start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
EmptyTemp:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
Task: {01E6A3A7-4DBD-4B7F-8D72-F729B44733A1} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {28F279E8-85A6-4D64-BBF7-F6ECD5003500} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [5046272 2017-03-21] 
CHR HKLM\...\Chrome\Extension: [pganeibhckoanndahmnfggfoeofncnii]
CHR HKU\S-1-5-21-3447526945-765927111-4100914564-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3447526945-765927111-4100914564-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-3447526945-765927111-4100914564-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12212019222727479\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3447526945-765927111-4100914564-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12212019222727479\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-3447526945-765927111-4100914564-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12212019222728745\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3447526945-765927111-4100914564-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12212019222728745\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
CHR HKLM-x32\...\Chrome\Extension: [pganeibhckoanndahmnfggfoeofncnii]
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe 
2019-12-21 22:29 - 2019-08-02 18:58 - 000003808 _____ C:\WINDOWS\system32\Tasks\AutoKMS
cmd: ipconfig /flushdns
end::