Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet is suddenly incredibly slow

Started by Carlgrus , Feb 09 2020 06:10 PM

Please log in to reply

25 replies to this topic

#1 Carlgrus

Advanced Member

Full Member
141 posts

Posted 09 February 2020 - 06:10 PM

in the last couple of days, all of sudden, the internet in particular has slowed immensely. Other programs do seem slower to load, but especially the internet. Here are the 4 reports/logs requested to get started. Thank you very much in advance. Carl

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 2/9/20

Scan Time: 6:00 PM

Log File: e674d404-4b8f-11ea-be49-f8bc129d5fc8.json

-Software Information-

Version: 4.0.4.49

Components Version: 1.0.810

Update Package Version: 1.0.18952

License: Premium

-System Information-

OS: Windows 10 (Build 18362.628)

CPU: x64

File System: NTFS

User: CARLSHOMEOFFICE\Carl's Home office

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 380749

Threats Detected: 0

Threats Quarantined: 0

Time Elapsed: 17 min, 22 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02
Ran by Carl's Home office (administrator) on CARLSHOMEOFFICE (Dell Inc. Inspiron 3847) (09-02-2020 18:39:53)
Running from C:\Users\Carl's Home office\Downloads
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Platform: Windows 10 Pro Version 1909 18363.628 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\90.4.307\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\90.4.307\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_comm_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_system_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_user_customer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] (Logitech Inc -> )
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-02-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [19456 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
HKLM-x32\...\Run: [Act.Outlook64.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook64.Service.exe [23552 2018-03-15] () [File not signed]
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272336 2019-09-24] (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
HKLM-x32\...\Run: [ISPA] => C:\Program Files (x86)\ACT\Act for Windows\Integration Services Patch for Act!\ISPA.exe [15635456 2019-07-26] () [File not signed]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc -> Logitech Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Edit] => C:\Users\Carl's Home office\AppData\Local\Box\Box Edit\Box Edit.exe [910064 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Local Com Server] => C:\Users\Carl's Home office\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Dashlane] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [AvastBrowserAutoLaunch_0F836ECA984C3E0526723B8BD7DBE0EE] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [DashlanePlugin] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Carl's Home office\AppData\Local\GoToAssist Remote Support Expert\1673\g2ax_start.exe [609552 2020-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [BingSvc] => C:\Users\Carl's Home office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-27] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2018-05-01]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064BD36E-BCDB-46CD-ACF9-13A6B4A6C57B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0EC2A74E-A9E2-40DC-990F-481E83A98835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0EFB762A-61C0-4AE6-806A-940DF010D0F7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {138A0C39-D277-47CC-A5FB-ECF5C94AB734} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24607520 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1550FDAB-F4B5-4E6E-86A6-929D5698D551} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {21B031AC-73C2-4A6B-828C-10024D4BE34D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {247DD3AE-B575-4222-AD1D-B0B4BBAE390C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {2583E367-C78B-4D9A-BBF1-A2F017350E01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2BF6790F-A31C-43DB-94C3-A40E1FF7E6E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {31DB7E40-54D7-43F8-A4C8-8B2828F5544B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {32C710DC-C5BC-4C5C-AE71-19C8867B0FF8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {444CC600-F0AB-4F02-BE4E-527B5CD3051A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4BC186EE-55C8-4C74-A8FC-A96917252E86} - System32\Tasks\avastBCLRestartS-1-5-21-4082023381-4228950685-2120871074-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {4D302C6E-2812-4C0C-A846-F4965C8B87F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {510FFD6D-204A-4A85-8877-37714070C549} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {59C94174-5C50-4FE9-A998-2CFCBBD6F3ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {5B1879AE-663A-4BB2-9104-43CD85A0A0D9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1354064 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {6472313C-9FC0-45D2-AFDF-90E22D934F8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24607520 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {68DC5699-FC7A-4E44-BA7F-390A4DBC531E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115440 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7921314D-7FD8-4E2B-A199-3EE88335B540} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A7B229D-6FA5-4A98-9801-0E27A3A31B5D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {848C0DB1-86CD-4240-8B8C-9410839A52D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B01CE21-C809-4465-A50D-C369ECF9F245} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe)
Task: {8F620EFD-F444-453A-8358-E6C0A737094E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A250C4D-B820-4445-A5E8-ABF503CAA34F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9D2E43B8-9637-4137-99E6-C55E848C4EB8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1354064 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2A4646A-D0EE-4980-8B0E-9B144AC178FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A2FAAFBC-7C9C-406B-BFA2-C2D1893DF90E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe [1458232 2020-01-21] (Adobe Inc. -> Adobe)
Task: {A9E03B62-E970-4F1D-A15B-000FD7DB2C17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AAD6F6FE-4E5D-4195-8C41-5AA95FCBC88F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AB1096F7-945E-49D5-BA98-BDAE6E8B1300} - System32\Tasks\IMF Task (One-Time) => C:\Program Files (x86)\IObit\IObit Malware Fighter\XmasPromote.exe
Task: {B812C175-AAB6-4100-832D-5ED452FA2277} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B907722E-6A9F-45D2-9BDE-7DE92653CF84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {B97FB370-0C70-4077-8CEB-10A42E10190E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C1F1009B-03AC-4E18-8E8D-DF219F0BCCD7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {CA500CDC-1086-4F48-8BD1-774BAA72004C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4720FBC-E792-4675-BAF5-9DC4E5EA9717} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {D5F2C029-60BE-407F-8D52-F02134CD5A34} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DA46352F-7034-4156-A726-3C5673D8213D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115440 2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE95F5BF-8D8F-478D-B438-A805BAC27FCB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {E0B63957-6254-4855-8E48-4E34770EF658} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E7CCA715-D05A-4DF5-AF8D-F470BA7047AD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {ECF6F153-1286-4811-9D8C-5822BDE46D42} - \WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000 -> No File <==== ATTENTION
Task: {EE0433B0-DE94-4616-8D15-308005AC7DFB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {F3B09E27-AEDD-445E-97B6-3ABE15657AE8} - \DonutQuotes -> No File <==== ATTENTION
Task: {F629BC6D-8B2F-4374-9CAB-4248B10F22CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC5E1860-C5BC-4FA6-B4DA-5A8F1087F3EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-4082023381-4228950685-2120871074-1000] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{024ac722-11a5-4173-b7b9-1f9217401d4b}: [DhcpNameServer] 192.168.1.7
Tcpip\..\Interfaces\{27bf6332-1abb-4236-8cf9-2d756c577b54}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5ef848db-49b9-4750-81a5-a11041a9972b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c82f08cb-58c3-4dc5-94cd-05a5f9a3acf7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Program Files (x86)\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.DLL [2018-03-15] (Swiftpage ACT! LLC) [File not signed]
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2020-01-21] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Carl's Home office\Downloads
Edge Extension: (Dashlane - Password Manager) -> EdgeExtension_DashlaneDashlaneEdgeExtension_ks9qrcqmdm1bm => C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2004.1.0_neutral__ks9qrcqmdm1bm [2020-01-28]

FireFox:
========
FF DefaultProfile: r4sbxvoy.default-1581266188499
FF ProfilePath: C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499 [2020-02-09]
FF Homepage: Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499 -> hxxps://www.bing.com/?pc=U528
FF Extension: (Facebook Container) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\@contain-facebook.xpi [2020-02-09]
FF Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\ciscowebexstart1@cisco.com.xpi [2020-02-09]
FF Extension: (iCloud Bookmarks) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\firefoxdav@icloud.com.xpi [2020-02-09]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-02-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_321.dll [2020-01-21] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-09-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Carl's Home office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default [2020-02-09]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://my.yahoo.com/?mkg=015
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Docs) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-25]
CHR Extension: (Google Search) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-02-06]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-08]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-02-06]
CHR Extension: (Sheets) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Avast Online Security) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-18]
CHR Extension: (Disconnect) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2019-08-18]
CHR Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-08-18]
CHR Extension: (Skype) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Gmail) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-08]
CHR HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc. -> Box, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129712 2020-01-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-02-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe [609552 2020-01-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 HHC7Service; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe [20248 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 HHC7ServiceMonitor; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe [19232 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SQLAgent$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-02-03] (Malwarebytes Corporation -> Malwarebytes)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-12] (SurfRight B.V. -> )
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-23] (Martin Malik - REALiX -> REALiX™)
R3 LVPr2M64; C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-03] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [226448 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-02-09] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-03-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-04-07] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-09 18:39 - 2020-02-09 18:41 - 000048051 _____ C:\Users\Carl's Home office\Downloads\FRST.txt
2020-02-09 18:38 - 2020-02-09 18:40 - 000000000 ____D C:\FRST
2020-02-09 18:38 - 2020-02-09 18:38 - 002279424 _____ (Farbar) C:\Users\Carl's Home office\Downloads\FRST64.exe
2020-02-09 18:27 - 2020-02-09 18:29 - 000000000 ____D C:\Users\Carl's Home office\Desktop\malware
2020-02-09 18:08 - 2020-02-09 18:32 - 000000000 ____D C:\Users\Carl's Home office\AppData\LocalLow\IGDump
2020-02-09 17:59 - 2020-02-09 17:59 - 000000000 ___HD C:\OneDriveTemp
2020-02-09 17:55 - 2020-02-09 17:55 - 000226448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-02-09 07:55 - 2020-02-09 17:55 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-02-09 07:54 - 2020-02-09 07:54 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-02-08 17:12 - 2020-02-09 17:54 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-02-08 16:52 - 2020-02-08 16:53 - 008356016 _____ (Malwarebytes) C:\Users\Carl's Home office\Downloads\adwcleaner_8.0.2.exe
2020-02-08 08:43 - 2020-02-08 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-02-08 08:42 - 2020-02-08 08:42 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-02-08 08:39 - 2020-02-08 08:39 - 185267856 _____ (Sophos Limited) C:\Users\Carl's Home office\Downloads\Sophos Virus Removal Tool.exe
2020-02-07 07:25 - 2020-02-07 07:25 - 005551816 _____ (Microsoft Corporation) C:\Users\Carl's Home office\Downloads\Setup.Def.en-US_O365HomePremRetail_0633ece9-a1a1-4df4-a899-e3077e80d4d4_TX_PR_Platform_def_.exe
2020-02-07 07:12 - 2020-02-07 07:12 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-02-07 07:12 - 2020-02-07 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-02-07 06:25 - 2020-02-07 06:25 - 000000520 _____ C:\Users\Carl's Home office\Desktop\Microsoft Support and Recovery Assistant.appref-ms
2020-02-07 06:25 - 2020-02-07 06:25 - 000000000 ____D C:\Users\Carl's Home office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2020-02-07 06:25 - 2020-02-07 06:25 - 000000000 ____D C:\Users\Carl's Home office\AppData\Local\SaRALogs
2020-02-07 06:23 - 2020-02-07 06:23 - 000202312 _____ (Microsoft Corporation) C:\Users\Carl's Home office\Downloads\SetupProd_OlkStart.exe
2020-02-06 19:53 - 2020-02-06 19:53 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-02-06 13:09 - 2020-02-06 13:09 - 000002763 _____ C:\Users\Carl's Home office\Desktop\Chrome Remote Desktop.lnk
2020-02-05 15:49 - 2020-02-05 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-02-04 08:20 - 2020-02-04 08:20 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-02-03 21:28 - 2020-02-03 21:28 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-02-03 21:28 - 2020-02-03 21:28 - 000001818 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-02-03 21:28 - 2020-02-03 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-02-03 21:28 - 2020-02-03 21:28 - 000000000 ____D C:\Program Files\iPod
2020-02-03 21:26 - 2020-02-03 21:28 - 000000000 ____D C:\Program Files\iTunes
2020-02-03 21:23 - 2020-02-03 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2020-02-03 19:41 - 2020-02-03 19:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-02-03 18:11 - 2020-01-02 11:28 - 000948734 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200203-181103.backup
2020-02-03 17:05 - 2020-02-03 17:05 - 000008866 _____ C:\Users\Carl's Home office\OneDrive\Documents\cc_20200203_170501.reg
2020-01-31 16:27 - 2020-01-31 16:27 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 002493928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 002314952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001541632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-01-31 16:27 - 2020-01-31 16:27 - 001489064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001417760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 001105776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2020-01-31 16:27 - 2020-01-31 16:27 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000174392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000153912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys
2020-01-31 16:27 - 2020-01-31 16:27 - 000138040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2020-01-31 16:26 - 2020-01-31 16:27 - 000828216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 018026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 009926968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007600656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 004856832 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 004348616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003967888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 003819008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003550208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002988552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 002773776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002766088 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002260176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002225160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002084576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 002032128 _____ C:\WINDOWS\system32\rdpnano.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001916744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001858560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001743672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001693184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001512320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001399304 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-01-31 16:26 - 2020-01-31 16:26 - 001283592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-01-31 16:26 - 2020-01-31 16:26 - 001283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001182232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-01-31 16:26 - 2020-01-31 16:26 - 001170960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001154448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-01-31 16:26 - 2020-01-31 16:26 - 001097216 _____ (Microsoft Corp

Back to top

#2 nasdaq

Forum Deity

Global Moderator
49,318 posts

Posted 10 February 2020 - 07:22 AM

Hello, Welcome to SpywareInfoForum.

I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

===

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

start::
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
]HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [BingSvc] => C:\Users\Carl's Home office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0EC2A74E-A9E2-40DC-990F-481E83A98835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1550FDAB-F4B5-4E6E-86A6-929D5698D551} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2583E367-C78B-4D9A-BBF1-A2F017350E01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {444CC600-F0AB-4F02-BE4E-527B5CD3051A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9A250C4D-B820-4445-A5E8-ABF503CAA34F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A9E03B62-E970-4F1D-A15B-000FD7DB2C17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B812C175-AAB6-4100-832D-5ED452FA2277} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B97FB370-0C70-4077-8CEB-10A42E10190E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CA500CDC-1086-4F48-8BD1-774BAA72004C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D5F2C029-60BE-407F-8D52-F02134CD5A34} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ECF6F153-1286-4811-9D8C-5822BDE46D42} - \WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000 -> No File <==== ATTENTION
Task: {F3B09E27-AEDD-445E-97B6-3ABE15657AE8} - \DonutQuotes -> No File <==== ATTENTION
Task: {F629BC6D-8B2F-4374-9CAB-4248B10F22CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-4082023381-4228950685-2120871074-1000] => Proxy is enabled.
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
ContextMenuHandlers1: [iFunVideoConverter] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
 
RemoveProxy:
Reboot:
 
End::

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

How is the computer running now?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#3 Carlgrus

Advanced Member

Full Member
141 posts

Posted 10 February 2020 - 09:02 AM

And here is the ESET file that I just ran for an additional utility for you.

2/10/2020 9:57:20 AM
Files scanned: 517880
Detected files: 37
Cleaned files: 35
Total scan time 02:33:51
Scan status: Finished
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\88362c13-d20a-4a79-8610-64399a1d5730.dll.vir   a variant of Win64/Toolbar.Crossrider.Q potentially unwanted application   cleaned by deleting

C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\netfilter64.sys.vir   Win64/Riskware.NetFilter.G application   cleaned by deleting

C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   error while deleting (Access denied)

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-959.vpx   Win32/Bundled.Toolbar.Google.D potentially unsafe application   error while deleting (Access denied)

C:\Users\Carl's Home office\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Sports\Races\New York Triathlon Club Homepage.url   LNK/Agent.CH trojan   cleaned by deleting

C:\Users\Carl's Home office\AppData\Roaming\uTorrent\updates\3.4.5_41073.exe   a variant of Win32/uTorrent.C potentially unwanted application   cleaned by deleting

C:\Users\Carl's Home office\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe   a variant of Win32/uTorrent.C potentially unwanted application   cleaned by deleting

C:\Users\Carl's Home office\AppData\Roaming\uTorrent\updates\3.4.9_42606.exe   a variant of Win32/uTorrent.C potentially unwanted application   cleaned by deleting

C:\Users\Carl's Home office\AppData\Roaming\uTorrent\updates\3.4.9_42973.exe   a variant of Win32/uTorrent.C potentially unwanted application   cleaned by deleting

C:\Users\Carl's Home office\Documents\Favorites\Sports\Races\New York Triathlon Club Homepage.url   LNK/Agent.CH trojan   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup550.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup551.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup552.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup555.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup556.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Downloads\ccsetup557.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Favorites\Sports\Races\New York Triathlon Club Homepage.url   LNK/Agent.CH trojan   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup403.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup404.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup405.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup406.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup407.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup408.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup409.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup410.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup411.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup412.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup413.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup414.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup415.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup416.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup417.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup418 (1).exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup418.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup419.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Users\Carl's Home office\Pictures\ccsetup500.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll   a variant of MSIL/Toolbar.Linkury.BJ potentially unwanted application   cleaned by deleting

Back to top

#4 Carlgrus

Advanced Member

Full Member
141 posts

Posted 10 February 2020 - 09:52 AM

Wow! Computer seems to be back to normal, thank you so much! Here is the fixlog.txt that you requested. Please let me know if I should be doing anything else. Thank you again. Carl

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
Ran by Carl's Home office (10-02-2020 10:29:05) Run:1
Running from C:\Users\Carl's Home office\Desktop\Spyware Utilities
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

]HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [BingSvc] => C:\Users\Carl's Home office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0EC2A74E-A9E2-40DC-990F-481E83A98835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1550FDAB-F4B5-4E6E-86A6-929D5698D551} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2583E367-C78B-4D9A-BBF1-A2F017350E01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {444CC600-F0AB-4F02-BE4E-527B5CD3051A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9A250C4D-B820-4445-A5E8-ABF503CAA34F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A9E03B62-E970-4F1D-A15B-000FD7DB2C17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B812C175-AAB6-4100-832D-5ED452FA2277} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B97FB370-0C70-4077-8CEB-10A42E10190E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CA500CDC-1086-4F48-8BD1-774BAA72004C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D5F2C029-60BE-407F-8D52-F02134CD5A34} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ECF6F153-1286-4811-9D8C-5822BDE46D42} - \WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000 -> No File <==== ATTENTION
Task: {F3B09E27-AEDD-445E-97B6-3ABE15657AE8} - \DonutQuotes -> No File <==== ATTENTION
Task: {F629BC6D-8B2F-4374-9CAB-4248B10F22CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-4082023381-4228950685-2120871074-1000] => Proxy is enabled.
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

ContextMenuHandlers1: [iFunVideoConverter] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

RemoveProxy:
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
]HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EC2A74E-A9E2-40DC-990F-481E83A98835}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EC2A74E-A9E2-40DC-990F-481E83A98835}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1550FDAB-F4B5-4E6E-86A6-929D5698D551}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1550FDAB-F4B5-4E6E-86A6-929D5698D551}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2583E367-C78B-4D9A-BBF1-A2F017350E01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2583E367-C78B-4D9A-BBF1-A2F017350E01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C850B3B-E9C7-4A39-A5E6-9FF72AE03F32}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{444CC600-F0AB-4F02-BE4E-527B5CD3051A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{444CC600-F0AB-4F02-BE4E-527B5CD3051A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A250C4D-B820-4445-A5E8-ABF503CAA34F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A250C4D-B820-4445-A5E8-ABF503CAA34F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9E03B62-E970-4F1D-A15B-000FD7DB2C17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9E03B62-E970-4F1D-A15B-000FD7DB2C17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B812C175-AAB6-4100-832D-5ED452FA2277}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B812C175-AAB6-4100-832D-5ED452FA2277}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B97FB370-0C70-4077-8CEB-10A42E10190E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B97FB370-0C70-4077-8CEB-10A42E10190E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA500CDC-1086-4F48-8BD1-774BAA72004C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA500CDC-1086-4F48-8BD1-774BAA72004C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5F2C029-60BE-407F-8D52-F02134CD5A34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5F2C029-60BE-407F-8D52-F02134CD5A34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECF6F153-1286-4811-9D8C-5822BDE46D42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECF6F153-1286-4811-9D8C-5822BDE46D42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4082023381-4228950685-2120871074-1000" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3B09E27-AEDD-445E-97B6-3ABE15657AE8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3B09E27-AEDD-445E-97B6-3ABE15657AE8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F629BC6D-8B2F-4374-9CAB-4248B10F22CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F629BC6D-8B2F-4374-9CAB-4248B10F22CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306} => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => removed successfully
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\iFunVideoConverter => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62299081 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 542502267 B
Edge => 72395 B
Chrome => 12311237 B
Firefox => 166168400 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 33984 B
NetworkService => 33984 B
Carl's Home office => 225880220 B

RecycleBin => 0 B
EmptyTemp: => 973.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 10:31:40 ====

Back to top

#5 nasdaq

Forum Deity

Global Moderator
49,318 posts

Posted 11 February 2020 - 07:02 AM

Hi

You are looking good. Stay safe.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#6 Carlgrus

Advanced Member

Full Member
141 posts

Posted 20 February 2020 - 06:53 AM

I'm still having issues: And this is back to my home PC. My office laptop is running fine. The home PC starts incredibly slow, so slow, that I had to hold the on/off button down after only a black screen for 5 minutes, restarted, and then it boots, Excel started with the boot, which is odd, and it's running very slow. I ran CCleaner again, it did help, but still very slow. So, I've posted the 3 requested logs again to see if you can help me again. Thanks, as always. Carl

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/20/20
Scan Time: 7:09 AM
Log File: e0844349-53d9-11ea-bd40-f8bc129d5fc8.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.19490
License: Premium

-System Information-
OS: Windows 10 (Build 18362.657)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 378200
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 23 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2020
Ran by Carl's Home office (administrator) on CARLSHOMEOFFICE (Dell Inc. Inspiron 3847) (20-02-2020 07:37:11)
Running from C:\Users\Carl's Home office\Desktop\Spyware Utilities
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Platform: Windows 10 Pro Version 1909 18363.657 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\90.4.307\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\90.4.307\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_comm_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_system_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_user_customer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingNews_4.35.20273.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20280.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20280.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12002.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] (Logitech Inc -> )
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-02-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [19456 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
HKLM-x32\...\Run: [Act.Outlook64.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook64.Service.exe [23552 2018-03-15] () [File not signed]
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272336 2019-09-24] (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
HKLM-x32\...\Run: [ISPA] => C:\Program Files (x86)\ACT\Act for Windows\Integration Services Patch for Act!\ISPA.exe [15635456 2019-07-26] () [File not signed]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070950222\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070950737\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc -> Logitech Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Edit] => C:\Users\Carl's Home office\AppData\Local\Box\Box Edit\Box Edit.exe [910064 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Local Com Server] => C:\Users\Carl's Home office\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Dashlane] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [AvastBrowserAutoLaunch_0F836ECA984C3E0526723B8BD7DBE0EE] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [DashlanePlugin] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Carl's Home office\AppData\Local\GoToAssist Remote Support Expert\1673\g2ax_start.exe [609552 2020-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc -> Logitech Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [Box Edit] => C:\Users\Carl's Home office\AppData\Local\Box\Box Edit\Box Edit.exe [910064 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [Box Local Com Server] => C:\Users\Carl's Home office\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [Dashlane] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [AvastBrowserAutoLaunch_0F836ECA984C3E0526723B8BD7DBE0EE] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [DashlanePlugin] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02202020070951222\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Carl's Home office\AppData\Local\GoToAssist Remote Support Expert\1673\g2ax_start.exe [609552 2020-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\Installer\chrmstp.exe [2020-02-12] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2018-05-01]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064BD36E-BCDB-46CD-ACF9-13A6B4A6C57B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {07947E7F-093E-4F42-A53B-B3E5E8A184E1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1353616 2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {0EFB762A-61C0-4AE6-806A-940DF010D0F7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {21B031AC-73C2-4A6B-828C-10024D4BE34D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {247DD3AE-B575-4222-AD1D-B0B4BBAE390C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {28CAC893-05A9-4AE5-8C7F-4493447ADDB0} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {2BF6790F-A31C-43DB-94C3-A40E1FF7E6E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {317406EF-3EF3-4671-B4B7-2D5B41D6641B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568904 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {31DB7E40-54D7-43F8-A4C8-8B2828F5544B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {32C710DC-C5BC-4C5C-AE71-19C8867B0FF8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4BC186EE-55C8-4C74-A8FC-A96917252E86} - System32\Tasks\avastBCLRestartS-1-5-21-4082023381-4228950685-2120871074-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {4D302C6E-2812-4C0C-A846-F4965C8B87F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {510FFD6D-204A-4A85-8877-37714070C549} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {51B034E5-8621-437E-961C-42D31C577244} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {59C94174-5C50-4FE9-A998-2CFCBBD6F3ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1835112 2020-02-20] (Avast Software s.r.o. -> AVAST Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6EBCED19-A5AA-4C5F-AA32-8D7C97E908BE} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Carl's Home office\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-09] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {7921314D-7FD8-4E2B-A199-3EE88335B540} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A7B229D-6FA5-4A98-9801-0E27A3A31B5D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {830D04D4-B0E8-4E55-8D96-66C9D5C0E576} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568904 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {848C0DB1-86CD-4240-8B8C-9410839A52D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B01CE21-C809-4465-A50D-C369ECF9F245} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe)
Task: {8F620EFD-F444-453A-8358-E6C0A737094E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2A4646A-D0EE-4980-8B0E-9B144AC178FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A2FAAFBC-7C9C-406B-BFA2-C2D1893DF90E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe)
Task: {AAD6F6FE-4E5D-4195-8C41-5AA95FCBC88F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AB1096F7-945E-49D5-BA98-BDAE6E8B1300} - System32\Tasks\IMF Task (One-Time) => C:\Program Files (x86)\IObit\IObit Malware Fighter\XmasPromote.exe
Task: {B907722E-6A9F-45D2-9BDE-7DE92653CF84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {BEC7AABE-1D7D-4157-A434-C4E90D0FD962} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {C1F1009B-03AC-4E18-8E8D-DF219F0BCCD7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4720FBC-E792-4675-BAF5-9DC4E5EA9717} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {E0A47AE7-93B4-4708-8DE2-30A2C0EF7226} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0B63957-6254-4855-8E48-4E34770EF658} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E7CCA715-D05A-4DF5-AF8D-F470BA7047AD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {ECFEAC9B-067F-4163-BE80-A50724812405} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Carl's Home office\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-09] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {F4A42E80-24F5-4419-B3BE-C169475CE2DE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1353616 2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC5E1860-C5BC-4FA6-B4DA-5A8F1087F3EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{024ac722-11a5-4173-b7b9-1f9217401d4b}: [DhcpNameServer] 192.168.1.7
Tcpip\..\Interfaces\{27bf6332-1abb-4236-8cf9-2d756c577b54}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5ef848db-49b9-4750-81a5-a11041a9972b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c82f08cb-58c3-4dc5-94cd-05a5f9a3acf7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Program Files (x86)\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.DLL [2018-03-15] (Swiftpage ACT! LLC) [File not signed]
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Carl's Home office\Downloads
Edge Extension: (Dashlane - Password Manager) -> EdgeExtension_DashlaneDashlaneEdgeExtension_ks9qrcqmdm1bm => C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2004.3.0_neutral__ks9qrcqmdm1bm [2020-02-13]

FireFox:
========
FF DefaultProfile: r4sbxvoy.default-1581266188499
FF ProfilePath: C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499 [2020-02-20]
FF Homepage: Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499 -> hxxps://www.bing.com/?pc=U528
FF Extension: (Facebook Container) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\@contain-facebook.xpi [2020-02-09]
FF Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\ciscowebexstart1@cisco.com.xpi [2020-02-09]
FF Extension: (iCloud Bookmarks) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\firefoxdav@icloud.com.xpi [2020-02-09]
FF Extension: (Dashlane) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\jetpack-extension@dashlane.com.xpi [2020-02-13] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\r4sbxvoy.default-1581266188499\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-02-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-09-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Carl's Home office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default [2020-02-20]
CHR HomePage: Default -> hxxps://my.yahoo.com/?mkg=015
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Docs) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-25]
CHR Extension: (Google Search) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-02-06]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-08]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-02-12]
CHR Extension: (Sheets) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-18]
CHR Extension: (Disconnect) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2019-08-18]
CHR Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-08-18]
CHR Extension: (Skype) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Gmail) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-08]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\elevation_service.exe [968552 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc. -> Box, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11096432 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-02-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe [609552 2020-01-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 HHC7Service; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe [20248 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 HHC7ServiceMonitor; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe [19232 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SQLAgent$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-02-03] (Malwarebytes Corporation -> Malwarebytes)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-12] (SurfRight B.V. -> )
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-23] (Martin Malik - REALiX -> REALiX™)
R3 LVPr2M64; C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-03] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [226448 2020-02-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-02-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-02-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-02-20] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-03-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-04-07] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-20 07:34 - 2020-02-20 07:34 - 000001221 _____ C:\Users\Carl's Home office\Desktop\Malware.txt
2020-02-20 07:22 - 2020-02-20 07:30 - 000000000 ____D C:\Users\Carl's Home office\AppData\LocalLow\IGDump
2020-02-20 07:12 - 2020-02-20 07:12 - 000000000 ___HD C:\OneDriveTemp
2020-02-16 17:31 - 2020-02-20 07:09 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-02-15 13:54 - 2020-02-15 13:57 - 031966375 _____ C:\Users\Carl's Home office\Downloads\OneDrive_1_2-15-2020.zip
2020-02-14 21:39 - 2020-02-14 21:39 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-02-14 21:39 - 2020-02-14 21:39 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-02-14 21:39 - 2020-02-14 21:39 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2020-02-14 21:39 - 2020-02-14 21:39 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-02-14 21:39 - 2020-02-14 21:39 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-02-14 21:39 - 2020-02-14 21:39 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-02-14 21:39 - 2020-02-14 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-02-14 21:31 - 2020-02-14 21:31 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-02-13 18:41 - 2020-02-13 18:41 - 000146195 _____ C:\Users\Carl's Home office\Downloads\Demographic_and_Income_Profile_92fa44f5-746f-42aa-8a7a-31d14ff49b9b(1).pdf
2020-02-13 18:32 - 2020-02-13 18:32 - 000103729 _____ C:\Users\Carl's Home office\Downloads\Demographic_and_Income_Profile_14868aa5-d0e0-436a-884b-7cf855122c9a.xlsx
2020-02-13 13:51 - 2020-02-13 13:51 - 000015598 _____ C:\Users\Carl's Home office\OneDrive\Documents\cc_20200213_135122.reg
2020-02-12 21:19 - 2020-02-12 21:18 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-02-12 20:51 - 2020-02-03 15:56 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-02-12 20:51 - 2020-02-03 15:56 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-02-12 20:50 - 2020-02-20 06:29 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-02-12 20:47 - 2020-02-12 20:47 - 000000000 ____D C:\ProgramData\ssh
2020-02-12 20:40 - 2020-02-12 20:40 - 010823512 _____ (AVAST Software) C:\Users\Carl's Home office\Downloads\avastclear.exe
2020-02-12 18:23 - 2020-02-12 18:23 - 005056840 _____ C:\Users\Carl's Home office\Downloads\avast_secure_browser_setup.exe
2020-02-12 06:58 - 2020-02-12 06:58 - 005502464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-02-12 06:58 - 2020-02-12 06:58 - 004308480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-02-12 06:58 - 2020-02-12 06:58 - 001541632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 019813376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 018026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 006519752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 006284800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 005912064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 004856832 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 004575232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 003820032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 003484672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 002861568 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-02-12 06:57 - 2020-02-12 06:57 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-02-12 06:57 - 2020-02-12 06:57 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-02-12 06:57 - 2020-02-12 06:57 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 002493720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 002314952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 002230232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001664696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001664680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001562424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001272360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001218120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001213752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001195008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 001077264 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000904504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000857088 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-02-12 06:57 - 2020-02-12 06:57 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000784384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000774664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000597816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000542288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2020-02-12 06:57 - 2020-02-12 06:57 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-02-12 06:57 - 2020-02-12 06:57 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\syst

Back to top

#7 Rocket Grannie

SWI Australian Rebel

Administrators
7,961 posts

Posted 20 February 2020 - 05:32 PM

I'm still having issues: And this is back to my home PC.

If these logs belong to a different computer please start a new topic and post the complete logs that are asked for.

Thank you

Rocket Grannie

My help is free however if you wish to make a donation please see Here

Back to top

#8 Carlgrus

Advanced Member

Full Member
141 posts

Posted 21 February 2020 - 05:39 AM

This is the same computer....my PC at home.

Back to top

#9 nasdaq

Forum Deity

Global Moderator
49,318 posts

Posted 21 February 2020 - 07:22 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

start
 
CreateRestorePoint:
CloseProcesses:
 
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
CMD: ECHO Y|CHKDSK C: /F
 
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

p.s. Let the fix finish.

===

If the problem persists please run these programs.

--RogueKiller--

Download & SAVE to your Desktop Download RogueKiller

Quit all programs that you may have started.

Please disconnect any USB or external drives from the computer before you run this scan!

For Vista or above, right-click the program file and select "Run as Administrator"

Accept the user agreements.

Execute the scan and wait until it has finished.

If a Windows opens to explain what [PUM's] are, read about it.

Click the RoguKiller icon on your taksbar to return to the report.

Click open the Report

Click Export TXT button

Save the file as ReportRogue.txt

Click the Remove button to delete the items in RED

Click Finish and close the program.

Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.

=======

Read carefully and follow these steps.

TDSS

Download TDSSKiller and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application.

Then click on Start Scan.

If a suspicious file is detected, the default action will be Skip, click on Continue.

If an infected file is detected, the default action will be Cure, click on Continue.

Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

===

Please run the Farbar program one more time.

This time please attach both the FRST.TXT and Addtion.txt logs for my review.

How to attach a file to your reply:

In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.

Select the "Choose a File" navigate to the location of the File.

Click the file you wish to Attach.

Click Attach this file.

Click the Add reply button.

===

Let me know if you have seen an improvement or not.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#10 Carlgrus

Advanced Member

Full Member
141 posts

Posted 22 February 2020 - 07:03 AM

So far, so good, here's the fixlog.txt requested.

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by Carl's Home office (21-02-2020 11:17:20) Run:2
Running from C:\Users\Carl's Home office\Desktop\Spyware Utilities
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

cmd: DISM.exe /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
CMD: ECHO Y|CHKDSK C: /F

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= DISM.exe /Online /Cleanup-image /Restorehealth =========

Deployment Image Servicing and Management tool
Version: 10.0.18362.1

Image Version: 10.0.18363.657

[==                         4.5%                           ]

[==                         4.5%                           ]

[==                         4.5%                           ]

[==                         4.6%                           ]

[==                         4.6%                           ]

[==                         4.7%                           ]

[==                         4.7%                           ]

[==                         4.8%                           ]

[==                         4.8%                           ]

[==                         4.8%                           ]

[==                         4.9%                           ]

[==                         5.0%                           ]

[==                         5.0%                           ]

[==                         5.0%                           ]

[==                         5.1%                           ]

[==                         5.1%                           ]

[===                        5.2%                           ]

[===                        5.2%                           ]

[===                        5.2%                           ]

[===                        5.3%                           ]

[===                        5.3%                           ]

[===                        5.4%                           ]

[===                        5.5%                           ]

[===                        5.5%                           ]

[===                        5.5%                           ]

[===                        5.5%                           ]

[===                        5.6%                           ]

[===                        5.7%                           ]

[===                        5.7%                           ]

[===                        5.8%                           ]

[===                        5.8%                           ]

[===                        5.9%                           ]

[===                        5.9%                           ]

[===                        6.0%                           ]

[===                        6.0%                           ]

[===                        6.1%                           ]

[===                        6.1%                           ]

[===                        6.2%                           ]

[===                        6.3%                           ]

[===                        6.3%                           ]

[===                        6.4%                           ]

[===                        6.5%                           ]

[===                        6.5%                           ]

[===                        6.6%                           ]

[===                        6.7%                           ]

[===                        6.7%                           ]

[===                        6.8%                           ]

[===                        6.8%                           ]

[====                       6.9%                           ]

[====                       7.0%                           ]

[====                       7.0%                           ]

[====                       7.1%                           ]

[====                       7.1%                           ]

[====                       7.2%                           ]

[====                       7.2%                           ]

[====                       7.2%                           ]

[====                       7.2%                           ]

[====                       7.2%                           ]

[====                       7.3%                           ]

[====                       7.4%                           ]

[====                       7.4%                           ]

[====                       7.5%                           ]

[====                       7.5%                           ]

[====                       7.6%                           ]

[====                       7.6%                           ]

[====                       7.7%                           ]

[====                       7.7%                           ]

[====                       7.8%                           ]

[====                       7.8%                           ]

[====                       7.9%                           ]

[====                       7.9%                           ]

[====                       8.0%                           ]

[====                       8.1%                           ]

[====                       8.1%                           ]

[====                       8.2%                           ]

[====                       8.2%                           ]

[====                       8.3%                           ]

[====                       8.4%                           ]

[====                       8.4%                           ]

[====                       8.5%                           ]

[====                       8.5%                           ]

[====                       8.5%                           ]

[====                       8.5%                           ]

[====                       8.5%                           ]

[=====                      8.6%                           ]

[=====                      8.8%                           ]

[=====                      8.9%                           ]

[=====                      9.0%                           ]

[=====                      9.0%                           ]

[=====                      9.1%                           ]

[=====                      9.1%                           ]

[=====                      9.2%                           ]

[=====                      9.2%                           ]

[=====                      9.3%                           ]

[=====                      9.3%                           ]

[=====                      9.4%                           ]

[=====                      9.5%                           ]

[=====                      9.5%                           ]

[=====                      9.5%                           ]

[=====                      9.6%                           ]

[=====                      9.6%                           ]

[=====                      9.6%                           ]

[=====                      9.7%                           ]

[=====                      9.7%                           ]

[=====                      9.7%                           ]

[=====                      9.8%                           ]

[=====                      9.8%                           ]

[=====                      9.8%                           ]

[=====                      9.9%                           ]

[=====                      9.9%                           ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.1%                          ]

[=====                      10.1%                          ]

[=====                      10.1%                          ]

[=====                      10.2%                          ]

[=====                      10.2%                          ]

[=====                      10.3%                          ]

[=====                      10.3%                          ]

[=====                      10.3%                          ]

[======                     10.4%                          ]

[======                     10.4%                          ]

[======                     10.5%                          ]

[======                     10.5%                          ]

[======                     10.5%                          ]

[======                     10.5%                          ]

[======                     10.6%                          ]

[======                     10.6%                          ]

[======                     10.7%                          ]

[======                     10.8%                          ]

[======                     10.8%                          ]

[======                     10.9%                          ]

[======                     11.0%                          ]

[======                     11.1%                          ]

[======                     11.1%                          ]

[======                     11.1%                          ]

[======                     11.2%                          ]

[======                     11.3%                          ]

[======                     11.4%                          ]

[======                     11.5%                          ]

[======                     11.5%                          ]

[======                     11.6%                          ]

[======                     11.6%                          ]

[======                     11.7%                          ]

[======                     11.8%                          ]

[======                     11.9%                          ]

[======                     12.0%                          ]

[=======                    12.1%                          ]

[=======                    12.1%                          ]

[=======                    12.2%                          ]

[=======                    12.3%                          ]

[=======                    12.5%                          ]

[=======                    12.5%                          ]

[=======                    12.6%                          ]

[=======                    12.7%                          ]

[=======                    12.8%                          ]

[=======                    13.0%                          ]

[=======                    13.2%                          ]

[=======                    13.3%                          ]

[=======                    13.6%                          ]

[========                   14.2%                          ]

[========                   14.3%                          ]

[========                   14.3%                          ]

[========                   14.4%                          ]

[========                   14.4%                          ]

[========                   14.5%                          ]

[========                   14.5%                          ]

[========                   14.6%                          ]

[========                   14.6%                          ]

[========                   14.7%                          ]

[========                   14.8%                          ]

[========                   14.8%                          ]

[========                   14.8%                          ]

[========                   14.9%                          ]

[========                   14.9%                          ]

[========                   15.0%                          ]

[========                   15.1%                          ]

[========                   15.2%                          ]

[========                   15.3%                          ]

[========                   15.3%                          ]

[========                   15.4%                          ]

[========                   15.4%                          ]

[========                   15.5%                          ]

[========                   15.5%                          ]

[=========                  15.5%                          ]

[=========                  15.5%                          ]

[=========                  15.5%                          ]

[=========                  15.6%                          ]

[=========                  15.6%                          ]

[=========                  15.7%                          ]

[=========                  15.7%                          ]

[=========                  15.8%                          ]

[=========                  16.0%                          ]

[=========                  16.0%                          ]

[=========                  16.0%                          ]

[=========                  16.1%                          ]

[=========                  16.1%                          ]

[=========                  16.2%                          ]

[=========                  16.3%                          ]

[=========                  16.4%                          ]

[=========                  16.5%                          ]

[=========                  16.5%                          ]

[=========                  16.6%                          ]

[=========                  16.7%                          ]

[=========                  16.8%                          ]

[=========                  16.9%                          ]

[=========                  17.0%                          ]

[=========                  17.1%                          ]

[=========                  17.2%                          ]

[==========                 17.3%         &#

Back to top

#11 nasdaq

Forum Deity

Global Moderator
49,318 posts

Posted 23 February 2020 - 06:51 AM

Glad we could help.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#12 Carlgrus

Advanced Member

Full Member
141 posts

Posted 29 February 2020 - 08:06 AM

I'm back, and my same home PC from above is now operating slower than ever. Took over 10- minutes to boot up this morning. There is still something in here giving me a major problem. I figured, you would want me to start at the beginning...so here are the logs you request: Thank you.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/29/20
Scan Time: 8:36 AM
Log File: 8f2ba826-5af8-11ea-ad4f-f8bc129d5fc8.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.823
Update Package Version: 1.0.20018
License: Premium

-System Information-
OS: Windows 10 (Build 18362.693)
CPU: x64
File System: NTFS
User: CARLSHOMEOFFICE\Carl's Home office

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 378907
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 12 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
Ran by Carl's Home office (administrator) on CARLSHOMEOFFICE (Dell Inc. Inspiron 3847) (29-02-2020 08:53:03)
Running from C:\Users\Carl's Home office\Desktop\Spyware Utilities
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Platform: Windows 10 Pro Version 1909 18363.693 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\91.4.548\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\91.4.548\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_comm_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_system_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_user_customer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] (Logitech Inc -> )
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260736 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [19456 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
HKLM-x32\...\Run: [Act.Outlook64.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook64.Service.exe [23552 2018-03-15] () [File not signed]
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272336 2019-09-24] (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
HKLM-x32\...\Run: [ISPA] => C:\Program Files (x86)\ACT\Act for Windows\Integration Services Patch for Act!\ISPA.exe [15635456 2019-07-26] () [File not signed]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc -> Logitech Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Edit] => C:\Users\Carl's Home office\AppData\Local\Box\Box Edit\Box Edit.exe [910064 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Local Com Server] => C:\Users\Carl's Home office\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Dashlane] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [AvastBrowserAutoLaunch_0F836ECA984C3E0526723B8BD7DBE0EE] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [DashlanePlugin] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Carl's Home office\AppData\Local\GoToAssist Remote Support Expert\1673\g2ax_start.exe [609552 2020-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\81.0.416.20\Installer\setup.exe [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.122\Installer\chrmstp.exe [2020-02-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\Installer\chrmstp.exe [2020-02-12] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2018-05-01]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064BD36E-BCDB-46CD-ACF9-13A6B4A6C57B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0EFB762A-61C0-4AE6-806A-940DF010D0F7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {21B031AC-73C2-4A6B-828C-10024D4BE34D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {247DD3AE-B575-4222-AD1D-B0B4BBAE390C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {267BC2AF-BCF9-47B3-9BB7-73CD693471E3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {276A703C-3A0C-449B-9BF5-0882CC722510} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
Task: {28CAC893-05A9-4AE5-8C7F-4493447ADDB0} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {2BF6790F-A31C-43DB-94C3-A40E1FF7E6E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {31DB7E40-54D7-43F8-A4C8-8B2828F5544B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {32C710DC-C5BC-4C5C-AE71-19C8867B0FF8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4BC186EE-55C8-4C74-A8FC-A96917252E86} - System32\Tasks\avastBCLRestartS-1-5-21-4082023381-4228950685-2120871074-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {4D302C6E-2812-4C0C-A846-F4965C8B87F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {510FFD6D-204A-4A85-8877-37714070C549} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {59C94174-5C50-4FE9-A998-2CFCBBD6F3ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {5A4EEF71-BD2D-445E-B358-BAF693EE81C1} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6EBCED19-A5AA-4C5F-AA32-8D7C97E908BE} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Carl's Home office\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-09] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {7921314D-7FD8-4E2B-A199-3EE88335B540} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A7B229D-6FA5-4A98-9801-0E27A3A31B5D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {7C083749-20F3-42A8-B804-1FE7572530F8} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {848C0DB1-86CD-4240-8B8C-9410839A52D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B01CE21-C809-4465-A50D-C369ECF9F245} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe)
Task: {8F620EFD-F444-453A-8358-E6C0A737094E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2A4646A-D0EE-4980-8B0E-9B144AC178FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A2FAAFBC-7C9C-406B-BFA2-C2D1893DF90E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe)
Task: {AAD6F6FE-4E5D-4195-8C41-5AA95FCBC88F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AB1096F7-945E-49D5-BA98-BDAE6E8B1300} - System32\Tasks\IMF Task (One-Time) => C:\Program Files (x86)\IObit\IObit Malware Fighter\XmasPromote.exe
Task: {AFE25C68-FD80-4E09-B3CF-DA472E1DE9DA} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6BDCBEE-D800-4B35-B53B-B8C278F8F8BC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600424 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B77FE6C8-210B-4A91-9AE2-8B829EC10380} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600424 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B907722E-6A9F-45D2-9BDE-7DE92653CF84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {BEC7AABE-1D7D-4157-A434-C4E90D0FD962} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4720FBC-E792-4675-BAF5-9DC4E5EA9717} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {E0B63957-6254-4855-8E48-4E34770EF658} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E7CCA715-D05A-4DF5-AF8D-F470BA7047AD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {EB906464-5EBF-41A9-AC03-29DE828DEBE3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {ECFEAC9B-067F-4163-BE80-A50724812405} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Carl's Home office\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-09] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {FC5E1860-C5BC-4FA6-B4DA-5A8F1087F3EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{024ac722-11a5-4173-b7b9-1f9217401d4b}: [DhcpNameServer] 192.168.1.7
Tcpip\..\Interfaces\{27bf6332-1abb-4236-8cf9-2d756c577b54}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5ef848db-49b9-4750-81a5-a11041a9972b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c82f08cb-58c3-4dc5-94cd-05a5f9a3acf7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Program Files (x86)\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.DLL [2018-03-15] (Swiftpage ACT! LLC) [File not signed]
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Carl's Home office\Downloads
Edge Extension: (Dashlane - Password Manager) -> EdgeExtension_DashlaneDashlaneEdgeExtension_ks9qrcqmdm1bm => C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2004.3.0_neutral__ks9qrcqmdm1bm [2020-02-13]

FireFox:
========
FF DefaultProfile: hti2sk13.default-1582931933383
FF ProfilePath: C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 [2020-02-29]
FF Homepage: Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 -> hxxps://www.bing.com/?pc=U528
FF HomepageOverride: Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 -> Enabled: {3e06d96e-26f5-4a68-ac64-2b6bc583a35d}
FF Extension: (Facebook Container) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\@contain-facebook.xpi [2020-02-28]
FF Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\ciscowebexstart1@cisco.com.xpi [2020-02-28]
FF Extension: (iCloud Bookmarks) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\firefoxdav@icloud.com.xpi [2020-02-28]
FF Extension: (Dashlane) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\jetpack-extension@dashlane.com.xpi [2020-02-29] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (Bing Homepage and Search Engine) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\{3e06d96e-26f5-4a68-ac64-2b6bc583a35d}.xpi [2020-02-28] [UpdateUrl:hxxps://browserdefaults.azurewebsites.net/FirefoxExtn/updateextension.json]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-02-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-09-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Carl's Home office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default [2020-02-29]
CHR HomePage: Default -> hxxps://my.yahoo.com/?mkg=015
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Docs) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-22]
CHR Extension: (Google Search) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-02-06]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-08]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-02-12]
CHR Extension: (Sheets) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Avast Online Security) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-18]
CHR Extension: (Disconnect) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2019-08-18]
CHR Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-08-18]
CHR Extension: (Skype) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Gmail) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-08]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428560 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\elevation_service.exe [968552 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc. -> Box, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11090808 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe [609552 2020-01-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 HHC7Service; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe [20248 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 HHC7ServiceMonitor; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe [19232 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\81.0.416.20\elevation_service.exe [1125256 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16647736 2020-02-24] (Adlice -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5929920 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SQLAgent$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205576 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [271120 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206608 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [64272 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42976 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175400 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552576 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110560 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84056 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848672 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [458584 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235184 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316256 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-02-20] (Malwarebytes Corporation -> Malwarebytes)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-12] (SurfRight B.V. -> )
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-23] (Martin Malik - REALiX -> REALiX™)
R3 LVPr2M64; C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [226448 2020-02-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-02-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-02-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-02-29] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-03-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-04-07] (Synaptics Incorporated -> Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2020-02-29] (Adlice -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-29 08:39 - 2020-02-29 08:46 - 000000000 ____D C:\Users\Carl's Home office\AppData\LocalLow\IGDump
2020-02-29 08:27 - 2020-02-29 08:27 - 000000000 ___HD C:\OneDriveTemp
2020-02-29 08:23 - 2020-02-29 08:23 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-02-29 08:22 - 2020-02-29 08:22 - 000226448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-02-29 08:21 - 2020-02-29 08:21 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2020-02-29 08:15 - 2020-02-29 08:18 - 000255510 _____ C:\TDSSKiller.2.8.16.0_29.02.2020_08.15.23_log.txt
2020-02-29 08:15 - 2020-02-29 08:15 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\92401588.sys
2020-02-29 08:14 - 2020-02-29 08:14 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Carl's Home office\Downloads\tdsskiller(1).exe
2020-02-28 18:27 - 2020-02-29 08:22 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-02-28 18:19 - 2020-02-28 18:19 - 000000000 ____D C:\Users\Carl's Home office\Desktop\Old Firefox Data
2020-02-28 13:44 - 2020-02-26 09:05 - 000368056 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-02-28 13:00 - 2020-02-29 08:04 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2020-02-28 13:00 - 2020-02-28 13:06 - 000000540 _____ C:\WINDOWS\Tasks\Avast Driver Updater Startup.job
2020-02-28 13:00 - 2020-02-28 13:00 - 000003064 _____ C:\WINDOWS\system32\Tasks\Avast Driver Updater Startup
2020-02-28 13:00 - 2020-02-28 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
2020-02-28 12:36 - 2020-02-28 12:36 - 025900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 018027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006522824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006085368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 005766192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004129648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002957496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-02-28 12:36 - 2020-02-28 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-02-28 12:36 - 2020-02-28 12:36 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002494952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001867088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001490848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001283600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-02-28 12:36 - 2020-02-28 12:36 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001218632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001190912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001107824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001077264 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001054376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000769552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbc32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-02-28 12:36 - 2020-02-28 12:36 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000145208 _____ (Microsoft Corporation) C:\WIND

Back to top

#13 nasdaq

Forum Deity

Global Moderator
49,318 posts

Posted 01 March 2020 - 06:43 AM

HI,

Please attach the FRST.TXT log as it's not complete.

I also need to see the Addition.txt log that was created by running the Farbar program.

Attach the logs as suggested in my No. 9

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#14 Carlgrus

Advanced Member

Full Member
141 posts

Posted 01 March 2020 - 10:12 AM

Sorry about that, I had all good intentions, left me try it again.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
Ran by Carl's Home office (administrator) on CARLSHOMEOFFICE (Dell Inc. Inspiron 3847) (29-02-2020 08:53:03)
Running from C:\Users\Carl's Home office\Desktop\Spyware Utilities
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Platform: Windows 10 Pro Version 1909 18363.693 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\91.4.548\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\91.4.548\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe
(Keystroke Quality Computing Inc -> ) C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_comm_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_system_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_user_customer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] (Logitech Inc -> )
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260736 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [19456 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
HKLM-x32\...\Run: [Act.Outlook64.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook64.Service.exe [23552 2018-03-15] () [File not signed]
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272336 2019-09-24] (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
HKLM-x32\...\Run: [ISPA] => C:\Program Files (x86)\ACT\Act for Windows\Integration Services Patch for Act!\ISPA.exe [15635456 2019-07-26] () [File not signed]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc -> Logitech Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Edit] => C:\Users\Carl's Home office\AppData\Local\Box\Box Edit\Box Edit.exe [910064 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Local Com Server] => C:\Users\Carl's Home office\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Dashlane] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [AvastBrowserAutoLaunch_0F836ECA984C3E0526723B8BD7DBE0EE] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [DashlanePlugin] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Carl's Home office\AppData\Local\GoToAssist Remote Support Expert\1673\g2ax_start.exe [609552 2020-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\81.0.416.20\Installer\setup.exe [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.122\Installer\chrmstp.exe [2020-02-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\Installer\chrmstp.exe [2020-02-12] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2018-05-01]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064BD36E-BCDB-46CD-ACF9-13A6B4A6C57B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0EFB762A-61C0-4AE6-806A-940DF010D0F7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {21B031AC-73C2-4A6B-828C-10024D4BE34D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {247DD3AE-B575-4222-AD1D-B0B4BBAE390C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {267BC2AF-BCF9-47B3-9BB7-73CD693471E3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {276A703C-3A0C-449B-9BF5-0882CC722510} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
Task: {28CAC893-05A9-4AE5-8C7F-4493447ADDB0} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {2BF6790F-A31C-43DB-94C3-A40E1FF7E6E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {31DB7E40-54D7-43F8-A4C8-8B2828F5544B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {32C710DC-C5BC-4C5C-AE71-19C8867B0FF8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4BC186EE-55C8-4C74-A8FC-A96917252E86} - System32\Tasks\avastBCLRestartS-1-5-21-4082023381-4228950685-2120871074-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {4D302C6E-2812-4C0C-A846-F4965C8B87F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {510FFD6D-204A-4A85-8877-37714070C549} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {59C94174-5C50-4FE9-A998-2CFCBBD6F3ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {5A4EEF71-BD2D-445E-B358-BAF693EE81C1} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6EBCED19-A5AA-4C5F-AA32-8D7C97E908BE} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Carl's Home office\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-09] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {7921314D-7FD8-4E2B-A199-3EE88335B540} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A7B229D-6FA5-4A98-9801-0E27A3A31B5D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {7C083749-20F3-42A8-B804-1FE7572530F8} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {848C0DB1-86CD-4240-8B8C-9410839A52D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B01CE21-C809-4465-A50D-C369ECF9F245} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe)
Task: {8F620EFD-F444-453A-8358-E6C0A737094E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2A4646A-D0EE-4980-8B0E-9B144AC178FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A2FAAFBC-7C9C-406B-BFA2-C2D1893DF90E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe)
Task: {AAD6F6FE-4E5D-4195-8C41-5AA95FCBC88F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AB1096F7-945E-49D5-BA98-BDAE6E8B1300} - System32\Tasks\IMF Task (One-Time) => C:\Program Files (x86)\IObit\IObit Malware Fighter\XmasPromote.exe
Task: {AFE25C68-FD80-4E09-B3CF-DA472E1DE9DA} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6BDCBEE-D800-4B35-B53B-B8C278F8F8BC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600424 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B77FE6C8-210B-4A91-9AE2-8B829EC10380} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600424 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B907722E-6A9F-45D2-9BDE-7DE92653CF84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {BEC7AABE-1D7D-4157-A434-C4E90D0FD962} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4720FBC-E792-4675-BAF5-9DC4E5EA9717} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {E0B63957-6254-4855-8E48-4E34770EF658} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E7CCA715-D05A-4DF5-AF8D-F470BA7047AD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {EB906464-5EBF-41A9-AC03-29DE828DEBE3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {ECFEAC9B-067F-4163-BE80-A50724812405} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Carl's Home office\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-09] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {FC5E1860-C5BC-4FA6-B4DA-5A8F1087F3EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{024ac722-11a5-4173-b7b9-1f9217401d4b}: [DhcpNameServer] 192.168.1.7
Tcpip\..\Interfaces\{27bf6332-1abb-4236-8cf9-2d756c577b54}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5ef848db-49b9-4750-81a5-a11041a9972b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c82f08cb-58c3-4dc5-94cd-05a5f9a3acf7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Program Files (x86)\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.DLL [2018-03-15] (Swiftpage ACT! LLC) [File not signed]
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Carl's Home office\Downloads
Edge Extension: (Dashlane - Password Manager) -> EdgeExtension_DashlaneDashlaneEdgeExtension_ks9qrcqmdm1bm => C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2004.3.0_neutral__ks9qrcqmdm1bm [2020-02-13]

FireFox:
========
FF DefaultProfile: hti2sk13.default-1582931933383
FF ProfilePath: C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 [2020-02-29]
FF Homepage: Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 -> hxxps://www.bing.com/?pc=U528
FF HomepageOverride: Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 -> Enabled: {3e06d96e-26f5-4a68-ac64-2b6bc583a35d}
FF Extension: (Facebook Container) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\@contain-facebook.xpi [2020-02-28]
FF Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\ciscowebexstart1@cisco.com.xpi [2020-02-28]
FF Extension: (iCloud Bookmarks) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\firefoxdav@icloud.com.xpi [2020-02-28]
FF Extension: (Dashlane) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\jetpack-extension@dashlane.com.xpi [2020-02-29] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (Bing Homepage and Search Engine) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\{3e06d96e-26f5-4a68-ac64-2b6bc583a35d}.xpi [2020-02-28] [UpdateUrl:hxxps://browserdefaults.azurewebsites.net/FirefoxExtn/updateextension.json]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-02-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-09-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Carl's Home office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default [2020-02-29]
CHR HomePage: Default -> hxxps://my.yahoo.com/?mkg=015
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Docs) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-22]
CHR Extension: (Google Search) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2020-01-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-02-06]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-08]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-02-12]
CHR Extension: (Sheets) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Avast Online Security) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-18]
CHR Extension: (Disconnect) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2019-08-18]
CHR Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-08-18]
CHR Extension: (Skype) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Gmail) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-08]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428560 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\elevation_service.exe [968552 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc. -> Box, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11090808 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe [609552 2020-01-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 HHC7Service; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe [20248 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 HHC7ServiceMonitor; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe [19232 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\81.0.416.20\elevation_service.exe [1125256 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16647736 2020-02-24] (Adlice -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5929920 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SQLAgent$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205576 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [271120 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206608 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [64272 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42976 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175400 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552576 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110560 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84056 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848672 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [458584 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235184 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316256 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-02-20] (Malwarebytes Corporation -> Malwarebytes)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-12] (SurfRight B.V. -> )
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-23] (Martin Malik - REALiX -> REALiX™)
R3 LVPr2M64; C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [226448 2020-02-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-02-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-02-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-02-29] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-03-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-04-07] (Synaptics Incorporated -> Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2020-02-29] (Adlice -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-29 08:39 - 2020-02-29 08:46 - 000000000 ____D C:\Users\Carl's Home office\AppData\LocalLow\IGDump
2020-02-29 08:27 - 2020-02-29 08:27 - 000000000 ___HD C:\OneDriveTemp
2020-02-29 08:23 - 2020-02-29 08:23 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-02-29 08:22 - 2020-02-29 08:22 - 000226448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-02-29 08:21 - 2020-02-29 08:21 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2020-02-29 08:15 - 2020-02-29 08:18 - 000255510 _____ C:\TDSSKiller.2.8.16.0_29.02.2020_08.15.23_log.txt
2020-02-29 08:15 - 2020-02-29 08:15 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\92401588.sys
2020-02-29 08:14 - 2020-02-29 08:14 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Carl's Home office\Downloads\tdsskiller(1).exe
2020-02-28 18:27 - 2020-02-29 08:22 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-02-28 18:19 - 2020-02-28 18:19 - 000000000 ____D C:\Users\Carl's Home office\Desktop\Old Firefox Data
2020-02-28 13:44 - 2020-02-26 09:05 - 000368056 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-02-28 13:00 - 2020-02-29 08:04 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2020-02-28 13:00 - 2020-02-28 13:06 - 000000540 _____ C:\WINDOWS\Tasks\Avast Driver Updater Startup.job
2020-02-28 13:00 - 2020-02-28 13:00 - 000003064 _____ C:\WINDOWS\system32\Tasks\Avast Driver Updater Startup
2020-02-28 13:00 - 2020-02-28 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
2020-02-28 12:36 - 2020-02-28 12:36 - 025900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 018027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006522824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006085368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 005766192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004129648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002957496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-02-28 12:36 - 2020-02-28 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-02-28 12:36 - 2020-02-28 12:36 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002494952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001867088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001490848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001283600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-02-28 12:36 - 2020-02-28 12:36 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001218632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001190912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001107824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001077264 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001054376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000769552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbc32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-02-28 12:36 - 2020-02-28 12:36 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000145208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000136328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 000133944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000102760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 0000870

Back to top

#15 Rocket Grannie

SWI Australian Rebel

Administrators
7,961 posts

Posted 01 March 2020 - 03:53 PM

Carlgrus

You are posting incomplete files.

Please follow these instructions to attach both farbar files.

Thank you.

This time please attach both the FRST.TXT and Addtion.txt logs for my review.

How to attach a file to your reply:

In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.

Select the "Choose a File" navigate to the location of the File.

Click the file you wish to Attach.

Click Attach this file.

Click the Add reply button.

===

Rocket Grannie

My help is free however if you wish to make a donation please see Here

Back to top

#16 Carlgrus

Advanced Member

Full Member
141 posts

Posted 01 March 2020 - 05:12 PM

It's telling me that these files are too big to attached....Doesnt' make sense, the FRST file is only 151 KB, and the ADDITION file is only 47.9 KB

Back to top

#17 Rocket Grannie

SWI Australian Rebel

Administrators
7,961 posts

Posted 01 March 2020 - 06:30 PM

Okay.

For fixit log:

Open the fixit log > scroll down to where the Microsoft files are listed > create a space in the log by pressing enter > copy/paste the log into multiple posts until the complete log is posted.

For additional log:

This log should be able to be posted in one post but if it does not then please follow the instructions for the fixit log.

Thank you.

Rocket Grannie.

My help is free however if you wish to make a donation please see Here

Back to top

#18 Carlgrus

Advanced Member

Full Member
141 posts

Posted 01 March 2020 - 07:45 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
Ran by Carl's Home office (administrator) on CARLSHOMEOFFICE (Dell Inc. Inspiron 3847) (01-03-2020 11:18:57)
Running from C:\Users\Carl's Home office\Desktop\Spyware Utilities
Loaded Profiles: Carl's Home office (Available Profiles: Carl's Home office)
Platform: Windows 10 Pro Version 1909 18363.693 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_comm_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_system_customer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_user_customer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Carl's Home office\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe

(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] (Logitech Inc -> )
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260736 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [19456 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
HKLM-x32\...\Run: [Act.Outlook64.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook64.Service.exe [23552 2018-03-15] () [File not signed]
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272336 2019-09-24] (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
HKLM-x32\...\Run: [ISPA] => C:\Program Files (x86)\ACT\Act for Windows\Integration Services Patch for Act!\ISPA.exe [15635456 2019-07-26] () [File not signed]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc -> Logitech Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Edit] => C:\Users\Carl's Home office\AppData\Local\Box\Box Edit\Box Edit.exe [910064 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Box Local Com Server] => C:\Users\Carl's Home office\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2015-10-14] (Box, Inc. -> Box, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [Dashlane] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [AvastBrowserAutoLaunch_0F836ECA984C3E0526723B8BD7DBE0EE] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [DashlanePlugin] => C:\Users\Carl's Home office\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Carl's Home office\AppData\Local\GoToAssist Remote Support Expert\1673\g2ax_start.exe [609552 2020-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\81.0.416.20\Installer\setup.exe [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.122\Installer\chrmstp.exe [2020-02-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\Installer\chrmstp.exe [2020-02-12] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Act! Integration.lnk [2018-05-01]
ShortcutTarget: Act! Integration.lnk -> C:\Program Files (x86)\ACT\Act for Windows\Act!.Integration.exe (Swiftpage ACT! LLC -> Swiftpage ACT! LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064BD36E-BCDB-46CD-ACF9-13A6B4A6C57B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0EFB762A-61C0-4AE6-806A-940DF010D0F7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {150D82C9-E59A-49DA-8807-EAD6E46D19FE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {21B031AC-73C2-4A6B-828C-10024D4BE34D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {247DD3AE-B575-4222-AD1D-B0B4BBAE390C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {276A703C-3A0C-449B-9BF5-0882CC722510} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
Task: {28CAC893-05A9-4AE5-8C7F-4493447ADDB0} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {2BF6790F-A31C-43DB-94C3-A40E1FF7E6E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {31DB7E40-54D7-43F8-A4C8-8B2828F5544B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {32C710DC-C5BC-4C5C-AE71-19C8867B0FF8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4BC186EE-55C8-4C74-A8FC-A96917252E86} - System32\Tasks\avastBCLRestartS-1-5-21-4082023381-4228950685-2120871074-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {4D302C6E-2812-4C0C-A846-F4965C8B87F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {510FFD6D-204A-4A85-8877-37714070C549} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {59C94174-5C50-4FE9-A998-2CFCBBD6F3ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6EBCED19-A5AA-4C5F-AA32-8D7C97E908BE} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Carl's Home office\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-09] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {7921314D-7FD8-4E2B-A199-3EE88335B540} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A7B229D-6FA5-4A98-9801-0E27A3A31B5D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {7C083749-20F3-42A8-B804-1FE7572530F8} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {848C0DB1-86CD-4240-8B8C-9410839A52D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B01CE21-C809-4465-A50D-C369ECF9F245} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe)
Task: {8F620EFD-F444-453A-8358-E6C0A737094E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2A4646A-D0EE-4980-8B0E-9B144AC178FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A2FAAFBC-7C9C-406B-BFA2-C2D1893DF90E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe)
Task: {AAD6F6FE-4E5D-4195-8C41-5AA95FCBC88F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AB1096F7-945E-49D5-BA98-BDAE6E8B1300} - System32\Tasks\IMF Task (One-Time) => C:\Program Files (x86)\IObit\IObit Malware Fighter\XmasPromote.exe
Task: {AFE25C68-FD80-4E09-B3CF-DA472E1DE9DA} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6BDCBEE-D800-4B35-B53B-B8C278F8F8BC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600424 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B77FE6C8-210B-4A91-9AE2-8B829EC10380} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600424 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B907722E-6A9F-45D2-9BDE-7DE92653CF84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {BEC7AABE-1D7D-4157-A434-C4E90D0FD962} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4720FBC-E792-4675-BAF5-9DC4E5EA9717} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {E0B63957-6254-4855-8E48-4E34770EF658} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E7CCA715-D05A-4DF5-AF8D-F470BA7047AD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {ECFEAC9B-067F-4163-BE80-A50724812405} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Carl's Home office\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-09] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {FC5E1860-C5BC-4FA6-B4DA-5A8F1087F3EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{024ac722-11a5-4173-b7b9-1f9217401d4b}: [DhcpNameServer] 192.168.1.7
Tcpip\..\Interfaces\{27bf6332-1abb-4236-8cf9-2d756c577b54}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5ef848db-49b9-4750-81a5-a11041a9972b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c82f08cb-58c3-4dc5-94cd-05a5f9a3acf7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Program Files (x86)\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.DLL [2018-03-15] (Swiftpage ACT! LLC) [File not signed]
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2020-02-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-28] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Carl's Home office\Downloads
Edge Extension: (Dashlane - Password Manager) -> EdgeExtension_DashlaneDashlaneEdgeExtension_ks9qrcqmdm1bm => C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2004.3.0_neutral__ks9qrcqmdm1bm [2020-02-13]

FireFox:
========
FF DefaultProfile: hti2sk13.default-1582931933383
FF ProfilePath: C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 [2020-03-01]
FF Homepage: Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 -> hxxps://www.bing.com/?pc=U528
FF HomepageOverride: Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383 -> Enabled: {3e06d96e-26f5-4a68-ac64-2b6bc583a35d}
FF Extension: (Facebook Container) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\@contain-facebook.xpi [2020-02-28]
FF Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\ciscowebexstart1@cisco.com.xpi [2020-02-28]
FF Extension: (iCloud Bookmarks) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\firefoxdav@icloud.com.xpi [2020-02-28]
FF Extension: (Dashlane) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\jetpack-extension@dashlane.com.xpi [2020-02-29] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (Bing Homepage and Search Engine) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\{3e06d96e-26f5-4a68-ac64-2b6bc583a35d}.xpi [2020-02-28] [UpdateUrl:hxxps://browserdefaults.azurewebsites.net/FirefoxExtn/updateextension.json]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Roaming\Mozilla\Firefox\Profiles\hti2sk13.default-1582931933383\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-02-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-09-19]
FF Plugin ProgramFiles/Appdata: C:\Users\Carl's Home office\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default [2020-03-01]
CHR HomePage: Default -> hxxps://my.yahoo.com/?mkg=015
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Docs) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-22]
CHR Extension: (Google Search) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2020-02-29]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-02-06]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-08]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-02-12]
CHR Extension: (Sheets) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Avast Online Security) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-29]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-18]
CHR Extension: (Disconnect) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2019-08-18]
CHR Extension: (Cisco Webex Extension) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-08-18]
CHR Extension: (Skype) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Gmail) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Carl's Home office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-29]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2018-03-15] (Swiftpage ACT! LLC) [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
S2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27648 2018-03-15] (Microsoft) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428560 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\elevation_service.exe [968552 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc. -> Box, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\80.0.3987.18\remoting_host.exe [73200 2019-12-17] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11090808 2020-02-21] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1673\g2ax_service.exe [609552 2020-01-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
S2 HHC7Service; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCService.exe [20248 2019-05-07] (Keystroke Quality Computing Inc -> )
S2 HHC7ServiceMonitor; C:\Program Files (x86)\Keystroke\HHC Enterprise Edition\HHCServiceMonitor.exe [19232 2019-05-07] (Keystroke Quality Computing Inc -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\81.0.416.20\elevation_service.exe [1125256 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16647736 2020-02-24] (Adlice -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5929920 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SQLAgent$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-04-11] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205576 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [271120 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206608 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [64272 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42976 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175400 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552576 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110560 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84056 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848672 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [458584 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235184 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316256 2020-02-26] (Avast Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-02-20] (Malwarebytes Corporation -> Malwarebytes)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-12] (SurfRight B.V. -> )
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-23] (Martin Malik - REALiX -> REALiX™)
R3 LVPr2M64; C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] (Logitech Inc -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [226448 2020-03-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-03-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-03-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-03-01] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-03-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-04-07] (Synaptics Incorporated -> Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2020-03-01] (Adlice -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2020-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2020-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-01 10:17 - 2020-03-01 10:17 - 000000000 ____D C:\Users\Carl's Home office\AppData\LocalLow\IGDump
2020-03-01 10:06 - 2020-03-01 10:17 - 000125240 _____ C:\TDSSKiller.2.8.16.0_01.03.2020_10.06.39_log.txt
2020-03-01 10:06 - 2020-03-01 10:06 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\26214143.sys
2020-03-01 10:05 - 2020-03-01 10:06 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Carl's Home office\Downloads\tdsskiller(2).exe
2020-03-01 08:50 - 2020-03-01 08:50 - 000000000 ___HD C:\OneDriveTemp
2020-03-01 08:45 - 2020-03-01 08:45 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-03-01 08:44 - 2020-03-01 08:44 - 000226448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-03-01 08:44 - 2020-03-01 08:44 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-03-01 08:43 - 2020-03-01 08:43 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-03-01 08:42 - 2020-03-01 08:42 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2020-03-01 08:40 - 2020-03-01 08:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-03-01 07:44 - 2020-03-01 08:40 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-03-01 07:44 - 2020-03-01 08:40 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-03-01 07:44 - 2020-03-01 08:40 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2020-03-01 07:44 - 2020-03-01 08:40 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-03-01 07:44 - 2020-03-01 08:40 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-03-01 07:44 - 2020-03-01 08:40 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-02-29 08:15 - 2020-02-29 08:18 - 000255510 _____ C:\TDSSKiller.2.8.16.0_29.02.2020_08.15.23_log.txt
2020-02-29 08:15 - 2020-02-29 08:15 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\92401588.sys
2020-02-29 08:14 - 2020-02-29 08:14 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Carl's Home office\Downloads\tdsskiller(1).exe
2020-02-28 18:19 - 2020-02-28 18:19 - 000000000 ____D C:\Users\Carl's Home office\Desktop\Old Firefox Data
2020-02-28 13:44 - 2020-02-26 09:05 - 000368056 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 025900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 018027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006522824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 006085368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 005766192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 004129648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002957496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-02-28 12:36 - 2020-02-28 12:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-02-28 12:36 - 2020-02-28 12:36 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002494952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001867088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001490848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001283600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-02-28 12:36 - 2020-02-28 12:36 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001218632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001190912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001107824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001077264 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 001054376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000769552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbc32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-02-28 12:36 - 2020-02-28 12:36 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000145208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000136328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2020-02-28 12:36 - 2020-02-28 12:36 - 000133944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2020-02-28 12:36 - 2020-02-28 12:36 - 000102760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2020-02-28 12:36 - 2020-02-28 12:36 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-02-28 12:36

Back to top

#19 Carlgrus

Advanced Member

Full Member
141 posts

Posted 01 March 2020 - 07:46 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
Ran by Carl's Home office (01-03-2020 11:20:17)
Running from C:\Users\Carl's Home office\Desktop\Spyware Utilities
Windows 10 Pro Version 1909 18363.693 (X64) (2019-07-11 18:00:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4082023381-4228950685-2120871074-500 - Administrator - Disabled)
Carl's Home office (S-1-5-21-4082023381-4228950685-2120871074-1000 - Administrator - Enabled) => C:\Users\Carl's Home office
DefaultAccount (S-1-5-21-4082023381-4228950685-2120871074-503 - Limited - Disabled)
Guest (S-1-5-21-4082023381-4228950685-2120871074-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4082023381-4228950685-2120871074-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Act! Pro (HKLM-x32\...\{EFE72412-EEF7-4F36-BEBF-05760A66F4D8}) (Version: 20.1.0.0 - Swiftpage ACT! LLC) Hidden
Act! Pro (HKLM-x32\...\InstallShield_{EFE72412-EEF7-4F36-BEBF-05760A66F4D8}) (Version: 20.1.0.0 - Swiftpage ACT! LLC)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Captivate Reviewer (HKLM-x32\...\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Driver Updater (HKLM-x32\...\{630C3D8E-2BEE-465F-9E59-BB069ED10761}) (Version: 2.5.6 - AVAST Software) Hidden
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 20.1.2397 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 79.0.3061.79 - AVAST Software)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Blackboard Collaborate Launcher (HKLM-x32\...\{C4F79F84-C509-48B0-81B8-3C2FA2182406}) (Version: 1.6.0.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{971E08B6-598E-45A2-96AE-0E391B04065B}) (Version: 4.0.7035.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{a2f46f55-295e-4741-927c-13214bb90d8c}) (Version: 4.0.6380.0 - Box Inc.) Hidden
Box Tools (HKLM-x32\...\{175415DF-4256-44C9-8C7D-B133FFF6F5DA}) (Version: 3.1.8.1235 - Box)
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{EF08968E-F7E7-43EA-95B1-1E8ACC8CC459}) (Version: 80.0.3987.18 - Google Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Dashlane (HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\Dashlane) (Version: 6.2007.0.32704 - Dashlane, Inc.)
Dell System Detect (HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
dr.fone (Version 9.2.0) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 9.2.0.11 - Wondershare Technology Co.,Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 91.4.548 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
DVDStyler v2.8.1 (HKLM-x32\...\DVDStyler_is1) (Version: - )
Esri Maps for Office 3.0 (HKLM-x32\...\{75CEAED5-C701-48B4-8DAA-19C50B01F235}) (Version: 3.0.0.574 - Environmental Systems Research Institute, Inc.)
Family Tree Maker 2014.1 (HKLM\...\{6DF6B967-71FE-4921-BC4C-91724F22726C}) (Version: 22.0.1510 - Software MacKiev)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.3.1570 - Software MacKiev)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.122 - Google LLC)
Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToAssist Customer 4.7.0.1673 (HKLM-x32\...\GoToAssist Express Customer) (Version: 4.7.0.1673 - LogMeIn, Inc.)
GoToAssist Expert 4.7.0.1673 (HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\GoToAssist Remote Support Expert) (Version: 4.7.0.1673 - LogMeIn, Inc.)
Handheld Contact 4.2.7.0 (HKLM-x32\...\{55579F6C-071F-4224-BC68-F20E66407DF6}) (Version: 4.2.7.0 - Keystroke.ca) Hidden
Handheld Contact 4.2.7.0 (HKLM-x32\...\InstallShield_{55579F6C-071F-4224-BC68-F20E66407DF6}) (Version: 4.2.7.0 - Keystroke.ca)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP 10bII+ Virtual Calculator (HKLM-x32\...\{C6ABAE79-1C6E-45DF-84DA-ADA90740F2FB}) (Version: 1.3.0.0 - Hewlett-Packard)
iCloud (HKLM\...\{359CA9EA-898C-4F5C-80D9-C111F27B489E}) (Version: 7.17.0.13 - Apple Inc.)
Insperity ExpensAble Office (HKLM-x32\...\{12C45EBF-343F-40F8-87AE-C9BEA335D5E0}) (Version: 9.1.1 - Insperity Expense Management)
Integration Services Patch for Act! (HKLM-x32\...\{58AEEE89-2CD8-45D0-BC80-A9F5E3DE465C}) (Version: 1.0.1150.0 - Integration Services Patch for Act!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{49F48AA2-DEA7-453A-8735-9C862E7C8467}) (Version: 12.10.4.2 - Apple Inc.)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge Beta (HKLM-x32\...\Microsoft Edge Beta) (Version: 81.0.416.20 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.121.21 - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12527.20194 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\96ec27b90e2abd99) (Version: 17.0.4163.10 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 73.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 73.0.1 (x64 en-US)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
MyHarmony (HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20186 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.20194 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
RogueKiller version 14.2.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.2.1.0 - Adlice Software)
Samsung AllShare (HKLM-x32\...\{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (HKLM-x32\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Shuffle for PowerPoint (HKLM-x32\...\{6B802AFC-4C59-4BED-9051-F2A6A1CF526A}) (Version: 3.0.2 - PowerPoint Alchemy)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
SQL Server 2008 R2 SP1 Common Files (HKLM-x32\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (HKLM-x32\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (HKLM-x32\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (HKLM-x32\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (HKLM-x32\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (HKLM-x32\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VSDC Free Video Editor version 5.7.7.702 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.7.702 - Flash-Integro LLC)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24101}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Zwift version 1.0.19 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.0.19 - Zwift, LLC)

Packages:
=========
Clock (Live tile, alarm, timer) -> C:\Program Files\WindowsApps\12199Asparion.AsparionClock_4.0.2.69_x64__f89vgcf3qm37t [2016-10-02] (Asparion) [MS Ad]
Dashlane - Password Manager -> C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2004.3.0_neutral__ks9qrcqmdm1bm [2020-02-13] (Dashlane)
Dropbox for S mode -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.3.0_x64__xbfy0k16fey96 [2019-09-26] (Dropbox Inc.)
GasBuddy -> C:\Program Files\WindowsApps\45351D82.GasBuddy-FindCheapGasPrices_2.0.1.0_x64__932xwky9axss4 [2016-04-07] (GasBuddy Organization Inc.)
HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6 [2016-08-29] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x64__v10z8vjag6ke6 [2020-02-13] (HP Inc.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-06-27] (LinkedIn)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.12130.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.35.20273.0_x64__8wekyb3d8bbwe [2020-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.1.1149.0_x86__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_1.7.10190.0_x86__8wekyb3d8bbwe [2019-11-07] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-01-30] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-01-30] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-01-30] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Photo Box Pro -> C:\Program Files\WindowsApps\47563SyoSoft.PhotoBoxPro_1.1.145.0_x64__q6gt1z8hya89m [2020-02-13] (SyoSoft) [MS Ad]
US National Parks -> C:\Program Files\WindowsApps\Microsoft.USNationalParks_1.0.0.0_neutral__8wekyb3d8bbwe [2018-04-26] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000_Classes\CLSID\{4A8FCD9F-623C-4283-96F0-10F41846A98A} -> [Box Sync] => C:\Users\Carl's Home office\Box Sync [2015-06-08 17:31]
CustomCLSID: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Carl's Home office\Dropbox [2014-12-07 16:34]
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2015-12-01] (Box, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2015-12-01] (Box, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2015-12-01] (Box, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2015-12-01] (Box, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2015-12-01] (Box, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BoxContextMenuClient] -> {87768833-3c5c-30fb-af03-ba34bc95d084} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2015-12-01] (Box, Inc.) [File not signed]
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitShellExt64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-12-22] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [BoxContextMenuClient] -> {87768833-3c5c-30fb-af03-ba34bc95d084} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2015-12-01] (Box, Inc.) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitShellExt64.dll [2010-04-13] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-12-22] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-12-22] (WinZip Computing LLC -> WinZip Computing, S.L.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [398360 2009-10-07] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2009-10-07] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Carl's Home office\Desktop\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Carl's Home office\AppData\Local\Microsoft\Edge Beta\User Data\Default\Microsoft Edge Beta.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Carl's Home office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Carl's Home office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Carl's Home office\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --remote-debugging-port=9223
ShortcutWithArgument: C:\Users\Carl's Home office\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --remote-debugging-port=9223
ShortcutWithArgument: C:\Users\Carl's Home office\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge Beta.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2010-04-13 17:48 - 2010-04-13 17:48 - 000066192 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 10\LFJbg15U.DLL
2010-04-13 17:48 - 2010-04-13 17:48 - 000126096 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 10\LFPng15U.DLL
2010-04-13 17:48 - 2010-04-13 17:48 - 000212112 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgclr15u.dll
2010-04-13 17:48 - 2010-04-13 17:48 - 000208016 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgefx15u.dll
2010-04-13 17:48 - 2010-04-13 17:48 - 000134288 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 10\Ltimgutl15u.dll
2010-04-13 17:48 - 2010-04-13 17:48 - 000138384 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 10\Ltscr15u.dll
2010-04-13 17:48 - 2010-04-13 17:48 - 000122000 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 10\Lttwn15u.dll
2018-05-17 16:54 - 2017-09-27 16:30 - 000489984 _____ (Newtonsoft) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\Newtonsoft.Json.dll
2018-12-30 09:48 - 2020-02-11 09:24 - 001240064 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\libeay32.dll
2018-12-30 09:48 - 2020-02-11 09:24 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\ssleay32.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qgif.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qicns.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qico.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000298496 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qjpeg.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qsvg.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qtga.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qtiff.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qwbmp.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\imageformats\qwebp.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 001126400 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\platforms\qwindows.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 004994048 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Core.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 003637248 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Gui.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 001088512 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Network.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000280576 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Positioning.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000278016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5PrintSupport.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 002966016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Qml.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 002796032 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Quick.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000048640 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5QuickWidgets.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000163840 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Sql.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000268288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Svg.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000092160 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5WebChannel.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 055062528 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5WebEngineCore.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000190976 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5WebEngineWidgets.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 004590592 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\Qt5Widgets.dll
2020-02-20 06:33 - 2020-02-11 09:24 - 000122368 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Carl's Home office\AppData\Roaming\Dashlane\6.2007.0.32704\bin\Qt\styles\qwindowsvistastyle.dll
2018-05-17 16:54 - 2018-01-26 16:08 - 000088064 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCollect.dll
2018-05-17 16:54 - 2018-01-26 16:08 - 000200192 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Carl's Home office\Desktop\CCIM_Financial_Calculator_v7.5.xlsm:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Carl's Home office\Desktop\Copy of IMG_0079 (2).JPG:com.dropbox.attributes [416]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7941 more sites.

IE trusted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\sharepoint.com -> hxxps://haynesgroupct-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\...\123simsen.com -> www.123simsen.com

There are 7943 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2020-02-03 18:11 - 000948734 ____R C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0   fr.a2dfp.net
0.0.0.0   m.fr.a2dfp.net
0.0.0.0   mfr.a2dfp.net
0.0.0.0   ad.a8.net
0.0.0.0   asy.a8ww.net
0.0.0.0   static.a-ads.com
0.0.0.0   atlas.aamedia.ro
0.0.0.0   abcstats.com
0.0.0.0   ad4.abradio.cz
0.0.0.0   a.abv.bg
0.0.0.0   adserver.abv.bg
0.0.0.0   adv.abv.bg
0.0.0.0   bimg.abv.bg
0.0.0.0   ca.abv.bg
0.0.0.0   www2.a-counter.kiev.ua
0.0.0.0   track.acclaimnetwork.com
0.0.0.0   accuserveadsystem.com
0.0.0.0   www.accuserveadsystem.com
0.0.0.0   achmedia.com
0.0.0.0   csh.actiondesk.com
0.0.0.0   ads.activepower.net
0.0.0.0   app.activetrail.com
0.0.0.0   stat.active24stats.nl
0.0.0.0   traffic.acwebconnecting.com
0.0.0.0   office.ad1.ru
0.0.0.0   cms.ad2click.nl
0.0.0.0   ad2games.com
0.0.0.0   ads.ad2games.com
0.0.0.0   content.ad20.net
0.0.0.0   core.ad20.net

There are 29239 more lines.

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\Carl's Home office\AppData\Local\Smartbar\Application\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4082023381-4228950685-2120871074-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carl's Home office\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Back to top

#20 Rocket Grannie

SWI Australian Rebel

Administrators
7,961 posts

Posted 02 March 2020 - 05:00 PM

Carlgrus

Both of those logs are incomplete.

nasdaq cannot help you without complete logs.

Please run FRST again and then:

Go here to Dropbox
Open an account if necessary

Post the two logs into your Dropbox account

Post the link here.

Thank you

Rocket Grannie

My help is free however if you wish to make a donation please see Here

Back to top

#21 Carlgrus

Advanced Member

Full Member
141 posts

Posted 02 March 2020 - 05:36 PM

O.k. here are the links to the files...I hope this works...

https://www.dropbox....y/FRST.txt?dl=0

https://www.dropbox....dition.txt?dl=0

Back to top

#22 nasdaq

Forum Deity

Global Moderator
49,318 posts

Posted 03 March 2020 - 07:53 AM

Hi,

Lets take an other approach.

Execute the CMD.EXE as an administrator.

At the DOS prompt execute this command in bold. (you can copy and post the command)

CMD: ECHO Y|CHKDSK C: /F

When completed execute this command.

cmd: sfc /scannow

Post the contents of the sfcdetails.txt file for my review.

Let me know what problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#23 Carlgrus

Advanced Member

Full Member
141 posts

Posted 03 March 2020 - 02:45 PM

I ran both, and all I got at the end of the sfc /scannow was "Windows Resource Protection did not find any integrity violations". There was no text file to post. And this PC is still running rather slow.

Back to top

#24 nasdaq

Forum Deity

Global Moderator
49,318 posts

Posted 04 March 2020 - 09:35 AM

Hi,

Avast and Malwarebytes may be conflicting.

Execute the directives on this page.

https://support.malw...es/360038522974

Restart the computer when done.

One more think.

I see that you have two versions of the Avast Firewall enabled.

Did you at one point Upgrade Avast from a previously installed version.

If your problem persists you may want to take this matter with them.

===

In the event that the sloness persists try these fixes.

Check for Driver updates.

Follow the directives on this page.

https://www.windowsc...vers-windows-10

===

Download Farbar's Service Scanner utility

http://www.bleepingc...-scanner/dl/62/

and Save to your Desktop.

If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

===

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#25 Carlgrus

Advanced Member

Full Member
141 posts

Posted 04 March 2020 - 12:39 PM

O.K. Thank you again. Here's the FSS.txt file. I did take care of the Avast Malwarebytes conflict and rebooted before running Farbar. Right now, it seems to be running well again...I'll let you know. Thank you for everything.

Farbar Service Scanner Version: 14-12-2019
Ran by Carl's Home office (administrator) on 04-03-2020 at 13:33:34
Running from "C:\Users\Carl's Home office\Downloads"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Back to top

#26 nasdaq

Forum Deity

Global Moderator
49,318 posts

Posted 05 March 2020 - 06:35 AM

Hi,

Looking good.

Stay safe.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

Back to Malware Removal

Internet is suddenly incredibly slow

#1 Carlgrus

#2 nasdaq

#3 Carlgrus

#4 Carlgrus

#5 nasdaq

#6 Carlgrus

#7 Rocket Grannie

#8 Carlgrus

#9 nasdaq

#10 Carlgrus

#11 nasdaq

#12 Carlgrus

#13 nasdaq

#14 Carlgrus

#15 Rocket Grannie

#16 Carlgrus

#17 Rocket Grannie

#18 Carlgrus

#19 Carlgrus

#20 Rocket Grannie

#21 Carlgrus

#22 nasdaq

#23 Carlgrus

#24 nasdaq

#25 Carlgrus

#26 nasdaq

Sign In