in the last couple of days, all of sudden, the internet in particular has slowed immensely. Other programs do seem slower to load, but especially the internet. Here are the 4 reports/logs requested to get started. Thank you very much in advance. Carl
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/9/20
Scan Time: 6:00 PM
Log File: e674d404-4b8f-11ea-be49-f8bc129d5fc8.json
-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18952
License: Premium
-System Information-
OS: Windows 10 (Build 18362.628)
CPU: x64
File System: NTFS
User: CARLSHOMEOFFICE\Carl's Home office
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 380749
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 17 min, 22 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02
Ran by Carl's Home office (administrator) on CARLSHOMEOFFICE (Dell Inc. Inspiron 3847) (09-02-2020 18:39:53)
Running from C:\Users\Carl's Home office\Downloads
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Platform: Windows 10 Pro Version 1909 18363.628 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\90.4.307\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\90.4.307\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_comm_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_system_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_user_customer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] (Logitech Inc -> )
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-02-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [19456 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
HKLM-x32\...\Run: [Act.Outlook64.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook64.Service.exe [23552 2018-03-15] () [File not signed]
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272336 2019-09-24] (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
HKLM-x32\...\Run: [ISPA] => C:\Program Files (x86)\ACT\Act for Windows\Integration Services Patch for Act!\ISPA.exe [15635456 2019-07-26] () [File not signed]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc -> Logitech Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Edit] => C:\Users\Carl's Home office\AppData\Local\Box\Box Edit\Box Edit.exe [910064 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Local Com Server] => C:\Users\Carl's Home office\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Dashlane] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [AvastBrowserAutoLaunch_0F836ECA984C3E0526723B8BD7DBE0EE] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [DashlanePlugin] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Carl's Home office\AppData\Local\GoToAssist Remote Support Expert\1673\g2ax_start.exe [609552 2020-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [BingSvc] => C:\Users\Carl's Home office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-27] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2018-05-01]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {064BD36E-BCDB-46CD-ACF9-13A6B4A6C57B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0EC2A74E-A9E2-40DC-990F-481E83A98835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0EFB762A-61C0-4AE6-806A-940DF010D0F7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {138A0C39-D277-47CC-A5FB-ECF5C94AB734} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24607520 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1550FDAB-F4B5-4E6E-86A6-929D5698D551} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {21B031AC-73C2-4A6B-828C-10024D4BE34D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {247DD3AE-B575-4222-AD1D-B0B4BBAE390C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {2583E367-C78B-4D9A-BBF1-A2F017350E01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2BF6790F-A31C-43DB-94C3-A40E1FF7E6E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {31DB7E40-54D7-43F8-A4C8-8B2828F5544B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {32C710DC-C5BC-4C5C-AE71-19C8867B0FF8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {444CC600-F0AB-4F02-BE4E-527B5CD3051A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4BC186EE-55C8-4C74-A8FC-A96917252E86} - System32\Tasks\avastBCLRestartS-1-5-21-4082023381-4228950685-2120871074-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {4D302C6E-2812-4C0C-A846-F4965C8B87F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {510FFD6D-204A-4A85-8877-37714070C549} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {59C94174-5C50-4FE9-A998-2CFCBBD6F3ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {5B1879AE-663A-4BB2-9104-43CD85A0A0D9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1354064 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {6472313C-9FC0-45D2-AFDF-90E22D934F8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24607520 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {68DC5699-FC7A-4E44-BA7F-390A4DBC531E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115440 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7921314D-7FD8-4E2B-A199-3EE88335B540} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A7B229D-6FA5-4A98-9801-0E27A3A31B5D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {848C0DB1-86CD-4240-8B8C-9410839A52D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B01CE21-C809-4465-A50D-C369ECF9F245} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe)
Task: {8F620EFD-F444-453A-8358-E6C0A737094E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A250C4D-B820-4445-A5E8-ABF503CAA34F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9D2E43B8-9637-4137-99E6-C55E848C4EB8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1354064 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2A4646A-D0EE-4980-8B0E-9B144AC178FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A2FAAFBC-7C9C-406B-BFA2-C2D1893DF90E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe [1458232 2020-01-21] (Adobe Inc. -> Adobe)
Task: {A9E03B62-E970-4F1D-A15B-000FD7DB2C17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AAD6F6FE-4E5D-4195-8C41-5AA95FCBC88F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AB1096F7-945E-49D5-BA98-BDAE6E8B1300} - System32\Tasks\IMF Task (One-Time) => C:\Program Files (x86)\IObit\IObit Malware Fighter\XmasPromote.exe
Task: {B812C175-AAB6-4100-832D-5ED452FA2277} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B907722E-6A9F-45D2-9BDE-7DE92653CF84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {B97FB370-0C70-4077-8CEB-10A42E10190E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C1F1009B-03AC-4E18-8E8D-DF219F0BCCD7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {CA500CDC-1086-4F48-8BD1-774BAA72004C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4720FBC-E792-4675-BAF5-9DC4E5EA9717} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {D5F2C029-60BE-407F-8D52-F02134CD5A34} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DA46352F-7034-4156-A726-3C5673D8213D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115440 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE95F5BF-8D8F-478D-B438-A805BAC27FCB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {E0B63957-6254-4855-8E48-4E34770EF658} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E7CCA715-D05A-4DF5-AF8D-F470BA7047AD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {ECF6F153-1286-4811-9D8C-5822BDE46D42} - \WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000 -> No File <==== ATTENTION
Task: {EE0433B0-DE94-4616-8D15-308005AC7DFB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {F3B09E27-AEDD-445E-97B6-3ABE15657AE8} - \DonutQuotes -> No File <==== ATTENTION
Task: {F629BC6D-8B2F-4374-9CAB-4248B10F22CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC5E1860-C5BC-4FA6-B4DA-5A8F1087F3EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-4082023381-4228950685-2120871074-1000] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{024ac722-11a5-4173-b7b9-1f9217401d4b}: [DhcpNameServer] 192.168.1.7
Tcpip\..\Interfaces\{27bf6332-1abb-4236-8cf9-2d756c577b54}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5ef848db-49b9-4750-81a5-a11041a9972b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c82f08cb-58c3-4dc5-94cd-05a5f9a3acf7}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Program Files (x86)\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.DLL [2018-03-15] (Swiftpage ACT! LLC) [File not signed]
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Carl's Home office\Downloads
Edge Extension: (Dashlane - Password Manager) -> EdgeExtension_DashlaneDashlaneEdgeExtension_ks9qrcqmdm1bm => C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2004.1.0_neutral__ks9qrcqmdm1bm [2020-01-28]
FireFox:
========
FF DefaultProfile: r4sbxvoy.default-1581266188499
FF ProfilePath: C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499 [2020-02-09]
FF Homepage: Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499 -> hxxps://www.bing.com/?pc=U528
FF Extension: (Facebook Container) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\@contain-facebook.xpi [2020-02-09]
FF Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\ciscowebexstart1@cisco.com.xpi [2020-02-09]
FF Extension: (iCloud Bookmarks) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\firefoxdav@icloud.com.xpi [2020-02-09]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-02-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-09-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Carl's Home office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-19]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default [2020-02-09]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://my.yahoo.com/?mkg=015
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Docs) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-25]
CHR Extension: (Google Search) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-02-06]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-08]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-02-06]
CHR Extension: (Sheets) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Avast Online Security) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-18]
CHR Extension: (Disconnect) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2019-08-18]
CHR Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-08-18]
CHR Extension: (Skype) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Gmail) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-08]
CHR HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc. -> Box, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129712 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-02-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe [609552 2020-01-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 HHC7Service; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe [20248 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 HHC7ServiceMonitor; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe [19232 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SQLAgent$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-02-03] (Malwarebytes Corporation -> Malwarebytes)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-12] (SurfRight B.V. -> )
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-23] (Martin Malik - REALiX -> REALiX)
R3 LVPr2M64; C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-03] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [226448 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-03-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-04-07] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-02-09 18:39 - 2020-02-09 18:41 - 000048051 _____ C:\Users\Carl's Home office\Downloads\FRST.txt
2020-02-09 18:38 - 2020-02-09 18:40 - 000000000 ____D C:\FRST
2020-02-09 18:38 - 2020-02-09 18:38 - 002279424 _____ (Farbar) C:\Users\Carl's Home office\Downloads\FRST64.exe
2020-02-09 18:27 - 2020-02-09 18:29 - 000000000 ____D C:\Users\Carl's Home office\Desktop\malware
2020-02-09 18:08 - 2020-02-09 18:32 - 000000000 ____D C:\Users\Carl's Home office\AppData\LocalLow\IGDump
2020-02-09 17:59 - 2020-02-09 17:59 - 000000000 ___HD C:\OneDriveTemp
2020-02-09 17:55 - 2020-02-09 17:55 - 000226448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-02-09 07:55 - 2020-02-09 17:55 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-02-09 07:54 - 2020-02-09 07:54 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-02-08 17:12 - 2020-02-09 17:54 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-02-08 16:52 - 2020-02-08 16:53 - 008356016 _____ (Malwarebytes) C:\Users\Carl's Home office\Downloads\adwcleaner_8.0.2.exe
2020-02-08 08:43 - 2020-02-08 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-02-08 08:42 - 2020-02-08 08:42 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-02-08 08:39 - 2020-02-08 08:39 - 185267856 _____ (Sophos Limited) C:\Users\Carl's Home office\Downloads\Sophos Virus Removal Tool.exe
2020-02-07 07:25 - 2020-02-07 07:25 - 005551816 _____ (Microsoft Corporation) C:\Users\Carl's Home office\Downloads\Setup.Def.en-US_O365HomePremRetail_0633ece9-a1a1-4df4-a899-e3077e80d4d4_TX_PR_Platform_def_.exe
2020-02-07 07:12 - 2020-02-07 07:12 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-02-07 06:25 - 2020-02-07 06:25 - 000000520 _____ C:\Users\Carl's Home office\Desktop\Microsoft Support and Recovery Assistant.appref-ms
2020-02-07 06:25 - 2020-02-07 06:25 - 000000000 ____D C:\Users\Carl's Home office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2020-02-07 06:25 - 2020-02-07 06:25 - 000000000 ____D C:\Users\Carl's Home office\AppData\Local\SaRALogs
2020-02-07 06:23 - 2020-02-07 06:23 - 000202312 _____ (Microsoft Corporation) C:\Users\Carl's Home office\Downloads\SetupProd_OlkStart.exe
2020-02-06 19:53 - 2020-02-06 19:53 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-02-06 13:09 - 2020-02-06 13:09 - 000002763 _____ C:\Users\Carl's Home office\Desktop\Chrome Remote Desktop.lnk
2020-02-05 15:49 - 2020-02-05 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-02-03 21:28 - 2020-02-03 21:28 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-02-03 21:28 - 2020-02-03 21:28 - 000001818 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-02-03 21:28 - 2020-02-03 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-02-03 21:28 - 2020-02-03 21:28 - 000000000 ____D C:\Program Files\iPod
2020-02-03 21:26 - 2020-02-03 21:28 - 000000000 ____D C:\Program Files\iTunes
2020-02-03 21:23 - 2020-02-03 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2020-02-03 19:41 - 2020-02-03 19:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-02-03 18:11 - 2020-01-02 11:28 - 000948734 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200203-181103.backup
2020-02-03 17:05 - 2020-02-03 17:05 - 000008866 _____ C:\Users\Carl's Home office\OneDrive\Documents\cc_20200203_170501.reg
2020-01-31 16:27 - 2020-01-31 16:27 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 002493928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 002314952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001541632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-01-31 16:27 - 2020-01-31 16:27 - 001489064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001417760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001105776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000174392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000153912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000138040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2020-01-31 16:26 - 2020-01-31 16:27 - 000828216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 018026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 009926968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007600656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 004856832 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 004348616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003967888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 003819008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003550208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002988552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 002773776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002766088 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002260176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002225160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002084576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002032128 _____ C:\WINDOWS\system32\rdpnano.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001916744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001858560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001743672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001693184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001512320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001399304 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 001283592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001182232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001170960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001154448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001097216 _____ (Microsoft Corp