Jump to content

Caught Unhandled unknown exception


Recommended Posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Fred (05-01-2018 14:19:00)
Running from C:\Users\Fred\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-15 00:10:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1049290416-505966412-610834254-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1049290416-505966412-610834254-503 - Limited - Disabled)
Fred (S-1-5-21-1049290416-505966412-610834254-1001 - Administrator - Enabled) => C:\Users\Fred
Guest (S-1-5-21-1049290416-505966412-610834254-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1049290416-505966412-610834254-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Amnis Packages (HKU\S-1-5-21-1049290416-505966412-610834254-1001\...\Amnis Packages) (Version:  - ) <==== ATTENTION
Android-Sync version v1.160 (HKLM-x32\...\{B148E192-F289-4297-85BF-70E2A422EB25}_is1) (Version: v1.160 - Android-Sync.com)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
AX88179_AX88178A Windows 8.1 Drivers (HKLM-x32\...\{23CD4583-326F-40FC-A9AA-5A48EA066C16}) (Version: 2.0.1.0 - ASIX Electronics Corporation) Hidden
AX88179_AX88178A Windows 8.1 Drivers (HKLM-x32\...\InstallShield_{23CD4583-326F-40FC-A9AA-5A48EA066C16}) (Version: 2.0.1.0 - ASIX Electronics Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother's Keeper 7.1 (HKLM-x32\...\Brother's Keeper 7.1) (Version:  - )
Calendar Creator 12 (HKLM-x32\...\CC12_is1) (Version: 12.0.1.6 - Broderbund Software, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.49.0 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
DisplayLink Core Software (HKLM\...\{F3B9FCD6-4E63-40B6-A38F-A38644E70629}) (Version: 7.9.1589.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{BDE955CB-37C5-43C3-A22D-BE9F7ADB6AA9}) (Version: 7.9.703.0 - DisplayLink Corp.)
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.2.70 - Nuance Communications, Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.2.70 - Nuance Communications, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
ELAN Touchpad 15.8.8.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.8.2 - ELAN Microelectronic Corp.)
EZCast (HKLM-x32\...\{74CECDD9-4B8E-4AE3-9571-8070A17F3C34}) (Version: 2.0.0.14 - Actions-Micro)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.5.0.1165 - Citrix Systems, Inc.)
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.8.47.1 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{32E851D9-FA8D-4F60-BED4-B0F613BF5E20}) (Version: 5.1.18.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{72059B36-031F-495E-B1A6-5346A905386E}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Kodi (HKU\S-1-5-21-1049290416-505966412-610834254-1001\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MediaPlayerLite 0.5.4.0 (HKLM-x32\...\MediaPlayerLite) (Version: 0.5.4.0 - MediaPlayerLite)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1049290416-505966412-610834254-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.15.10 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29079 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.3 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.1.9.0 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.01.56006006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0041 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.5.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}) (Version: 21.0.12288 - WinZip Computing, S.L. )
ZoomInfo Contact Contributor (HKU\S-1-5-21-1049290416-505966412-610834254-1001\...\ZoomInfo Contact Contributor) (Version: 52 - )
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1049290416-505966412-610834254-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-23] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-23] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-10-26] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-10-26] (WinZip Computing, S.L.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-23] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-10-26] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {026363A8-8415-453D-922D-971E52981CDD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {0ABD8807-9FA5-4EC1-9D46-03104F74A459} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {148F0707-F603-4201-BAE7-42D20A9A5518} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
Task: {195C9B00-B680-49B5-BD0D-2C947F359A2F} - \WPD\SqmUpload_S-1-5-21-1049290416-505966412-610834254-1001 -> No File <==== ATTENTION
Task: {1AC003BA-EB58-4058-89FA-C63B5090E2E6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {2AE47704-B13D-41BA-BE4D-BA34E14448F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {548B7D78-EA86-49E2-9C8B-5EE66FB80192} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {630D6F58-E191-43BC-9549-AAD9372E8603} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {6666A959-A5B4-4A88-BD6E-C6A6C5A73458} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6A018EBD-832A-409F-9F0F-BC4B6E0DF976} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {857E30E3-904A-4C6E-AE70-85BB5BB2624C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {86D95698-C0D4-4476-B9E8-1B63B791845B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8A05440A-5EEB-4C7B-9087-C2E909FF6412} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {9627F4BC-7C4B-47D5-BD22-DC5961B7DF74} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {998C6474-1536-4BEE-B565-47D080EAFC97} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-12-13] (Microsoft Corporation)
Task: {A1723CA9-8825-4E61-94DF-71FBB681CEEB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {B1C52C4D-D95B-4DEE-8484-D9E6EF46CFF2} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
Task: {B40BBAA4-DCE0-446D-AF9B-0E76B131A986} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {C5DD94C0-CCA2-4C05-A535-B0DA8C00DBB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {C8165170-E340-4D07-ACFA-93B022B3CC75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {C8556B9E-2553-4E54-9914-5BABC75C1C00} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-26] (WinZip Computing, S.L.)
Task: {CB1BE14C-8A96-4381-ACA7-8F318CB0D87F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {CE822CBD-675F-4EF4-88C4-F95CF7AE9C24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {D61B578B-B3B9-4AB9-9F97-EFE513BB6B27} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {D8AC99F3-4FD9-4707-86E2-3EB8682A63B6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DECD030C-5648-430D-A2E5-BB6B53418722} - System32\Tasks\{47D56B6D-7BFF-B615-E1BB-08B0D3DBAF22} => C:\Users\Fred\AppData\Local\{D832E~1\UNINST~1.EXE <==== ATTENTION
Task: {E245D03D-311D-47F7-9A07-D43747AFB162} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {F3CE2263-D6B6-472F-A682-116B8993E079} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F918BD59-4ABE-4E49-AB7E-B468948EB9BD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {FFE551E6-D46E-407E-B7D7-90C5C12EAA32} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\{47D56B6D-7BFF-B615-E1BB-08B0D3DBAF22}.job => C:\Users\Fred\AppData\Local\{D832E~1\UNINST~1.EXE <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-10 22:17 - 2017-12-12 06:58 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-14 10:15 - 2017-12-14 10:15 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-14 10:15 - 2017-12-14 10:15 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-03 03:33 - 2018-01-03 03:33 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 03:33 - 2018-01-03 03:33 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 03:33 - 2018-01-03 03:33 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 03:33 - 2018-01-03 03:33 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 03:33 - 2018-01-03 03:33 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-29 05:41 - 2017-09-29 05:41 - 000030208 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2017-12-27 17:38 - 2017-12-27 17:39 - 000755712 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
2017-12-14 16:56 - 2017-12-14 16:56 - 004307968 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1712.3351.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-12-13 20:08 - 2017-12-13 20:08 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-12-13 20:08 - 2017-12-13 20:08 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 03:24 - 2017-10-05 03:27 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-11 06:33 - 2017-11-11 06:36 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 03:24 - 2017-10-05 03:25 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 11:05 - 2017-08-29 11:05 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 004038144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-12-13 20:08 - 2017-12-13 20:08 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\SKU.dll
2014-10-10 09:37 - 2014-10-10 09:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000147456 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000384000 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000012800 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000838656 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000038912 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000113664 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:38 - 000630784 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 061463631 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000014862 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:38 - 000081408 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:38 - 000875008 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:38 - 000989696 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000095232 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000360960 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000093184 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000090112 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:38 - 000053760 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:38 - 000823296 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:38 - 149155819 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\App.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 000457728 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:38 - 006690261 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 004764445 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 001283533 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 002054893 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2017-12-27 17:38 - 2017-12-27 17:39 - 021502193 _____ () C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2013-08-22 05:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1049290416-505966412-610834254-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Fred\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\majesticmtns.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AndroidSync"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1049290416-505966412-610834254-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1049290416-505966412-610834254-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1049290416-505966412-610834254-1001\...\StartupApproved\Run: => "HP Officejet Pro 6830 (NET)"
HKU\S-1-5-21-1049290416-505966412-610834254-1001\...\StartupApproved\Run: => "BingSvc"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DD9FA5DD-BD77-4748-B256-1D0480B8E18A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3E89F8BB-BC6B-46C0-A86B-A5FF0029302F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2D3D9871-DFC7-49C9-AB3C-002491A6A0CF}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS34D0\HPDiagnosticCoreUI.exe
FirewallRules: [{CFB87C42-1394-42EC-A919-DE5702A3690E}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS34D0\HPDiagnosticCoreUI.exe
FirewallRules: [{1BFF511D-6FAC-4FE8-8C21-5FD3CD4DA98D}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS340C\HPDiagnosticCoreUI.exe
FirewallRules: [{AD1ED817-BC37-4DFD-91C0-D8BAC8D48F6B}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS340C\HPDiagnosticCoreUI.exe
FirewallRules: [{79B8F1BB-D4D3-4704-9083-490B1DC23441}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{D8E68BCE-C36E-4815-AFC2-50503A69BC99}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{22E58420-3A67-409C-945B-60DA26E4255C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{69748DF3-CCC1-46C9-8807-5819AA653D5F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{76D7D7E2-2F91-41AF-8AFE-2D466550CD83}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2B9DAA63-137E-4C5A-9577-03ED83214322}] => (Allow) C:\Users\Fred\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{1C286C75-5699-49BE-98DC-910CA9579D39}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{239FDF9F-E2CD-47E8-A755-07D928050924}] => (Allow) LPort=5357
FirewallRules: [{F6BEEB5A-8DE2-4A02-86F2-85D8C242A6E2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{4653AB52-7ED3-4D4D-BAA0-16D70B708AEC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{DD1AAEA8-4CE6-46D2-BBDE-62993F6D1288}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{A010A0BA-C26D-4B6A-AFAB-5B630A98ECA5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{F253DF91-9541-44BD-916D-52960D45CEBF}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{F557379A-977D-404A-974C-BE98B81800FA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{2BD8CA1F-C07A-47F5-9D86-A1C87A45D77A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0E67D9FA-1E31-48A3-9C3E-169628FD846D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{23D4ABC9-EC49-421C-9787-92AEBA6897EE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5FD7A92B-F89B-4928-8392-15FC225E5EA2}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{17DE24C8-0DFB-4EAC-8FBE-1DF999117755}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0B240350-4E14-49E4-A077-2D28EEA608D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69AC64B8-EED3-45EA-B4CF-622B25B18D9F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08B0F9CB-FC22-4697-8BFD-9BF2B67A36CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1DE6EA2-19D0-4855-BF01-A4D08B75A3EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{159B762C-B0C3-4705-B93E-60B31169F54C}] => (Allow) C:\Program Files (x86)\EZCast\EZCast.exe
FirewallRules: [{505D41E4-7E11-40B8-8F97-FA0419E45674}] => (Allow) C:\Program Files (x86)\EZCast\EZScreen
FirewallRules: [{8470576D-0F90-4311-B2E6-B612935CADF5}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS1A8D\HPDiagnosticCoreUI.exe
FirewallRules: [{06194A47-7FEA-4442-A410-97B4089493A0}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS1A8D\HPDiagnosticCoreUI.exe
FirewallRules: [{C7C4835D-3013-46A0-9DDA-69561CD2EBF5}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS0AA3\HPDiagnosticCoreUI.exe
FirewallRules: [{85C6050D-52E0-4E35-B812-442A9A8994AD}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS0AA3\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{E132B893-BCDC-4258-9390-108EE201767B}C:\users\fred\appdata\local\temp\7zs0aa3\hpdiagnosticcoreui.exe] => (Allow) C:\users\fred\appdata\local\temp\7zs0aa3\hpdiagnosticcoreui.exe
FirewallRules: [UDP Query User{6FE39B57-E860-4F1F-9883-8A16829EB41A}C:\users\fred\appdata\local\temp\7zs0aa3\hpdiagnosticcoreui.exe] => (Allow) C:\users\fred\appdata\local\temp\7zs0aa3\hpdiagnosticcoreui.exe
FirewallRules: [{879E8749-34A9-4EAA-87D0-5ED25F78561C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{44B0D7C3-AEA0-4611-95FE-B013B115EE1B}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
FirewallRules: [{5ACA3F80-EAD2-4D91-9074-0286FEBF836A}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
FirewallRules: [{5235AA63-4199-4F0F-813B-3FEDC3FD1A60}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS458C\HPDiagnosticCoreUI.exe
FirewallRules: [{02655CF1-F7EC-4D91-90FD-2E2081D5DA83}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS458C\HPDiagnosticCoreUI.exe
FirewallRules: [{80C8C542-8068-467B-B3D2-F7AD39DEB06A}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS4A56\HPDiagnosticCoreUI.exe
FirewallRules: [{295F1E96-254E-4B21-8810-263F4184DBF8}] => (Allow) C:\Users\Fred\AppData\Local\Temp\7zS4A56\HPDiagnosticCoreUI.exe
==================== Restore Points =========================
23-12-2017 21:09:31 Scheduled Checkpoint
29-12-2017 15:53:30 Windows Modules Installer
02-01-2018 09:55:42 Windows Modules Installer
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (01/04/2018 07:33:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BETS)
Description: Package Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (01/04/2018 07:31:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvLaunch.exe".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/04/2018 07:11:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Alerts. Error: Operation failed.
Error: (01/04/2018 07:11:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.
Error: (01/04/2018 06:40:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 16.0.8730.2127, time stamp: 0x5a2a2ac6
Faulting module name: EXCEL.EXE, version: 16.0.8730.2127, time stamp: 0x5a2a2ac6
Exception code: 0xc0000005
Fault offset: 0x000cad6d
Faulting process id: 0x22ec
Faulting application start time: 0x01d3859f77037100
Faulting application path: C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE
Faulting module path: C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE
Report Id: d6eb87fc-838f-46e0-a897-fc15f5ea95fa
Faulting package full name:
Faulting package-relative application ID:
Error: (01/02/2018 05:27:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AndroidSync.exe, version: 1.1.6.0, time stamp: 0x2a425e19
Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x5a06f735
Exception code: 0x01605605
Fault offset: 0x00015cc0
Faulting process id: 0x4ac
Faulting application start time: 0x01d383cd5430cbcd
Faulting application path: C:\Program Files (x86)\Android-Sync\AndroidSync.exe
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll
Report Id: bfd33513-7bd9-4358-a923-6d850b424165
Faulting package full name:
Faulting package-relative application ID:
Error: (01/02/2018 04:34:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd
Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x493793ea
Exception code: 0xcfffffff
Fault offset: 0x00000000000a0f54
Faulting process id: 0x2364
Faulting application start time: 0x01d383c5f29c2b3a
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ed6b5e5c-f3e7-4ad0-8313-0bbd2ff413fc
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (01/01/2018 10:09:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (01/01/2018 06:13:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvLaunch.exe".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/01/2018 06:10:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BETS)
Description: Package Weather.TheWeatherChannelforToshiba_2015.1013.1.0_x64__t3yemqpq4kp7p+App was terminated because it took too long to suspend.

System errors:
=============
Error: (01/05/2018 09:18:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/05/2018 09:18:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (01/05/2018 09:18:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DTS APO Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/05/2018 09:18:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/05/2018 09:18:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (01/05/2018 09:18:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD Protection service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/05/2018 09:18:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IntelUSBoverIP service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/05/2018 09:18:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant Audio Message Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/05/2018 09:18:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/05/2018 09:18:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2018-01-05 14:16:29.795
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 14:16:29.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 14:04:01.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 14:04:01.468
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 13:55:42.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 13:55:42.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 13:48:18.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 13:48:18.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 13:46:29.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
  Date: 2018-01-05 13:46:29.248
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 8107.14 MB
Available physical RAM: 4120.63 MB
Total Virtual: 9387.14 MB
Available Virtual: 5011.91 MB
==================== Drives ================================
Drive c: (TI10704800E) (Fixed) (Total:919.03 GB) (Free:643.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================

AdwCleaner[S16].txt

Edited by FredBaniecki
Link to post
Share on other sites

  • Root Admin

Hello @FredBaniecki and :welcome:

Let me have you do an MB-Clean procedure to remove and reinstall Malwarebytes. Then after you get the program replaced run the steps below.

 

 

Please run the following steps and post back the logs as an attachment when ready. The forum software does not always translate logs correctly.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.