Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows Vista

Notices

Reply
 
Topic Tools
  #1  
Old January 28th, 2017, 09:37 AM
chris18 chris18 is offline
Senior Member
 
Join Date: Sep 2000
O/S: Windows 7 64-bit
Location: Euro Free England
Age: 79
Posts: 610
Windows Security Updates Failure

My system will not at the moment apply any Windows Security Updates. When I click the install the system just sits doing nothing.

I have also tried to patch them using the 360 Total Security option. The shows the updates as downloaded but the first update is failing to install.

Can anyone offer any help as I would like to have them as updated as possible before Vista support is pulled.

Thanks
Reply With Quote


  #2  
Old January 29th, 2017, 11:32 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,878
Howdy chris18.

We can surely take a look at things, but if there's a suggestion of malicious software involved I'll likely ask a Mod to move this to the CTH Malware Removal Forum.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


If you know how, it's best to disable your antivirus while doing these steps.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Vista is usually 32 bit.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #3  
Old January 30th, 2017, 11:07 AM
chris18 chris18 is offline
Senior Member
 
Join Date: Sep 2000
O/S: Windows 7 64-bit
Location: Euro Free England
Age: 79
Posts: 610
Thanks for the reply. Have run FRST but can't find a button to attach the files requested or do I just paste content in my reply.
Reply With Quote
  #4  
Old February 1st, 2017, 01:18 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,878
Copy and paste in replies, and use extra replies if needed. Some of the threads here will show you an example.
Reply With Quote
  #5  
Old February 1st, 2017, 03:47 PM
chris18 chris18 is offline
Senior Member
 
Join Date: Sep 2000
O/S: Windows 7 64-bit
Location: Euro Free England
Age: 79
Posts: 610
Scan contents as requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017
Ran by Chris (administrator) on CHRIS-PC (30-01-2017 09:53:18)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
() C:\Program Files\Ap*******\Ap*******DeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(johnsadventures.com) C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
() C:\Program Files\Shrink Pic\shrink_pic.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\Total Security\safemon\chrome\360webshield.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Chris\Desktop\FaberRecoveryScanTool.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Desktop SMS] => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1939880 2017-01-22] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Ap******* device service] => C:\Program Files\Ap*******\Ap*******DeviceService.exe [861184 2015-08-04] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\Run: [BackgroundSwitcher] => C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [117400 2015-04-18] (johnsadventures.com)
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [1608640 2007-11-11] (SlySoft, Inc.)
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\MountPoints2: {314b9ea5-9cbc-11e5-bc04-001e686a4ed3} - I:\Startme.exe
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\MountPoints2: {7031c67c-e4fe-11e5-ad72-001e686a4ed3} - K:\startme.exe
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Shrink Pic.lnk [2015-05-10]
ShortcutTarget: Shrink Pic.lnk -> C:\Program Files\Shrink Pic\shrink_pic.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\TRDCReminder.lnk [2008-02-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-02-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16714085-A6E4-4E3B-87FB-41CDB15024B4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B4237B80-E13A-4C1B-A928-C7D10906E529}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}&rlz=1I7TSEA_e n-GBGB648
SearchScopes: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}&rlz=1I7TSEA_e n-GBGB648
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-16] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-16] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-04-26] [not signed]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-08-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1117062768-337566405-2699567477-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/ca/#inbox","hxxp://www.bbc.co.uk/news/"
CHR DefaultSearchURL: Default -> hxxp://www.google.co.uk/search?hl=en&source=hp&q={searchTerms}&btnG=Google +Search&meta=cr%3DcountryUK%7CcountryGB&aq=f&oq=
CHR DefaultSearchKeyword: Default -> uk
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-04-25]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-04-25]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-11-02]
CHR Extension: (Keeper® Password Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfogiafebfohielmmehodmfbbe bbbpei [2017-01-30]
CHR Extension: (Keeper Web App) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopl dlialb [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-10-01]
CHR Extension: (GeoGebra Math Apps) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhll ahjnee [2016-05-25]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-04-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjkl bdgfkk [2016-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-04-06]
CHR Extension: (360 Internet Protection) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkg gfoijh [2017-01-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbd gmmhki [2017-01-24]
CHR Extension: (Free PDF Maker) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbhncalhbjgoibpokgjnjigjp kdopai [2015-04-25]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpg nhiddi [2016-08-12]
CHR Extension: (Mailtrack for Gmail: email tracking) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkap kpjkkb [2017-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BT Help Wizard; C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.e xe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [928168 2017-01-22] (QIHU 360 SOFTWARE CO. LIMITED)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2613200 2015-10-12] (Paramount Software UK Ltd)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [135400 2016-06-03] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [74472 2017-01-22] (360.cn)
R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [212712 2017-01-22] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-04-02] (360.cn)
R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [186728 2016-08-08] (360安全中心)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [96832 2007-11-07] (SlySoft, Inc.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [186816 2016-09-09] (360.cn)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23248 2015-11-20] (360.cn)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-09-29] (Sony Mobile Communications)
R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [69224 2016-08-08] (360安全中心)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [313704 2016-08-08] (360.cn)
R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [65512 2016-08-08] (360.cn)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; System32\Drivers\MRESP50.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; no ImagePath
S3 WinRing0_1_2_0; \??\C:\Program Files\BatteryCare\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 09:53 - 2017-01-30 09:55 - 00021691 _____ C:\Users\Chris\Desktop\FRST.txt
2017-01-30 09:52 - 2017-01-30 09:53 - 00000000 ____D C:\FRST
2017-01-30 07:56 - 2017-01-30 07:57 - 01762816 _____ (Farbar) C:\Users\Chris\Desktop\FaberRecoveryScanTool.exe
2017-01-28 07:48 - 2017-01-28 07:48 - 00000000 ____D C:\91bb999a9288c793dbc5
2017-01-13 14:41 - 2017-01-13 15:59 - 00037879 _____ C:\Users\Chris\Documents\EE-BrightBox-hhyc53.txt
2017-01-12 16:41 - 2017-01-12 16:41 - 00000000 ____D C:\Users\Chris\AppData\Roaming\BBCiPlayerDownloads
2017-01-12 16:39 - 2017-01-12 16:39 - 00000975 _____ C:\Users\Chris\Desktop\BBC iPlayer Downloads.lnk
2017-01-12 16:39 - 2017-01-12 16:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\BBC iPlayer
2017-01-12 16:39 - 2017-01-12 16:39 - 00000000 ____D C:\Users\Chris\AppData\Local\BBC
2017-01-12 16:36 - 2017-01-12 16:37 - 21430272 _____ C:\Users\Chris\Downloads\BBC-iPlayer-Downloads-1.14.2.msi
2017-01-09 07:39 - 2017-01-09 07:39 - 00000000 ____D C:\ProgramData\1483947541_00000000_base
2017-01-05 07:52 - 2017-01-05 07:52 - 00000000 ____D C:\f56de62f767288b2c482b783ae8f
2017-01-05 07:50 - 2017-01-05 07:52 - 04342133 _____ C:\Users\Chris\Desktop\Windows6.0-KB937287-v2-x86.msu

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 09:48 - 2015-04-26 08:50 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\360WD
2017-01-30 08:09 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-30 08:09 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-30 07:59 - 2015-04-26 08:51 - 00000000 ____D C:\Users\Chris\AppData\Roaming\360safe
2017-01-30 07:41 - 2015-04-26 13:41 - 00000040 ___SH C:\ProgramData\.zreglib
2017-01-29 18:09 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-29 18:08 - 2006-11-02 13:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-23 16:12 - 2015-04-26 08:50 - 00000947 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2017-01-23 16:12 - 2015-04-26 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-01-22 06:16 - 2015-04-26 08:50 - 00212712 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys
2017-01-22 06:16 - 2015-04-26 08:50 - 00074472 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2017-01-21 10:34 - 2015-04-25 12:03 - 00000000 __SHD C:\$360Section
2017-01-21 10:34 - 2015-04-25 11:54 - 00000000 ____D C:\ProgramData\360Quarant
2017-01-16 12:44 - 2015-04-26 10:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-01-12 16:41 - 2015-04-24 18:25 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Adobe
2017-01-04 15:36 - 2015-05-11 19:21 - 02424456 _____ C:\Windows\ntbtlog.txt
2017-01-04 08:04 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-01-04 08:04 - 2006-11-02 10:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-04-26 14:11 - 2016-08-14 13:57 - 0078848 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-01 16:04 - 2016-07-01 16:04 - 0000836 _____ () C:\Users\Chris\AppData\Local\recently-used.xbel
2015-04-26 13:41 - 2017-01-30 07:41 - 0000040 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
2015-10-16 07:42 - 2015-10-16 07:42 - 5311104 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.8.3.Instal ler.exe
2015-12-05 08:06 - 2015-12-05 08:06 - 4103179 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.8.6.Instal ler.exe
2015-12-27 10:56 - 2015-12-27 10:56 - 4121418 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.8.8.Instal ler.exe
2016-04-22 15:52 - 2016-04-22 15:52 - 4203840 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.9.1.Instal ler.exe
2016-06-01 06:12 - 2016-06-01 06:12 - 4211112 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.9.2.Instal ler.exe
2016-04-06 09:11 - 2016-04-06 09:12 - 4204144 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.9.Installe r.exe
2016-11-23 07:53 - 2016-11-23 07:53 - 2842320 _____ () C:\Users\Chris\AppData\Local\Temp\npp.7.1.Installe r.exe
2015-11-06 10:44 - 2016-04-09 10:42 - 12741992 _____ () C:\Users\Chris\AppData\Local\Temp\reflectPatch.exe
2016-04-21 07:38 - 2016-04-21 07:38 - 0541696 _____ () C:\Users\Chris\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2016-04-24 13:26 - 2016-04-24 13:26 - 0089584 _____ () C:\Users\Chris\AppData\Local\Temp\vsdel.exe
2015-08-02 23:58 - 2015-08-02 23:58 - 0118784 _____ () C:\Users\Chris\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-30 06:31

==================== End of FRST.txt ============================
Reply With Quote
  #6  
Old February 1st, 2017, 03:48 PM
chris18 chris18 is offline
Senior Member
 
Join Date: Sep 2000
O/S: Windows 7 64-bit
Location: Euro Free England
Age: 79
Posts: 610
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017
Ran by Chris (30-01-2017 09:57:13)
Running from C:\Users\Chris\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2015-04-24 19:07:35)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1117062768-337566405-2699567477-500 - Administrator - Enabled)
Chris (S-1-5-21-1117062768-337566405-2699567477-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-1117062768-337566405-2699567477-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM\...\360TotalSecurity) (Version: 9.0.0.1115 - 360 Security Center)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Audio Converter 5.8.8 (HKLM\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com)
AnyDVD (HKLM\...\AnyDVD) (Version: - SlySoft)
Ap******* version 2.1.6 (HKLM\...\{3BA67286-845D-46A7-9A58-FA8B7897BC34}_is1) (Version: 2.1.6 - Ap*******, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BBC iPlayer Downloads (HKLM\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
Belarc Advisor 8.5a (HKLM\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM\...\Canon MG3200 series User Registration) (Version: - Canon Inc.‎)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.00 - TOSHIBA)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.6.0 - Conexant)
Desktop SMS (HKLM\...\{5980B928-1C95-4B3E-957B-B02D8147FF9E}) (Version: 1.2.0 - IDM)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Elevated Installer (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{42f02a91-da9c-48e1-8dc5-37f4449db969}) (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{eb40a574-9a7c-44a2-bffb-6b9d65fd667a}) (Version: 4.1.4.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 4.0.2737 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUB SYS_1179) (Version: - )
HDMI Control Manager (HKLM\...\{CBDF64B0-8CAB-45C7-B3B2-4637C9F88769}) (Version: 1.6 - TOSHIBA)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
John's Background Switcher 4.10 (HKLM\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.10 - johnsadventures.com)
jZip (HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\jZip) (Version: 2.0.0.131826 - Bandoo Media Inc) <==== ATTENTION
Keeper Desktop version 9.0.4 (HKLM\...\{06BDF132-5EE6-4245-914B-5918759BEBD9}_is1) (Version: 9.0.4 - Keeper Security, Inc.)
Legacy 8.0 (HKLM\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.909 - Paramount Software (UK) Ltd.) Hidden
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.51.4.3 - Marvell)
Media Go (HKLM\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.103.05220 (HKLM\...\{17BC85C9-EA45-84A7-F4DB-C0D63BBE98DE}) (Version: 2.20.103.05220 - Sony)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Money (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Monitor Off Utility 1.0 (HKLM\...\{10F0131F-1CA2-4433-8473-7C890C769581}_is1) (Version: - Dekisoft)
Mp3tag v2.75 (HKLM\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.5 (HKLM\...\myphotobook) (Version: 3.5 - myphotobook)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.1 - Notepad++ Team)
O2Micro Flash Memory Card Reader Driver (x86) (HKLM\...\{372B31CF-77FB-4E29-860C-A0EA2985AB7F}) (Version: 3.19.1 - O2Micro)
OpenOffice 4.1.2 (HKLM\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation)
PaperScan 3 Free Edition (HKLM\...\{C401BE39-C0E8-42E5-B8F4-C5A7611206C5}) (Version: 3.0.32 - ORPALIS)
Passage Express Free Legacy Edition (HKLM\...\{CAFF193A-5A0B-4A6B-A0C4-BE3115188533}) (Version: 2.03.00040 - The Jefferson Project)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuarkXPress 6.1 (HKLM\...\{FF0B0792-F6E7-4627-B820-EA50617E223B}) (Version: 6.10.0000 - Quark, Inc.)
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Renault Media Nav Toolbox (HKLM\...\Renault Media Nav Toolbox) (Version: 3.18.5.647040 - NNG Llc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shrink Pic (remove) (HKLM\...\Shrink Pic) (Version: - )
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.15.13.201509231442 - Sony Mobile Communications Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.26 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1.a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.3.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}) (Version: 3.00.01.00 - TOSHIBA)
TOSHIBA Manuals (HKLM\...\{0F4F4815-76AD-4B26-8763-72F3344041C2}) (Version: 7.33 - TOSHIBA)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}) (Version: 3.00.01.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0014 - TOSHIBA)
TRDCReminder (Version: 1.00.0014 - TOSHIBA) Hidden
TreeSize Free V3.4.3 (HKLM\...\TreeSize Free_is1) (Version: 3.4.3 - JAM Software)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
VisiPics V1.31 (HKLM\...\VisiPics_is1) (Version: - Ozone)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 ) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 ) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CFABEF6-9970-4A31-83C9-2174CED8AA8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {15310DF8-11A5-4633-A323-847B8AAE241F} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\Chris\AppData\Local\Temp\IHUE74C.tmp.exe <==== ATTENTION
Task: {5098239A-31D8-4E6B-8D5B-92CFFCCCE03E} - System32\Tasks\{90A58DAC-072C-4F23-B351-DFCF7DFBDB62} => pcalua.exe -a C:\tb_eula\UninstallTB.exe -d C:\Windows\system32 -c file
Task: {7CAFD162-E247-4A92-BEC1-360FCB29EBBA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {876C7C14-272E-4C01-A34F-65B059B19E43} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\Conver tLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {F223DA16-29DC-491F-BCAD-10DA283AD93F} - System32\Tasks\BatteryCareAuto => C:\Program Files\BatteryCare\BatteryCare.exe
Task: {FABCE43A-0734-4A14-9754-75B60CBD748D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki

==================== Loaded Modules (Whitelisted) ==============

2015-04-26 08:50 - 2017-01-22 06:16 - 00099240 _____ () C:\Program Files\360\Total Security\deepscan\qutmload.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-26 10:55 - 2012-03-28 12:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2008-02-26 09:37 - 2007-09-13 13:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2009-05-04 15:24 - 2009-05-04 15:24 - 00187392 _____ () C:\Program Files\Shrink Pic\shrinkpici.dll
2007-01-18 09:30 - 2007-01-18 09:30 - 00094208 _____ () C:\Program Files\IDM\Desktop SMS\oehook.dll
2007-12-14 20:28 - 2007-12-14 20:28 - 04726784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2008-02-26 10:21 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 11:03 - 2007-12-25 11:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 11:57 - 2006-10-07 11:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 17:55 - 2006-12-01 17:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2007-12-14 20:40 - 2007-12-14 20:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2015-04-26 08:50 - 2017-01-22 06:16 - 00497576 _____ () C:\Program Files\360\Total Security\safemon\wdui2.dll
2015-08-17 13:47 - 2015-08-04 09:47 - 00861184 _____ () C:\Program Files\Ap*******\Ap*******DeviceService.exe
2015-08-17 13:46 - 2015-08-04 09:47 - 00397824 _____ () C:\Program Files\Ap*******\DuiLib.dll
2015-08-17 13:46 - 2013-05-31 13:53 - 00059904 _____ () C:\Program Files\Ap*******\zlib.dll
2015-08-17 13:46 - 2013-05-31 13:53 - 00526848 _____ () C:\Program Files\Ap*******\sqlite3.dll
2015-08-17 13:47 - 2014-01-06 10:24 - 00671744 _____ () C:\Program Files\Ap*******\hashab.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2008-02-26 10:20 - 2007-12-29 09:06 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2009-05-04 16:20 - 2009-05-04 16:20 - 02528256 _____ () C:\Program Files\Shrink Pic\shrink_pic.exe
2015-04-24 19:09 - 2008-01-22 10:00 - 04624384 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2012-06-17 21:10 - 2012-06-17 21:10 - 00965120 _____ () C:\Windows\system32\ac3filter.acm
2013-03-13 19:36 - 2013-03-13 19:36 - 03500544 _____ () C:\Windows\system32\ffdshow.ax
2016-09-11 07:00 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Chris\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-11 07:00 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Chris\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1117062768-337566405-2699567477-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\johnsadventures.com \Background Switcher\ActiveBackground.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{37BC9942-E4C8-4612-8E39-0096E9143BD8}] => C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{8F944893-5919-4F68-8202-EA993DEC9FD0}] => C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{F13CFB73-9F39-4DD7-90C3-7E401E42B795}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{C1B92C1D-84A9-457D-8C64-900148812EAE}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{9C7F8919-AD7C-494D-ABC0-3F8DD89FE214}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [UDP Query User{F206AD2E-6421-4C0B-A963-652137B1BAA6}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [a0fdf0a6-1e15-43ba-87c2-7e24ff96b462] => %ProgramFiles%\Quark\QuarkXPress 6.1\QuarkXPress Passport.exe
FirewallRules: [{FCCDA8D4-5A86-4BAF-AB99-D56727D94A31}] => C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{F8C07C2F-21EB-46B5-8C73-363760355554}] => C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{C30EA92E-7262-4C41-8C99-037F2AD55A07}] => C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{9D5533C0-89DC-4BAB-A3D0-A4E074657471}] => C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{093D2C2D-CECB-42E4-9862-68ECA1770BD8}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [{55DAF5D7-BF31-44FD-8807-74D7E318EDE8}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B70638FC-14EE-4790-B32B-3E1EA076D0CA}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48817A7A-F594-4D90-B99C-8F59018E8CFB}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4812608C-21C3-4949-A9DA-D60AABD7871E}] => C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{627369D3-6517-4257-81E1-2B83A3174289}] => C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{1B7DEB26-A8E0-443D-8984-37DD8BD01563}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{9C8B52B1-AFDF-41F7-874D-18A7B3F239BE}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{9FBCFF15-AD73-471A-BCC5-9521E8C547AB}C:\program files\airdroid\airdroid.exe] => C:\program files\airdroid\airdroid.exe
FirewallRules: [UDP Query User{9B2284F4-5616-4300-A600-D137CBEF6D4C}C:\program files\airdroid\airdroid.exe] => C:\program files\airdroid\airdroid.exe
FirewallRules: [{C1571BB4-5D5F-4427-9BB1-D5E6E6A5EE98}] => C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{9BC73003-D611-420D-A8E1-F24C331F26D0}] => C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [TCP Query User{BFC152C2-0C21-46E7-9E35-C74DFF73BC7F}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{D62E1C3F-0C81-4C07-8CE0-8F71D05358BA}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{411F801F-98F1-47AF-BF48-D7E25BE892E3}] => C:\Program Files\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{8EABCC6E-2EB3-446F-B15E-D4CE35980CD4}] => C:\Program Files\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{88BA259E-E49B-4A92-8A86-2ACBE02131C1}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{22721A72-8A85-4C54-9C3F-FF2AE15BBD76}] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{428E45FB-5A99-44E5-88BB-44C2FC650E32}] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{83D273F2-2D0B-437D-96BB-C1E4BDE39906}] => C:\Program Files\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{943CE64A-995C-4B76-AD5E-ABB0EF4B4898}] => C:\Program Files\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{9EA54F27-855A-4101-9977-F906BDEA6223}] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{1705AB1F-D801-4A17-BD85-5A7C51953A84}] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

12-10-2016 04:08:11 Windows Update
19-11-2016 09:26:20 Installed PaperScan 3 Free Edition.
21-12-2016 16:39:36 Installed PaperScan 3 Free Edition.
12-01-2017 16:37:50 Installed BBC iPlayer Downloads

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2017 09:54:59 AM) (Source: MsiInstaller) (EventID: 11706) (User: Chris-PC)
Description: Product: Passage Express Free Legacy Edition -- Error 1706.No valid source could be found for product Passage Express Free Legacy Edition. The Windows Installer cannot continue.

Error: (01/29/2017 06:11:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/29/2017 05:40:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/28/2017 07:40:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/27/2017 07:32:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/26/2017 07:28:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/25/2017 12:55:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/25/2017 07:27:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/24/2017 12:09:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/24/2017 07:30:13 AM) (Source: MsiInstaller) (EventID: 11706) (User: Chris-PC)
Description: Product: Passage Express Free Legacy Edition -- Error 1706.No valid source could be found for product Passage Express Free Legacy Edition. The Windows Installer cannot continue.


System errors:
=============
Error: (01/29/2017 06:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TOSHIBA Bluetooth Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/29/2017 06:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/29/2017 06:07:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Error: (01/29/2017 05:40:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TOSHIBA Bluetooth Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/29/2017 05:40:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/28/2017 09:50:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Error: (01/28/2017 09:28:11 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (01/28/2017 07:40:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TOSHIBA Bluetooth Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/28/2017 07:40:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/27/2017 08:37:50 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-01-30 09:56:47.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60Box.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:56:46.155
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60Box.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:56:45.606
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60Box.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:56:45.047
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60Box.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:56:44.442
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60AvFlt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:56:43.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60AvFlt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:56:43.309
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60AvFlt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:56:42.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60AvFlt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:55:11.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60Box.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-30 09:55:11.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\3 60Box.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 76%
Total physical RAM: 2037.67 MB
Available physical RAM: 488.05 MB
Total Virtual: 4318.6 MB
Available Virtual: 1575.5 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:92.77 GB) (Free:2.95 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:92.07 GB) (Free:4.02 GB) NTFS
Drive e: (UDISK 2.0) (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT
Drive g: (TOSHIBA) (Removable) (Total:14.44 GB) (Free:12.17 GB) FAT32
Drive h: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.69 GB) FAT
Drive i: (UDISK_NON_M) (Removable) (Total:0.92 GB) (Free:0.83 GB) FAT32
Drive j: (Lexar) (Removable) (Total:7.45 GB) (Free:0.1 GB) FAT32

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186.3 GB) (Disk ID: 0A10CF9E)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=92.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=92.1 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (Size: 981 MB) (Disk ID: 4D9D114E)
Partition 1: (Not Active) - (Size=981 MB) - (Type=0E)

================================================== ======
Disk: 2 (Size: 941 MB) (Disk ID: 3786B89B)
Partition 1: (Not Active) - (Size=941 MB) - (Type=0B)

================================================== ======
Disk: 3 (Size: 14.5 GB) (Disk ID: 22D52D6A)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)

================================================== ======
Disk: 4 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)

================================================== ======
Disk: 6 (Size: 980 MB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=980 MB) - (Type=06)

==================== End of Addition.txt ============================
Reply With Quote
  #7  
Old February 4th, 2017, 01:19 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,878
Nothing. I would suspect 360 Total Security is involved. It has plenty of different services running, and may be interfering. If you have a free version, I would suggest uninstalling it, reboot, and try updates again.
Reply With Quote
  #8  
Old February 5th, 2017, 09:55 AM
chris18 chris18 is offline
Senior Member
 
Join Date: Sep 2000
O/S: Windows 7 64-bit
Location: Euro Free England
Age: 79
Posts: 610
Thanks, yes I have the FREE version of 360 Total Security. Will give thought to your suggestion but was also wondering given that Vista support ends in April if I leave things as they are what are the risks given there will be no more updates??
Reply With Quote
  #9  
Old February 6th, 2017, 12:58 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,878
Unfortunately, because of advancements in malware coding techniques, malware can pretty much infect any system, regardless of updates. But maybe better to keep updated while you can.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 11:02 AM.