Task: {08655404-22B9-41B6-86D4-970511E09F7B} - System32\Tasks\{656C8601-3EA1-4436-8712-E6A52A2E5CDD} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.259&LastError=404
Task: {17AC67E4-293E-4C78-BAD6-CC608EA648DF} - System32\Tasks\{8D0937C8-0E1D-413A-A349-71146F4ED07C} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {24712E3A-6DD3-46F7-8614-A8F26CFBEE9B} - System32\Tasks\{E4604945-0C1D-4044-8048-72C82689A17A} => C:\Windows\system32\pcalua.exe -a C:\Users\Roger\AppData\Local\Temp\Temp1_spa-v1.0.0.1.zip\spa-v1.0.0.1.exe <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {41D7B4E7-84C5-4357-A95B-19AA94A23816} - System32\Tasks\{8780AC34-0804-4993-8E69-7AD28AAA6263} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.22.73.109.456/en/go/help.faq.installer?LastError=1618
Task: {466366D4-E832-48C8-A10A-7A0C3F53E18E} - System32\Tasks\{C95291DD-5623-4D68-8ABC-DA127FE40FF6} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVG\AVG10\avgmfapx.exe" -d C:\Windows\system32 -c /AppMode=DOWNLOADMANAGER /SummerUpdate /PackageType=Free /ProductType=Free
Task: {4E7D70B3-AAF7-4C4D-9962-CEEDA955CAA0} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe [2670944 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {82090DEC-2A5B-4196-ABC3-CB50678CB7C4} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {BCFA692A-3548-4F2C-8262-95AA24956894} - System32\Tasks\{18275A14-5BCE-45CE-AB72-69AFAE5EB945} => C:\Windows\system32\pcalua.exe -a H:\Setup.exe -d H:\
Task: {C3AA7C8C-4045-4D9D-B0ED-A7954CB763FD} - System32\Tasks\{86AC117D-F25A-4ADE-A95D-73AE2C88C14B} => C:\Windows\system32\pcalua.exe -a "I:\Program Files\Data Recovery Wizard\uninst.exe" -d "I:\Program Files\Data Recovery Wizard"
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D7163909-EE65-4E55-92C0-99D9F415783D} - \RealPlayer (32-bit)  -> No File <==== ATTENTION
Task: {EF82AFBE-C61C-4528-9973-749FD0E3BF36} - System32\Tasks\{621C6829-BD92-4EDF-A269-B203FFC1501F} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405662962&from=slbnew&uid=WDCXWD10EALS-00Z8A0_WD-WCATR084052140521&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405662962&from=slbnew&uid=WDCXWD10EALS-00Z8A0_WD-WCATR084052140521&q={searchTerms}
HKU\S-1-5-21-3345017777-2939274015-3433995129-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405662962&from=slbnew&uid=WDCXWD10EALS-00Z8A0_WD-WCATR084052140521&q={searchTerms}
HKU\S-1-5-21-3345017777-2939274015-3433995129-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405662962&from=slbnew&uid=WDCXWD10EALS-00Z8A0_WD-WCATR084052140521&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc. -> McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} -  No File
URLSearchHook: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} -  No File
SearchScopes: HKLM -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> DefaultScope {C0DD896C-FCCD-4C24-A298-BF5298D0A1ED} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v44-5__
SearchScopes: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> {C0DD896C-FCCD-4C24-A298-BF5298D0A1ED} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v44-5__
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~2\WONDER~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc. -> McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-18] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc. -> McAfee, Inc.)
oolbar: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> No Name - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} -  No File
Toolbar: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3345017777-2939274015-3433995129-1001 -> No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc. -> McAfee, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2012-06-21] (McAfee, Inc. -> McAfee, Inc.)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1405662962&from=slbnew&uid=WDCXWD10EALS-00Z8A0_WD-WCATR084052140521
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor [2012-11-14] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll [2012-06-21] (McAfee, Inc. -> McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [No File]
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1405662962&from=slbnew&uid=WDCXWD10EALS-00Z8A0_WD-WCATR084052140521","hxxp://www.google.com/"
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-11-13]
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx <not found>
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95232 2012-10-23] (McAfee, Inc. -> McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc. -> McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [5228896 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [38752 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
C:\Windows\system32\Tasks\RealPlayer (32-bit)
2020-09-03 15:52 - 2017-12-01 15:07 - 000003680 _____ C:\Windows\system32\Tasks\Java Platform SE Auto Updater
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [128]
AlternateDataStreams: C:\Users\Roger\Downloads\LastPassInstaller (1).exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Roger\Downloads\LastPassInstaller (2).exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Roger\Downloads\LastPassInstaller.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Roger\Downloads\spcsite.exe:SmartScreen [7]
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: facemoods => "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => I:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe => No File
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files\VMware\VMware Player\hqtray.exe"
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2010-10-04] (Acronis, Inc -> Acronis)
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
Task: {08655404-22B9-41B6-86D4-970511E09F7B} - System32\Tasks\{656C8601-3EA1-4436-8712-E6A52A2E5CDD} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.259&LastError=404
Task: {17AC67E4-293E-4C78-BAD6-CC608EA648DF} - System32\Tasks\{8D0937C8-0E1D-413A-A349-71146F4ED07C} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {41D7B4E7-84C5-4357-A95B-19AA94A23816} - System32\Tasks\{8780AC34-0804-4993-8E69-7AD28AAA6263} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.22.73.109.456/en/go/help.faq.installer?LastError=1618
Task: {628D1309-5D6D-4D72-BF99-94C68AA1B6AB} - System32\Tasks\{F67A763C-4647-406A-B1BD-3E92E71A0249} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {EF82AFBE-C61C-4528-9973-749FD0E3BF36} - System32\Tasks\{621C6829-BD92-4EDF-A269-B203FFC1501F} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies SA -> Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies SA -> Skype Technologies S.A.)
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
C:\Program Files\Skype
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-11-26] (Microsoft Corporation -> Microsoft Corp.)
MSCONFIG\startupreg: BingDesktop => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: