HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23842096 2020-03-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {30406D63-E208-40FB-9258-AF1A413A82C9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {3AB1ACAC-FC5B-4C62-A460-1AD030A3F25D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4369824 2020-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {55A570D6-CB4D-4478-BBA7-38E69B318E19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4369824 2020-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6E801BB-5F4F-4EBD-B826-0035209DCEB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F555DBA0-0156-4A08-A839-E3A65FE99F69} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11091224 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "Lync"
C:\Program Files (x86)\Microsoft Office
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: