HKU\S-1-5-21-2559438547-1515831249-1651957702-1003\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2559438547-1515831249-1651957702-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232020154747224\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2559438547-1515831249-1651957702-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232020154735201\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2559438547-1515831249-1651957702-1004\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2559438547-1515831249-1651957702-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232020154750197\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2559438547-1515831249-1651957702-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232020154742521\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun Startup: C:\Users\channeal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-04-15] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\nealfamily\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook) Startup: C:\Users\nealfamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-04-23] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\nealfamily\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook) AS: Avast Antivirus (Disabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12} Task: {07FB92C8-C029-46F4-83F1-E202763A7C8D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {13F404AB-6ECA-4121-B03F-6D88DF729B14} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {15FE1D0E-F11C-4C5F-9416-C7399A825601} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-04-22] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1670B880-6B34-4F5D-98A1-C3DF9171B915} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe Task: {1AB25964-04B4-442C-9FB0-668CD8EDBDAE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {1E8DBF27-0437-4E42-A908-B3ACF6BFBC98} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371} Task: {25E0911F-A461-43C7-BD7B-C41731EEB26A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {29FAEBDD-A356-49BF-A0E2-B07E168BB247} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2DC3C86C-1FD2-44F9-A883-F5E41E5A963A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {32C76626-CE06-4CC6-A2D5-1F22EA85CE04} - System32\Tasks\Opera scheduled assistant Autoupdate 1585738425 => C:\Program Files\Opera\launcher.exe [1355800 2020-04-08] (Opera Software AS -> Opera Software) Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}Task: {73C26D1C-6344-49F8-AFC4-0BA189BE6BFB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7A07FB38-C8B4-49FC-A099-2EC2D4985E31} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe Task: {7B089A6E-43C2-4330-8743-24DDC2AC1E6A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7C5CB001-9EA9-4E32-90FB-F18B7B358D70} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {856D7388-8F2D-48E2-BE01-048A0CB6BB5F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8C88D421-4DB4-4F15-9C47-02DB3183B8F9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {8E2DEEBE-61A7-4A7F-B5B5-8D682209B795} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {92BBDF7C-1F95-4E85-9209-0EA718CF61BA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {962F88AE-2FEE-43E0-942F-EEEBC6B2F955} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9BEF3CEA-6DBE-4836-8FAB-CE3C71F22ABF} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION Task: {A4BAD1A7-F548-4F1D-AC5A-F10B55E7E8D3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {ADF8761B-C252-478B-BE25-2457B8A72B53} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} Task: {B1199A96-4856-4AC9-A7AF-DA152270661E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} Task: {B3246BA0-F186-488B-A0B5-31E6649D46CE} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {B77817B6-A56D-44AB-A11E-EC9138EC312D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B94E517E-C5D8-4671-AF36-BF89AC22D802} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BB115BE9-3DFC-4331-A3AF-302A4A4A6CAF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BDECDE5F-A2AF-4546-B3F5-CCB6158FC8EF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {C1A31276-434C-4D2B-9C70-71EDB20FE37E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D90C835E-CF88-4700-90AE-6A716745EE87} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {D9400BD3-E491-4BE1-8F57-8BEDD08FC525} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB} Task: {E804D353-F0BE-41F6-8078-4179F42F6118} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION Task: {EE570C71-C27F-4524-87BB-59F0D81A197A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd) Task: {F01AB67C-B66E-466D-A07B-8ADD70A06BF6} - System32\Tasks\{A2F08BBD-394A-4449-B8A8-3C0580409A9F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Maxthon5\Bin\Mx3Uninstall.exe" Task: {F28A662B-7453-492E-8D86-ED13D035457D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {F704CBE9-43EB-41E8-ADBB-C3DB63DBA9A6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {FFA0E9ED-DD76-424B-A1C7-AAB0F6594FF1} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File Unlock: C:\Users\channeal\Documents\*.* Move: C:\Users\channeal\Documents\*.* C:\Users\nealfamily\Documents\*.* CMD: dir C:\Users\nealfamily\Documents\ CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: