Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet is suddenly incredibly slow

Started by Carlgrus , Feb 09 2020 06:10 PM

Please log in to reply

4 replies to this topic

#1 Carlgrus

Advanced Member

Full Member
130 posts

Posted 09 February 2020 - 06:10 PM

in the last couple of days, all of sudden, the internet in particular has slowed immensely. Other programs do seem slower to load, but especially the internet. Here are the 4 reports/logs requested to get started. Thank you very much in advance. Carl

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 2/9/20

Scan Time: 6:00 PM

Log File: e674d404-4b8f-11ea-be49-f8bc129d5fc8.json

-Software Information-

Version: 4.0.4.49

Components Version: 1.0.810

Update Package Version: 1.0.18952

License: Premium

-System Information-

OS: Windows 10 (Build 18362.628)

CPU: x64

File System: NTFS

User: CARLSHOMEOFFICE\Carl's Home office

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 380749

Threats Detected: 0

Threats Quarantined: 0

Time Elapsed: 17 min, 22 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02
Ran by Carl's Home office (administrator) on CARLSHOMEOFFICE (Dell Inc. Inspiron 3847) (09-02-2020 18:39:53)
Running from C:\Users\Carl's Home office\Downloads
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Platform: Windows 10 Pro Version 1909 18363.628 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\90.4.307\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\90.4.307\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_comm_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_system_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_user_customer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] (Logitech Inc -> )
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-02-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [19456 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
HKLM-x32\...\Run: [Act.Outlook64.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook64.Service.exe [23552 2018-03-15] () [File not signed]
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272336 2019-09-24] (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
HKLM-x32\...\Run: [ISPA] => C:\Program Files (x86)\ACT\Act for Windows\Integration Services Patch for Act!\ISPA.exe [15635456 2019-07-26] () [File not signed]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc -> Logitech Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Edit] => C:\Users\Carl's Home office\AppData\Local\Box\Box Edit\Box Edit.exe [910064 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Local Com Server] => C:\Users\Carl's Home office\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Dashlane] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [AvastBrowserAutoLaunch_0F836ECA984C3E0526723B8BD7DBE0EE] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [DashlanePlugin] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Carl's Home office\AppData\Local\GoToAssist Remote Support Expert\1673\g2ax_start.exe [609552 2020-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [BingSvc] => C:\Users\Carl's Home office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-27] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2018-05-01]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064BD36E-BCDB-46CD-ACF9-13A6B4A6C57B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0EC2A74E-A9E2-40DC-990F-481E83A98835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0EFB762A-61C0-4AE6-806A-940DF010D0F7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {138A0C39-D277-47CC-A5FB-ECF5C94AB734} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24607520 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1550FDAB-F4B5-4E6E-86A6-929D5698D551} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {21B031AC-73C2-4A6B-828C-10024D4BE34D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {247DD3AE-B575-4222-AD1D-B0B4BBAE390C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {2583E367-C78B-4D9A-BBF1-A2F017350E01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2BF6790F-A31C-43DB-94C3-A40E1FF7E6E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {31DB7E40-54D7-43F8-A4C8-8B2828F5544B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {32C710DC-C5BC-4C5C-AE71-19C8867B0FF8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {444CC600-F0AB-4F02-BE4E-527B5CD3051A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4BC186EE-55C8-4C74-A8FC-A96917252E86} - System32\Tasks\avastBCLRestartS-1-5-21-4082023381-4228950685-2120871074-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {4D302C6E-2812-4C0C-A846-F4965C8B87F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {510FFD6D-204A-4A85-8877-37714070C549} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {59C94174-5C50-4FE9-A998-2CFCBBD6F3ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {5B1879AE-663A-4BB2-9104-43CD85A0A0D9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1354064 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {6472313C-9FC0-45D2-AFDF-90E22D934F8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24607520 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {68DC5699-FC7A-4E44-BA7F-390A4DBC531E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115440 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7921314D-7FD8-4E2B-A199-3EE88335B540} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A7B229D-6FA5-4A98-9801-0E27A3A31B5D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {848C0DB1-86CD-4240-8B8C-9410839A52D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B01CE21-C809-4465-A50D-C369ECF9F245} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe)
Task: {8F620EFD-F444-453A-8358-E6C0A737094E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A250C4D-B820-4445-A5E8-ABF503CAA34F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9D2E43B8-9637-4137-99E6-C55E848C4EB8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1354064 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2A4646A-D0EE-4980-8B0E-9B144AC178FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A2FAAFBC-7C9C-406B-BFA2-C2D1893DF90E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe [1458232 2020-01-21] (Adobe Inc. -> Adobe)
Task: {A9E03B62-E970-4F1D-A15B-000FD7DB2C17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AAD6F6FE-4E5D-4195-8C41-5AA95FCBC88F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AB1096F7-945E-49D5-BA98-BDAE6E8B1300} - System32\Tasks\IMF Task (One-Time) => C:\Program Files (x86)\IObit\IObit Malware Fighter\XmasPromote.exe
Task: {B812C175-AAB6-4100-832D-5ED452FA2277} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B907722E-6A9F-45D2-9BDE-7DE92653CF84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {B97FB370-0C70-4077-8CEB-10A42E10190E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C1F1009B-03AC-4E18-8E8D-DF219F0BCCD7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {CA500CDC-1086-4F48-8BD1-774BAA72004C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4720FBC-E792-4675-BAF5-9DC4E5EA9717} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {D5F2C029-60BE-407F-8D52-F02134CD5A34} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DA46352F-7034-4156-A726-3C5673D8213D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115440 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE95F5BF-8D8F-478D-B438-A805BAC27FCB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {E0B63957-6254-4855-8E48-4E34770EF658} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E7CCA715-D05A-4DF5-AF8D-F470BA7047AD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {ECF6F153-1286-4811-9D8C-5822BDE46D42} - \WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000 -> No File <==== ATTENTION
Task: {EE0433B0-DE94-4616-8D15-308005AC7DFB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {F3B09E27-AEDD-445E-97B6-3ABE15657AE8} - \DonutQuotes -> No File <==== ATTENTION
Task: {F629BC6D-8B2F-4374-9CAB-4248B10F22CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC5E1860-C5BC-4FA6-B4DA-5A8F1087F3EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-4082023381-4228950685-2120871074-1000] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{024ac722-11a5-4173-b7b9-1f9217401d4b}: [DhcpNameServer] 192.168.1.7
Tcpip\..\Interfaces\{27bf6332-1abb-4236-8cf9-2d756c577b54}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5ef848db-49b9-4750-81a5-a11041a9972b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c82f08cb-58c3-4dc5-94cd-05a5f9a3acf7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Program Files (x86)\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.DLL [2018-03-15] (Swiftpage ACT! LLC) [File not signed]
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Carl's Home office\Downloads
Edge Extension: (Dashlane - Password Manager) -> EdgeExtension_DashlaneDashlaneEdgeExtension_ks9qrcqmdm1bm => C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2004.1.0_neutral__ks9qrcqmdm1bm [2020-01-28]

FireFox:
========
FF DefaultProfile: r4sbxvoy.default-1581266188499
FF ProfilePath: C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499 [2020-02-09]
FF Homepage: Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499 -> hxxps://www.bing.com/?pc=U528
FF Extension: (Facebook Container) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\@contain-facebook.xpi [2020-02-09]
FF Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\ciscowebexstart1@cisco.com.xpi [2020-02-09]
FF Extension: (iCloud Bookmarks) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\firefoxdav@icloud.com.xpi [2020-02-09]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-02-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-09-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Carl's Home office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default [2020-02-09]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://my.yahoo.com/?mkg=015
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Docs) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-25]
CHR Extension: (Google Search) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-02-06]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-08]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-02-06]
CHR Extension: (Sheets) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Avast Online Security) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-18]
CHR Extension: (Disconnect) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2019-08-18]
CHR Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-08-18]
CHR Extension: (Skype) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Gmail) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-08]
CHR HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc. -> Box, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129712 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-02-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe [609552 2020-01-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 HHC7Service; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe [20248 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 HHC7ServiceMonitor; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe [19232 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SQLAgent$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-02-03] (Malwarebytes Corporation -> Malwarebytes)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-12] (SurfRight B.V. -> )
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-23] (Martin Malik - REALiX -> REALiX™)
R3 LVPr2M64; C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-03] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [226448 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-03-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-04-07] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-09 18:39 - 2020-02-09 18:41 - 000048051 _____ C:\Users\Carl's Home office\Downloads\FRST.txt
2020-02-09 18:38 - 2020-02-09 18:40 - 000000000 ____D C:\FRST
2020-02-09 18:38 - 2020-02-09 18:38 - 002279424 _____ (Farbar) C:\Users\Carl's Home office\Downloads\FRST64.exe
2020-02-09 18:27 - 2020-02-09 18:29 - 000000000 ____D C:\Users\Carl's Home office\Desktop\malware
2020-02-09 18:08 - 2020-02-09 18:32 - 000000000 ____D C:\Users\Carl's Home office\AppData\LocalLow\IGDump
2020-02-09 17:59 - 2020-02-09 17:59 - 000000000 ___HD C:\OneDriveTemp
2020-02-09 17:55 - 2020-02-09 17:55 - 000226448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-02-09 07:55 - 2020-02-09 17:55 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-02-09 07:54 - 2020-02-09 07:54 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-02-08 17:12 - 2020-02-09 17:54 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-02-08 16:52 - 2020-02-08 16:53 - 008356016 _____ (Malwarebytes) C:\Users\Carl's Home office\Downloads\adwcleaner_8.0.2.exe
2020-02-08 08:43 - 2020-02-08 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-02-08 08:42 - 2020-02-08 08:42 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-02-08 08:39 - 2020-02-08 08:39 - 185267856 _____ (Sophos Limited) C:\Users\Carl's Home office\Downloads\Sophos Virus Removal Tool.exe
2020-02-07 07:25 - 2020-02-07 07:25 - 005551816 _____ (Microsoft Corporation) C:\Users\Carl's Home office\Downloads\Setup.Def.en-US_O365HomePremRetail_0633ece9-a1a1-4df4-a899-e3077e80d4d4_TX_PR_Platform_def_.exe
2020-02-07 07:12 - 2020-02-07 07:12 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-02-07 06:25 - 2020-02-07 06:25 - 000000520 _____ C:\Users\Carl's Home office\Desktop\Microsoft Support and Recovery Assistant.appref-ms
2020-02-07 06:25 - 2020-02-07 06:25 - 000000000 ____D C:\Users\Carl's Home office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2020-02-07 06:25 - 2020-02-07 06:25 - 000000000 ____D C:\Users\Carl's Home office\AppData\Local\SaRALogs
2020-02-07 06:23 - 2020-02-07 06:23 - 000202312 _____ (Microsoft Corporation) C:\Users\Carl's Home office\Downloads\SetupProd_OlkStart.exe
2020-02-06 19:53 - 2020-02-06 19:53 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-02-06 13:09 - 2020-02-06 13:09 - 000002763 _____ C:\Users\Carl's Home office\Desktop\Chrome Remote Desktop.lnk
2020-02-05 15:49 - 2020-02-05 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-02-03 21:28 - 2020-02-03 21:28 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-02-03 21:28 - 2020-02-03 21:28 - 000001818 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-02-03 21:28 - 2020-02-03 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-02-03 21:28 - 2020-02-03 21:28 - 000000000 ____D C:\Program Files\iPod
2020-02-03 21:26 - 2020-02-03 21:28 - 000000000 ____D C:\Program Files\iTunes
2020-02-03 21:23 - 2020-02-03 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2020-02-03 19:41 - 2020-02-03 19:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-02-03 18:11 - 2020-01-02 11:28 - 000948734 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200203-181103.backup
2020-02-03 17:05 - 2020-02-03 17:05 - 000008866 _____ C:\Users\Carl's Home office\OneDrive\Documents\cc_20200203_170501.reg
2020-01-31 16:27 - 2020-01-31 16:27 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 002493928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 002314952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001541632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-01-31 16:27 - 2020-01-31 16:27 - 001489064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001417760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001105776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000174392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000153912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000138040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2020-01-31 16:26 - 2020-01-31 16:27 - 000828216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 018026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 009926968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007600656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 004856832 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 004348616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003967888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 003819008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003550208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002988552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 002773776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002766088 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002260176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002225160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002084576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002032128 _____ C:\WINDOWS\system32\rdpnano.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001916744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001858560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001743672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001693184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001512320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001399304 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 001283592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001182232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001170960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001154448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001097216 _____ (Microsoft Corp

#2 nasdaq

Forum Deity

Global Moderator
49,293 posts

Posted 10 February 2020 - 07:22 AM

Hello, Welcome to SpywareInfoForum.

I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

===

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

start::
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
]HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [BingSvc] => C:\Users\Carl's Home office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0EC2A74E-A9E2-40DC-990F-481E83A98835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1550FDAB-F4B5-4E6E-86A6-929D5698D551} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2583E367-C78B-4D9A-BBF1-A2F017350E01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {444CC600-F0AB-4F02-BE4E-527B5CD3051A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9A250C4D-B820-4445-A5E8-ABF503CAA34F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A9E03B62-E970-4F1D-A15B-000FD7DB2C17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B812C175-AAB6-4100-832D-5ED452FA2277} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B97FB370-0C70-4077-8CEB-10A42E10190E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CA500CDC-1086-4F48-8BD1-774BAA72004C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D5F2C029-60BE-407F-8D52-F02134CD5A34} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ECF6F153-1286-4811-9D8C-5822BDE46D42} - \WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000 -> No File <==== ATTENTION
Task: {F3B09E27-AEDD-445E-97B6-3ABE15657AE8} - \DonutQuotes -> No File <==== ATTENTION
Task: {F629BC6D-8B2F-4374-9CAB-4248B10F22CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-4082023381-4228950685-2120871074-1000] => Proxy is enabled.
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
ContextMenuHandlers1: [iFunVideoConverter] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
 
RemoveProxy:
Reboot:
 
End::

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

How is the computer running now?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 Carlgrus

Advanced Member

Full Member
130 posts

Posted 10 February 2020 - 09:02 AM

And here is the ESET file that I just ran for an additional utility for you.

2/10/2020 9:57:20 AM
Files scanned: 517880
Detected files: 37
Cleaned files: 35
Total scan time 02:33:51
Scan status: Finished
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\88362c13-d20a-4a79-8610-64399a1d5730.dll.vir   a variant of Win64/Toolbar.Crossrider.Q potentially unwanted application   cleaned by deleting

C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\netfilter64.sys.vir   Win64/Riskware.NetFilter.G application   cleaned by deleting

C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   error while deleting (Access denied)

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-959.vpx   Win32/Bundled.Toolbar.Google.D potentially unsafe application   error while deleting (Access denied)

C:\Users\Carl's Home office\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Sports\Races\New York Triathlon Club Homepage.url   LNK/Agent.CH trojan   cleaned by deleting

C:\Users\Carl's Home office\AppData\Roaming\uTorrent\updates\3.4.5_41073.exe   a variant of Win32/uTorrent.C potentially unwanted application   cleaned by deleting

C:\Users\Carl's Home office\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe   a variant of Win32/uTorrent.C potentially unwanted application   cleaned by deleting

C:\Users\Carl's Home office\AppData\Roaming\uTorrent\updates\3.4.9_42606.exe   a variant of Win32/uTorrent.C potentially unwanted application   cleaned by deleting

C:\Users\Carl's Home office\AppData\Roaming\uTorrent\updates\3.4.9_42973.exe   a variant of Win32/uTorrent.C potentially unwanted application   cleaned by deleting

C:\Users\Carl's Home office\Documents\Favorites\Sports\Races\New York Triathlon Club Homepage.url   LNK/Agent.CH trojan   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup550.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup551.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup552.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup555.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup556.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup557.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Favorites\Sports\Races\New York Triathlon Club Homepage.url   LNK/Agent.CH trojan   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup403.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup404.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup405.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup406.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup407.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup408.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup409.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup410.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup411.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup412.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup413.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup414.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup415.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup416.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup417.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup418 (1).exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup418.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup419.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup500.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll   a variant of MSIL/Toolbar.Linkury.BJ potentially unwanted application   cleaned by deleting

#4 Carlgrus

Advanced Member

Full Member
130 posts

Posted 10 February 2020 - 09:52 AM

Wow! Computer seems to be back to normal, thank you so much! Here is the fixlog.txt that you requested. Please let me know if I should be doing anything else. Thank you again. Carl

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
Ran by Carl's Home office (10-02-2020 10:29:05) Run:1
Running from C:\Users\Carl's Home office\Desktop\Spyware Utilities
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

]HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [BingSvc] => C:\Users\Carl's Home office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0EC2A74E-A9E2-40DC-990F-481E83A98835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1550FDAB-F4B5-4E6E-86A6-929D5698D551} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2583E367-C78B-4D9A-BBF1-A2F017350E01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {444CC600-F0AB-4F02-BE4E-527B5CD3051A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9A250C4D-B820-4445-A5E8-ABF503CAA34F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A9E03B62-E970-4F1D-A15B-000FD7DB2C17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B812C175-AAB6-4100-832D-5ED452FA2277} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B97FB370-0C70-4077-8CEB-10A42E10190E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CA500CDC-1086-4F48-8BD1-774BAA72004C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D5F2C029-60BE-407F-8D52-F02134CD5A34} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ECF6F153-1286-4811-9D8C-5822BDE46D42} - \WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000 -> No File <==== ATTENTION
Task: {F3B09E27-AEDD-445E-97B6-3ABE15657AE8} - \DonutQuotes -> No File <==== ATTENTION
Task: {F629BC6D-8B2F-4374-9CAB-4248B10F22CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-4082023381-4228950685-2120871074-1000] => Proxy is enabled.
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

ContextMenuHandlers1: [iFunVideoConverter] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

RemoveProxy:
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
]HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EC2A74E-A9E2-40DC-990F-481E83A98835}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EC2A74E-A9E2-40DC-990F-481E83A98835}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1550FDAB-F4B5-4E6E-86A6-929D5698D551}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1550FDAB-F4B5-4E6E-86A6-929D5698D551}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2583E367-C78B-4D9A-BBF1-A2F017350E01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2583E367-C78B-4D9A-BBF1-A2F017350E01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{444CC600-F0AB-4F02-BE4E-527B5CD3051A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{444CC600-F0AB-4F02-BE4E-527B5CD3051A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A250C4D-B820-4445-A5E8-ABF503CAA34F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A250C4D-B820-4445-A5E8-ABF503CAA34F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9E03B62-E970-4F1D-A15B-000FD7DB2C17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9E03B62-E970-4F1D-A15B-000FD7DB2C17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B812C175-AAB6-4100-832D-5ED452FA2277}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B812C175-AAB6-4100-832D-5ED452FA2277}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B97FB370-0C70-4077-8CEB-10A42E10190E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B97FB370-0C70-4077-8CEB-10A42E10190E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA500CDC-1086-4F48-8BD1-774BAA72004C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA500CDC-1086-4F48-8BD1-774BAA72004C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5F2C029-60BE-407F-8D52-F02134CD5A34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5F2C029-60BE-407F-8D52-F02134CD5A34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECF6F153-1286-4811-9D8C-5822BDE46D42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECF6F153-1286-4811-9D8C-5822BDE46D42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3B09E27-AEDD-445E-97B6-3ABE15657AE8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3B09E27-AEDD-445E-97B6-3ABE15657AE8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F629BC6D-8B2F-4374-9CAB-4248B10F22CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F629BC6D-8B2F-4374-9CAB-4248B10F22CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306} => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\iFunVideoConverter => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62299081 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 542502267 B
Edge => 72395 B
Chrome => 12311237 B
Firefox => 166168400 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 33984 B
NetworkService => 33984 B
Carl's Home office => 225880220 B

RecycleBin => 0 B
EmptyTemp: => 973.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 10:31:40 ====

#5 nasdaq

Forum Deity

Global Moderator
49,293 posts

Posted 11 February 2020 - 07:02 AM

You are looking good. Stay safe.

Back to Malware Removal

Internet is suddenly incredibly slow

#1 Carlgrus

#2 nasdaq

#3 Carlgrus

#4 Carlgrus

#5 nasdaq

Sign In