google.com/
Edge Profile: C:\Users\User3\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-09-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: t46ivofj.default
FF ProfilePath: C:\Users\User3\AppData\Roaming\Mozilla\Firefox\Profiles\t46ivofj.default [2020-08-30]
FF ProfilePath: C:\Users\User3\AppData\Roaming\Mozilla\Firefox\Profiles\zgmctots.default-release [2020-12-21]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-02-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-10-12] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-12-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-02-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-10-12] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3088348026-8018339-403404452-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\User3\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-17] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome: 
=======
CHR Profile: C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default [2020-12-22]
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://accounts.unity3d.com/sign-up","hxxp://psut.jo/elearning","hxxps://accounts.unity3d.com/users","hxxps://www.google.com/","hxxp://psut.jo/elearning/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Translate) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-09-15]
CHR Extension: (Slides) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-11]
CHR Extension: (Docs) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-11]
CHR Extension: (Google Drive) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2020-12-22]
CHR Extension: (YouTube) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-11]
CHR Extension: (Honey) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-11-19]
CHR Extension: (Adobe Acrobat) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-17]
CHR Extension: (Sheets) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-11]
CHR Extension: (EditThisCookie) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-19]
CHR Extension: (Screenshot YouTube) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2020-06-10]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2020-12-01]
CHR Extension: (Color Picker) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpldannlkkicofjolkffchkpbcpioecc [2020-05-21]
CHR Extension: (Google Translate Plus) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomhcfmjbfkigcepcfkcpknnppmdopmc [2020-11-12]
CHR Extension: (Grammarly for Chrome) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-12-17]
CHR Extension: (Save Image As PNG) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkokmeaibnajheohncaamjggkanfbphi [2020-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-11]
CHR Extension: (TunnelBear VPN) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2020-12-05]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2020-10-18]
CHR Extension: (Gmail) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\User3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-22]
CHR Profile: C:\Users\User3\AppData\Local\Google\Chrome\User Data\System Profile [2019-12-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-10-12] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8477080 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621728 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [351848 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [58048 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12968552 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137416 2020-11-23] (Microsoft Corporation -> Microsoft Corporation)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [93448 2020-11-10] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 CxAudMsg; C:\WINDOWS\System32\CxAudMsg64.exe [243464 2020-11-10] (Synaptics Incorporated -> Conexant Systems Inc.)
R2 CxUIUSvc; C:\WINDOWS\System32\CxUIUSvc64.exe [122112 2020-11-10] (Synaptics Incorporated -> Conexant Systems, Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 KMSEmulator; C:\ProgramData\KMSAutoS\bin\KMSSS.exe [35448 2016-09-19] (WZT -> MSFree Inc.)
R2 LITSSVC; C:\WINDOWS\System32\LITSSvc.exe [940224 2020-09-06] (Lenovo -> Lenovo.)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892104 2020-09-24] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-21] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_62cf4e1fc023f9a9\driver\TPHKLOAD.exe [427408 2020-04-03] (Lenovo -> Lenovo Group Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2020-12-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522480 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469472 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216984 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326064 2020-12-21] (Avast Software s.r.o. -> AVAST Software)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [176032 2019-06-12] (BayHub Technology Inc. -> BayHubTech/O2Micro)
S3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2020-12-21] (CPUID -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-21] (Malwarebytes Corporation -> Malwarebytes)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28936 2020-12-21] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-21] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-22] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2020-12-22] (Malwarebytes Inc -> Malwarebytes)
R1 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [37976 2020-09-24] (Lenovo -> Lenovo.)
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 SRS_HDAL_Service; C:\WINDOWS\system32\drivers\SRS_HDAL_amd64.sys [533280 2010-11-15] (SRS Labs, Inc -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-22 11:25 - 2020-12-22 11:25 - 000023506 _____ C:\Users\User3\Desktop\FRST.txt
2020-12-22 11:24 - 2020-12-22 11:25 - 000000000 ____D C:\FRST
2020-12-22 11:24 - 2020-12-22 11:24 - 002286592 _____ (Farbar) C:\Users\User3\Desktop\FRST64.exe
2020-12-22 11:21 - 2020-12-22 11:21 - 019347272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-22 11:21 - 2020-12-22 11:21 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-12-22 11:21 - 2020-12-22 11:21 - 000139424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-12-22 11:21 - 2020-12-22 11:21 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-12-22 11:18 - 2020-12-22 11:20 - 000000000 ____D C:\AdwCleaner
2020-12-22 11:18 - 2020-12-22 11:18 - 008447152 _____ (Malwarebytes) C:\Users\User3\Desktop\adwcleaner_8.0.8.exe
2020-12-22 11:02 - 2020-12-22 11:02 - 000009686 _____ C:\Users\User3\Desktop\3.txt
2020-12-22 11:01 - 2020-12-22 11:01 - 000009686 _____ C:\Users\User3\Desktop\2.txt
2020-12-22 11:00 - 2020-12-22 11:00 - 000005243 _____ C:\Users\User3\Desktop\s.txt
2020-12-21 23:45 - 2020-12-21 23:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User3\Desktop\mbar-1.10.3.1001.exe
2020-12-21 21:55 - 2020-12-22 08:59 - 000000000 ____D C:\Users\User3\AppData\LocalLow\IGDump
2020-12-21 21:54 - 2020-12-21 21:54 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-21 21:54 - 2020-12-21 21:54 - 000000000 ____D C:\Users\User3\AppData\Local\mbam
2020-12-21 21:53 - 2020-12-21 21:53 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-21 21:53 - 2020-12-21 21:53 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-21 21:53 - 2020-12-21 21:53 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-12-21 21:53 - 2020-12-21 21:53 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-21 21:52 - 2020-12-21 21:52 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-21 20:58 - 2020-12-21 20:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-21 17:11 - 2020-12-21 17:11 - 000000000 _____ C:\Users\User3\AppData\Roaming\unp12310529.tmp
2020-12-21 15:56 - 2020-12-21 15:56 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Cleanup Premium.lnk
2020-12-21 15:55 - 2020-11-25 17:24 - 000082024 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2020-12-21 15:46 - 2020-12-21 15:46 - 000000000 _____ C:\Users\User3\AppData\Roaming\unp79895520.tmp
2020-12-21 15:45 - 2020-12-21 15:45 - 000000000 ____D C:\Users\User3\AppData\LocalLow\nb98wqnehe8bw89hb
2020-12-21 15:44 - 2020-12-21 17:22 - 000000000 ____D C:\Users\User3\AppData\Local\ee738f1c-e708-49af-af32-bf6632f3fa48
2020-12-21 15:44 - 2020-12-21 17:22 - 000000000 ____D C:\Users\User3\AppData\Local\c8e6ae57-941b-4db7-b063-5c2c7c84c92d
2020-12-21 15:44 - 2020-12-21 15:44 - 000000561 _____ C:\Users\User3\AppData\Local\bowsakkdestx.txt
2020-12-21 15:44 - 2020-12-21 15:44 - 000000000 ____D C:\Users\Public\Thunder Network
2020-12-21 15:44 - 2020-12-21 15:44 - 000000000 ____D C:\SystemID
2020-12-21 15:43 - 2020-12-21 15:43 - 000032768 _____ C:\Users\User3\AppData\Roaming\1608558200572-shm
2020-12-21 15:43 - 2020-12-21 15:43 - 000000000 _____ C:\Users\User3\AppData\Roaming\1608558200572-wal
2020-12-21 15:40 - 2020-12-21 15:40 - 000000000 ____D C:\Users\User3\AppData\Local\Helloo
2020-12-21 11:06 - 2020-12-21 11:06 - 000000000 ____D C:\Users\User3\AppData\Roaming\Alien Skin
2020-12-21 11:05 - 2020-12-21 11:05 - 000000000 ____D C:\Users\User3\AppData\Local\Alien Skin
2020-12-21 11:05 - 2020-12-21 11:05 - 000000000 ____D C:\Users\User3\.AS
2020-12-21 11:00 - 2020-12-21 15:45 - 000000000 ____D C:\Program Files\Exposure Software
2020-12-21 11:00 - 2020-12-21 11:16 - 000000000 ____D C:\ProgramData\Alien Skin
2020-12-21 09:14 - 2020-12-21 09:14 - 000000000 ____D C:\WINDOWS\Panther
2020-12-21 01:49 - 2020-12-21 01:53 - 000000000 ____D C:\Users\User3\AppData\Roaming\GlarySoft
2020-12-21 01:49 - 2020-12-21 01:49 - 000028936 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2020-12-21 01:49 - 2020-12-21 01:49 - 000000000 ____D C:\Users\User3\AppData\Roaming\DiskDefrag
2020-12-21 01:38 - 2020-12-21 23:48 - 000002582 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-12-21 01:37 - 2020-12-21 01:37 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2020-12-21 01:35 - 2020-12-21 01:38 - 000000000 ____D C:\Users\User3\AppData\Roaming\IObit
2020-12-21 01:35 - 2020-12-21 01:38 - 000000000 ____D C:\Users\User3\AppData\LocalLow\IObit
2020-12-21 01:35 - 2020-12-21 01:38 - 000000000 ____D C:\ProgramData\IObit
2020-12-21 01:35 - 2020-12-21 01:38 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-21 01:35 - 2020-12-21 01:35 - 000000000 ____D C:\ProgramData\ProductData
2020-12-21 01:26 - 2020-12-21 01:32 - 000000000 ____D C:\Users\User3\AppData\LocalLow\uTorrent
2020-12-21 01:25 - 2020-12-21 15:56 - 000000000 ____D C:\Users\User3\AppData\Roaming\Avast Software
2020-12-21 01:25 - 2020-12-21 01:25 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-12-21 01:24 - 2020-12-22 11:23 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-12-21 01:24 - 2020-12-21 23:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-12-21 01:24 - 2020-12-21 01:24 - 000851256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000522480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000469472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000340576 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-12-21 01:24 - 2020-12-21 01:24 - 000332880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000326064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000247888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000216984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000208672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000176384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000108928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000097360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000084496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000042424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000036792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-12-21 01:24 - 2020-12-21 01:24 - 000016832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-12-21 01:23 - 2020-12-21 15:55 - 000000000 ____D C:\Program Files\Avast Software
2020-12-20 19:30 - 2020-12-21 21:58 - 000000000 ___HD C:\Users\User3\AppData\Roaming\ConfigsEx
2020-12-20 19:30 - 2020-12-20 19:31 - 000000000 ___HD C:\ProgramData\Crashes
2020-12-20 19:18 - 2020-12-20 19:19 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2020-12-20 13:47 - 2020-12-20 13:47 - 000000000 ____D C:\MATS
2020-12-20 11:32 - 2020-12-20 11:32 - 000010342 _____ C:\Users\User3\Desktop\Fikra Dec. Third Sheet Content.xlsx
2020-12-18 12:09 - 2020-12-18 12:09 - 000001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mister Horse Product Manager.lnk
2020-12-18 12:09 - 2020-12-18 12:09 - 000000000 ____D C:\Program Files\Mister Horse Product Manager
2020-12-18 12:07 - 2020-12-22 00:01 - 000000000 ____D C:\Users\User3\Desktop\action 2
2020-12-15 10:09 - 2020-12-15 10:09 - 004155405 _____ C:\Users\User3\Desktop\Media1.mp4
2020-12-15 09:27 - 2020-12-15 09:27 - 002824965 _____ C:\Users\User3\Desktop\Averroes Intro In-P v14.pptx
2020-12-13 19:39 - 2020-12-13 19:41 - 000000000 ____D C:\Program Files (x86)\PassFab for RAR
2020-12-13 19:22 - 2020-12-13 19:22 - 000000000 ____D C:\Users\User3\Documents\Panel Settings
2020-12-13 11:40 - 2020-12-13 11:40 - 000000000 ____D C:\Users\User3\AppData\Roaming\Teams
2020-12-13 11:32 - 2020-12-13 11:32 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2020-12-13 11:32 - 2020-12-13 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-12-13 11:30 - 2020-12-13 11:30 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2020-12-13 11:22 - 2020-12-13 11:31 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-13 11:22 - 2020-12-13 11:22 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-12-13 10:49 - 2020-12-21 01:40 - 000000000 ____D C:\Users\User3\AppData\Roaming\TeamViewer
2020-12-13 10:49 - 2020-12-13 10:49 - 000000000 ____D C:\Users\User3\AppData\Local\TeamViewer
2020-12-12 10:35 - 2020-12-12 10:35 - 000247136 _____ C:\Users\User3\Desktop\Report1.pdf
2020-12-11 14:52 - 2020-12-11 14:52 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk
2020-12-11 14:40 - 2020-12-11 14:40 - 000001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 2020.lnk
2020-12-11 14:36 - 2020-12-11 14:36 - 000001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate 2021.lnk
2020-12-11 14:27 - 2020-12-11 14:27 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk
2020-12-11 14:16 - 2020-12-11 14:16 - 000000000 ___RD C:\Users\User\Desktop\Adobe Premiere Pro 2020
2020-12-11 14:01 - 2020-12-11 14:01 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2021.lnk
2020-12-11 13:55 - 2020-12-11 13:55 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk
2020-12-11 13:50 - 2020-12-11 13:50 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2020-12-11 13:19 - 2020-12-11 13:19 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-11 13:19 - 2020-12-11 13:19 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-11 13:18 - 2020-12-11 13:18 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-11 13:18 - 2020-12-11 13:18 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-11 13:18 - 2020-12-11 13:18 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-11 13:18 - 2020-12-11 13:18 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-11 13:18 - 2020-12-11 13:18 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-11 13:18 - 2020-12-11 13:18 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-11 13:18 - 2020-12-11 13:18 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-11 13:18 - 2020-12-11 13:18 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-10 13:06 - 2020-12-21 21:58 - 000000000 ____D C:\ProgramData\KMSAuto
2020-12-10 10:19 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2020-12-10 10:19 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2020-12-03 15:06 - 2020-12-03 15:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2020-12-03 14:02 - 2020-12-03 14:02 - 009328049 _____ C:\Users\User3\Desktop\ebda shop june.xlsx
2020-12-01 10:43 - 2020-12-21 15:26 - 000000000 ____D C:\Users\User3\Desktop\creative zone
2020-12-01 10:25 - 2020-12-18 14:48 - 000000039 _____ C:\WINDOWS\SpiFlash.ini
2020-12-01 10:08 - 2020-12-01 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2020-12-01 10:08 - 2020-12-01 10:08 - 000000000 ____D C:\Program Files (x86)\Lenovo
2020-12-01 10:01 - 2020-12-01 10:01 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-11-29 09:54 - 2020-12-21 00:37 - 000003274 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b8ed9398f91c
2020-11-26 09:41 - 2020-11-10 02:00 - 001621496 _____ (Synaptics Incorporated.) C:\WINDOWS\system32\CX64APO.dll
2020-11-26 09:41 - 2020-11-10 02:00 - 001531624 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2020-11-26 09:41 - 2020-11-10 02:00 - 000790368 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CXAPOBST.dll
2020-11-26 09:41 - 2020-11-10 02:00 - 000785384 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CXAPOPRO.dll
2020-11-26 09:41 - 2020-11-10 02:00 - 000620296 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CXAPOAgent64.exe
2020-11-26 09:41 - 2020-11-10 02:00 - 000418152 _____ (Synaptics Incorporated.) C:\WINDOWS\system32\CMicExt64.dll
2020-11-23 16:01 - 2020-11-23 16:01 - 000000000 ____D C:\Users\User3\Documents\DuAEF

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-22 11:23 - 2019-12-11 23:08 - 000000000 ____D C:\ProgramData\AVAST Software
2020-12-22 11:21 - 2020-11-12 14:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-22 11:21 - 2020-11-12 14:10 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-22 11:21 - 2019-12-11 22:37 - 000000000 ____D C:\Intel
2020-12-22 11:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-12-22 11:20 - 2019-12-11 22:58 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-12-22 11:20 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-12-22 10:31 - 2020-11-12 14:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-22 10:04 - 2019-12-17 13:48 - 000000000 ___RD C:\Users\User3\Creative Cloud Files
2020-12-22 10:04 - 2019-12-17 13:46 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-12-22 10:04 - 2019-12-17 13:46 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-12-22 10:03 - 2020-04-28 18:43 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-12-22 08:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-22 00:00 - 2020-11-12 14:21 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-22 00:00 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-21 22:09 - 2019-12-17 13:45 - 000000000 ____D C:\Users\User3\AppData\Local\D3DSCache
2020-12-21 21:53 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-21 17:21 - 2020-11-12 12:03 - 000000000 ____D C:\Users\User3
2020-12-21 16:48 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-21 16:48 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-21 15:59 - 2020-04-28 19:14 - 000000000 ____D C:\Users\User3\AppData\Roaming\uTorrent
2020-12-21 15:59 - 2019-12-17 14:01 - 000000000 ____D C:\Users\User3\AppData\Local\CrashDumps
2020-12-21 15:55 - 2019-12-11 23:16 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-12-21 11:57 - 2019-12-12 14:37 - 000000000 ____D C:\Users\User3\AppData\Local\Packages
2020-12-21 11:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources
2020-12-21 01:33 - 2020-04-28 19:14 - 000000000 ____D C:\Users\User3\AppData\Local\BitTorrentHelper
2020-12-21 01:22 - 2019-12-12 14:37 - 000000000 ____D C:\Users\User3\AppData\Local\VirtualStore
2020-12-21 00:37 - 2020-11-12 14:16 - 000003468 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-21 00:37 - 2020-11-12 14:16 - 000003244 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-21 00:37 - 2020-11-12 14:16 - 000002750 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP ColorLaserJet MFP M278-M281
2020-12-21 00:37 - 2020-11-12 14:16 - 000002668 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-12-20 19:12 - 2019-12-23 10:50 - 000000000 ____D C:\Users\User3\AppData\Local\ElevatedDiagnostics
2020-12-20 18:24 - 2019-12-07 11:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2020-12-20 15:01 - 2019-12-11 23:44 - 000000000 ____D C:\Users\User3\AppData\Local\LenovoServiceBridge
2020-12-20 13:43 - 2019-12-19 10:43 - 000000000 ____D C:\Users\User3\AppData\Roaming\MAXON
2020-12-20 13:42 - 2016-08-10 15:27 - 002923520 _____ (Intel Corporation) C:\WINDOWS\system32\libmmd.dll
2020-12-20 12:30 - 2020-06-04 08:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-18 14:48 - 2020-03-06 21:22 - 000000000 ____D C:\WINDOWS\TempInst
2020-12-18 12:11 - 2020-01-12 04:35 - 000000000 ____D C:\Users\User3\AppData\Local\MisterHorse
2020-12-17 18:50 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-15 00:58 - 2019-12-11 22:31 - 000000000 ___RD C:\Users\User3\OneDrive
2020-12-13 19:29 - 2020-09-15 13:26 - 000000000 ____D C:\Users\User3\AppData\Roaming\Telegram Desktop
2020-12-13 19:21 - 2020-09-15 14:03 - 000000000 ____D C:\Users\User3\AppData\Roaming\MotionBro Preferences
2020-12-13 19:05 - 2019-12-17 14:06 - 000000000 ____D C:\Users\User3\AppData\Local\SquirrelTemp
2020-12-13 11:31 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-12-13 11:30 - 2020-03-08 12:00 - 000044312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_1.dll
2020-12-13 11:29 - 2020-08-12 10:00 - 000101664 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2020-12-13 11:25 - 2020-04-30 02:00 - 000590112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2020-12-13 11:19 - 2019-12-11 22:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-12-11 14:52 - 2019-12-17 13:44 - 000000000 ____D C:\Program Files\Adobe
2020-12-11 14:36 - 2019-12-17 13:44 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-12-11 14:36 - 2019-12-11 23:02 - 000000000 ____D C:\Users\User3\AppData\Local\Adobe
2020-12-11 14:16 - 2020-10-08 15:54 - 000001350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2020.lnk
2020-12-11 14:16 - 2019-12-19 09:49 - 000000000 ____D C:\Users\Public\Documents\Adobe
2020-12-11 14:16 - 2019-12-19 09:49 - 000000000 ____D C:\ProgramData\Documents\Adobe
2020-12-11 13:56 - 2019-12-12 14:37 - 000000000 ____D C:\Users\User3\AppData\Roaming\Adobe
2020-12-11 13:50 - 2019-12-11 23:12 - 000000000 ____D C:\ProgramData\Adobe
2020-12-11 13:35 - 2020-11-14 18:54 - 000000000 ____D C:\Users\User3\Desktop\Daakesh
2020-12-11 13:22 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-11 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-11 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-11 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-11 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-11 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-11 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-11 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-11 13:22 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-11 13:21 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2020-12-10 19:49 - 2020-11-12 14:16 - 000003406 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-10 19:49 - 2020-11-12 14:16 - 000003280 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2020-12-10 19:49 - 2020-11-12 14:16 - 000003186 _____ C:\WINDOWS\system32\Tasks\KMSAutoNet
2020-12-10 19:49 - 2020-11-12 14:16 - 000003182 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-10 19:49 - 2020-11-12 14:16 - 000002826 _____ C:\WINDOWS\system32\Tasks\Lenovo Power Management Driver PnP Task
2020-12-10 13:30 - 2019-12-11 22:59 - 000000000 ____D C:\Users\User3\AppData\Local\MSfree Inc
2020-12-09 15:19 - 2019-12-17 14:06 - 000000000 ____D C:\Users\User3\AppData\Roaming\Figma
2020-12-06 09:09 - 2019-12-11 23:00 - 000000000 ____D C:\ProgramData\KMSAutoS
2020-12-03 09:18 - 2019-12-11 22:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-01 10:24 - 2019-12-11 23:45 - 000000000 ____D C:\ProgramData\Lenovo
2020-12-01 10:08 - 2020-11-12 14:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2020-12-01 10:08 - 2019-12-22 11:11 - 000002211 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2020-11-27 17:46 - 2019-12-17 14:24 - 000000000 ____D C:\Users\User3\Documents\Adobe
2020-11-26 12:26 - 2020-03-25 18:31 - 000000000 ____D C:\Users\User3\AppData\Roaming\HandBrake
2020-11-26 09:47 - 2019-12-12 00:04 - 000000000 ____D C:\WINDOWS\CxSvc
2020-11-23 16:01 - 2020-07-16 15:25 - 000000000 ____D C:\Users\User3\Documents\Duik Bassel.2
2020-11-23 16:01 - 2019-12-28 20:44 - 000000000 ____D C:\Users\User3\AppData\Roaming\DuAEF
2020-11-23 12:01 - 2019-12-17 14:06 - 000000000 ____D C:\Users\User3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Figma, Inc
2020-11-23 12:01 - 2019-12-17 14:06 - 000000000 ____D C:\Users\User3\AppData\Local\Figma

==================== Files in the root of some directories ========

2020-12-21 15:43 - 2020-12-21 15:43 - 000032768 _____ () C:\Users\User3\AppData\Roaming\1608558200572-shm
2020-12-21 15:43 - 2020-12-21 15:43 - 000000000 _____ () C:\Users\User3\AppData\Roaming\1608558200572-wal
2020-11-12 11:52 - 2020-11-12 11:52 - 000248887 ___SH () C:\Users\User3\AppData\Roaming\hciaavj
2020-05-07 16:10 - 2020-10-20 10:09 - 000000028 _____ () C:\Users\User3\AppData\Roaming\kulerdata.json
2020-12-21 17:11 - 2020-12-21 17:11 - 000000000 _____ () C:\Users\User3\AppData\Roaming\unp12310529.tmp
2020-12-21 15:46 - 2020-12-21 15:46 - 000000000 _____ () C:\Users\User3\AppData\Roaming\unp79895520.tmp
2020-04-19 10:58 - 2020-04-19 10:58 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE0.png
2020-05-16 17:35 - 2020-05-16 17:35 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE1.png
2020-05-20 21:27 - 2020-05-20 21:27 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE2.png
2020-05-14 15:01 - 2020-05-14 15:01 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE3.png
2020-09-09 10:29 - 2020-09-09 10:29 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE4.jpg
2020-04-06 14:05 - 2020-04-06 14:05 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE4.png
2020-09-09 11:11 - 2020-09-09 11:11 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE5.jpg
2020-04-08 09:09 - 2020-04-08 09:09 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE5.png
2020-04-08 09:09 - 2020-04-08 09:09 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE6.png
2020-04-14 12:53 - 2020-04-14 12:53 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE7.png
2020-08-25 10:26 - 2020-08-25 10:26 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE8.jpg
2020-02-13 16:09 - 2020-02-13 16:09 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE8.png
2020-09-01 12:48 - 2020-09-01 12:48 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE9.jpg
2020-02-13 16:13 - 2020-02-13 16:13 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EE9.png
2020-09-01 13:07 - 2020-09-01 13:07 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EEA.jpg
2020-02-13 16:22 - 2020-02-13 16:22 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EEA.png
2020-09-09 10:29 - 2020-09-09 10:29 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EEB.jpg
2020-03-29 23:40 - 2020-03-29 23:40 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EEB.png
2020-04-20 11:06 - 2020-04-20 11:06 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EED.jpg
2020-02-03 14:13 - 2020-02-03 14:13 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EED.png
2020-05-14 15:04 - 2020-05-14 15:04 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EEE.jpg
2020-02-13 16:02 - 2020-02-13 16:04 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EEE.png
2020-07-19 09:38 - 2020-07-19 09:38 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EEF.jpg
2020-02-13 16:06 - 2020-02-13 16:06 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EEF.png
2020-12-08 13:25 - 2020-12-08 13:25 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EF0.png
2020-09-28 10:57 - 2020-09-28 10:57 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EF4.png
2020-06-02 14:07 - 2020-06-02 14:07 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EF5.png
2020-11-23 15:16 - 2020-11-23 15:17 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EF6.png
2020-06-02 14:02 - 2020-06-02 14:02 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EF7.png
2020-06-25 14:13 - 2020-06-25 14:13 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EF8.png
2020-07-29 13:04 - 2020-07-29 13:04 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EF9.png
2020-09-07 13:41 - 2020-09-07 13:41 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EFA.png
2020-09-24 14:18 - 2020-09-24 14:18 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EFB.png
2020-05-29 20:25 - 2020-05-29 20:25 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EFC.png
2020-05-29 20:26 - 2020-05-29 20:26 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EFD.png
2020-06-02 14:16 - 2020-06-02 14:16 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EFE.png
2020-06-02 14:16 - 2020-06-02 14:16 - 000000000 _____ () C:\Users\User3\AppData\Local\75744EFF.png
2020-01-08 16:14 - 2020-11-16 13:33 - 000001456 _____ () C:\Users\User3\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-12-21 15:44 - 2020-12-21 15:44 - 000000561 _____ () C:\Users\User3\AppData\Local\bowsakkdestx.txt
2020-03-11 16:12 - 2020-03-11 16:12 - 000000000 _____ () C:\Users\User3\AppData\Local\F9CF6846.png
2020-03-11 16:07 - 2020-03-11 16:07 - 000000000 _____ () C:\Users\User3\AppData\Local\F9CF6867.png
2019-12-17 13:44 - 2019-12-17 13:44 - 000000410 _____ () C:\Users\User3\AppData\Local\oobelibMkey.log
2020-09-27 21:51 - 2020-09-28 09:25 - 000007603 _____ () C:\Users\User3\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya sabawarnali,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Let me see those logs in your reply, also let me know if there are any remaining issues or concerns..

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept