HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10076592 2021-01-06] (Support.com Inc -> SUPERAntiSpyware) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mysms.lnk [2019-12-22] ShortcutTarget: mysms.lnk -> (No File) Task: {006E622B-6E41-4398-8D4E-FB6B7F93B7BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-03] (Adobe Inc. -> Adobe) Task: {0F99FD47-2D75-4BB1-A3F4-C3207724203F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {223F6883-C780-495D-B9FF-51D91FAF956E} - \SidebarExecute -> No File <==== ATTENTION Task: {28384190-8375-4F91-AE91-CFEDEBAF6387} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {2CE46AF6-52D6-4865-800C-F1EBA1BA51D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {49735B1A-80CC-4353-8325-461135C141AC} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {549E1291-F375-4588-A43C-75FAF3831ECC} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {567898A3-E18B-4BA0-A82E-3DC699F351F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {661F045A-1B72-4EA0-B1D5-DC8C21046604} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {66721EE1-1FB2-4949-A560-39C2A12A0248} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-06-03] (Adobe Inc. -> Adobe) Task: {6792A8D5-540F-44C9-BBF1-14AA10131497} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {69402868-C889-4D08-AE0B-CECF4D6AFD3F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {80BA2A26-808F-4A36-99BF-6E00DF762174} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {8D1AB70C-325A-4323-97A3-E717D2E87FFC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {92DBC411-9B90-4298-9EFB-831154BE45E0} - System32\Tasks\{F5737DFE-F1CC-479D-8E20-6148EA378C88} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\Downloads\Utilities\Security\Zone Alarm\zaSuiteSetup_91_008_000_en.exe" -d "C:\Users\Joe\Downloads\Utilities\Security\Zone Alarm" Task: {94DD9B89-C8A6-4CFF-870B-1F5CBDB84971} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A77A79C8-76B2-4FE2-9D78-ADFF1885DEED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {BFB5A266-26A0-43EF-A87C-D1E321ECCEB1} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {C3CBC979-B3E1-478B-BAA1-EC871F99A0D0} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files\Spybot Anti-Beacon\SDAntiBeacon.exe [5584920 2015-10-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] Task: {CFC16982-A32D-4423-89AF-7921ED8D3E74} - \FreeDownloadManagerNetworkMonitor -> No File <==== ATTENTION Task: {D128094B-B79B-4F43-BEAA-AC5ECCE2DEF9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {D4C73E75-416B-421A-838D-3E8BA54D2C43} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION Task: {D5E9F6F6-1413-44E5-9AEA-F365EC9C04D9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {DCD08411-7FD4-4DF6-B2F8-61CEDEA01EE9} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {EAA584A5-9C1E-4646-BD93-296671026395} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {EE4DCCBB-07C0-46BC-98D8-1D8C3D9DBEAD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {F8B04807-6587-4A16-9D1F-BDB7CDC1FE63} - System32\Tasks\Avira_Security_Update => C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe Task: {FC25CF3C-3BF5-4FE5-9477-651B844DADD1} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {FE923EC4-094C-45A0-9265-B2AD53E38FFD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-03] (Adobe Inc. -> Adobe) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1205960 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files\Avira\Antivirus\ProtectedService.exe [537472 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [573960 2021-01-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [70056 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [19776 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176312 2020-11-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [200672 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [54440 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78808 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [43304 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [648552 2015-05-18] (McAfee, Inc. -> McAfee, Inc.) S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [91840 2015-05-18] (McAfee, Inc. -> McAfee, Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [18368 2019-08-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider) S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X] U3 idsvc; no ImagePath ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => -> No File ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers2_S-1-5-21-198903158-1304534811-4163729061-1000: [EmEditor] -> [CC]{DFA0CC7F-D36B-47D1-8EF5-415C1DA53F57} => -> No File BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO: No Name -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File Hosts: MSCONFIG\Services: !SASCORE => 2 HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run: => "Avira SystrayStartTrigger" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "Sidebar" HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\StartupApproved\Run: => "SUPERAntiSpyware" StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service File: C:\WINDOWS\SYSTEM32\msaud32_divx.acm ListPermissions: C:\WINDOWS\SYSTEM32\msaud32_divx.acm File: C:\Program Files\Garmin\Express\express.exe File: C:\Program Files\TeamViewer\TeamViewer.exe File: C:\Program Files\Nitro\Pro\13\npdf.dll CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: