View Single Post
  #5  
Old February 1st, 2017, 03:47 PM
chris18 chris18 is offline
Senior Member
 
Join Date: Sep 2000
O/S: Windows 7 64-bit
Location: Euro Free England
Age: 79
Posts: 613
Scan contents as requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017
Ran by Chris (administrator) on CHRIS-PC (30-01-2017 09:53:18)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
() C:\Program Files\Ap*******\Ap*******DeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(johnsadventures.com) C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
() C:\Program Files\Shrink Pic\shrink_pic.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\Total Security\safemon\chrome\360webshield.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Chris\Desktop\FaberRecoveryScanTool.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Desktop SMS] => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-01-25] (TOSHIBA Corporation.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1939880 2017-01-22] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Ap******* device service] => C:\Program Files\Ap*******\Ap*******DeviceService.exe [861184 2015-08-04] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\Run: [BackgroundSwitcher] => C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [117400 2015-04-18] (johnsadventures.com)
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [1608640 2007-11-11] (SlySoft, Inc.)
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\MountPoints2: {314b9ea5-9cbc-11e5-bc04-001e686a4ed3} - I:\Startme.exe
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\...\MountPoints2: {7031c67c-e4fe-11e5-ad72-001e686a4ed3} - K:\startme.exe
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Shrink Pic.lnk [2015-05-10]
ShortcutTarget: Shrink Pic.lnk -> C:\Program Files\Shrink Pic\shrink_pic.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\TRDCReminder.lnk [2008-02-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-02-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16714085-A6E4-4E3B-87FB-41CDB15024B4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B4237B80-E13A-4C1B-A928-C7D10906E529}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
HKU\S-1-5-21-1117062768-337566405-2699567477-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}&rlz=1I7TSEA_e n-GBGB648
SearchScopes: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}&rlz=1I7TSEA_e n-GBGB648
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-16] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-16] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1117062768-337566405-2699567477-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-04-26] [not signed]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-08-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1117062768-337566405-2699567477-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/ca/#inbox","hxxp://www.bbc.co.uk/news/"
CHR DefaultSearchURL: Default -> hxxp://www.google.co.uk/search?hl=en&source=hp&q={searchTerms}&btnG=Google +Search&meta=cr%3DcountryUK%7CcountryGB&aq=f&oq=
CHR DefaultSearchKeyword: Default -> uk
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-04-25]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-04-25]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-11-02]
CHR Extension: (Keeper® Password Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfogiafebfohielmmehodmfbbe bbbpei [2017-01-30]
CHR Extension: (Keeper Web App) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopl dlialb [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-10-01]
CHR Extension: (GeoGebra Math Apps) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhll ahjnee [2016-05-25]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-04-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjkl bdgfkk [2016-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-04-06]
CHR Extension: (360 Internet Protection) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkg gfoijh [2017-01-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbd gmmhki [2017-01-24]
CHR Extension: (Free PDF Maker) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbhncalhbjgoibpokgjnjigjp kdopai [2015-04-25]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpg nhiddi [2016-08-12]
CHR Extension: (Mailtrack for Gmail: email tracking) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkap kpjkkb [2017-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BT Help Wizard; C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.e xe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [928168 2017-01-22] (QIHU 360 SOFTWARE CO. LIMITED)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2613200 2015-10-12] (Paramount Software UK Ltd)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [135400 2016-06-03] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [74472 2017-01-22] (360.cn)
R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [212712 2017-01-22] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-04-02] (360.cn)
R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [186728 2016-08-08] (360安全中心)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [96832 2007-11-07] (SlySoft, Inc.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [186816 2016-09-09] (360.cn)
R3 CnxtHdAudAddService; C:\Windows\System32\drivers\CHDART.sys [187904 2008-02-01] (Conexant Systems Inc.)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23248 2015-11-20] (360.cn)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-09-29] (Sony Mobile Communications)
R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [69224 2016-08-08] (360安全中心)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [313704 2016-08-08] (360.cn)
R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [65512 2016-08-08] (360.cn)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; System32\Drivers\MRESP50.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; no ImagePath
S3 WinRing0_1_2_0; \??\C:\Program Files\BatteryCare\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 09:53 - 2017-01-30 09:55 - 00021691 _____ C:\Users\Chris\Desktop\FRST.txt
2017-01-30 09:52 - 2017-01-30 09:53 - 00000000 ____D C:\FRST
2017-01-30 07:56 - 2017-01-30 07:57 - 01762816 _____ (Farbar) C:\Users\Chris\Desktop\FaberRecoveryScanTool.exe
2017-01-28 07:48 - 2017-01-28 07:48 - 00000000 ____D C:\91bb999a9288c793dbc5
2017-01-13 14:41 - 2017-01-13 15:59 - 00037879 _____ C:\Users\Chris\Documents\EE-BrightBox-hhyc53.txt
2017-01-12 16:41 - 2017-01-12 16:41 - 00000000 ____D C:\Users\Chris\AppData\Roaming\BBCiPlayerDownloads
2017-01-12 16:39 - 2017-01-12 16:39 - 00000975 _____ C:\Users\Chris\Desktop\BBC iPlayer Downloads.lnk
2017-01-12 16:39 - 2017-01-12 16:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\BBC iPlayer
2017-01-12 16:39 - 2017-01-12 16:39 - 00000000 ____D C:\Users\Chris\AppData\Local\BBC
2017-01-12 16:36 - 2017-01-12 16:37 - 21430272 _____ C:\Users\Chris\Downloads\BBC-iPlayer-Downloads-1.14.2.msi
2017-01-09 07:39 - 2017-01-09 07:39 - 00000000 ____D C:\ProgramData\1483947541_00000000_base
2017-01-05 07:52 - 2017-01-05 07:52 - 00000000 ____D C:\f56de62f767288b2c482b783ae8f
2017-01-05 07:50 - 2017-01-05 07:52 - 04342133 _____ C:\Users\Chris\Desktop\Windows6.0-KB937287-v2-x86.msu

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 09:48 - 2015-04-26 08:50 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\360WD
2017-01-30 08:09 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-30 08:09 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-30 07:59 - 2015-04-26 08:51 - 00000000 ____D C:\Users\Chris\AppData\Roaming\360safe
2017-01-30 07:41 - 2015-04-26 13:41 - 00000040 ___SH C:\ProgramData\.zreglib
2017-01-29 18:09 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-29 18:08 - 2006-11-02 13:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-23 16:12 - 2015-04-26 08:50 - 00000947 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2017-01-23 16:12 - 2015-04-26 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-01-22 06:16 - 2015-04-26 08:50 - 00212712 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys
2017-01-22 06:16 - 2015-04-26 08:50 - 00074472 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2017-01-21 10:34 - 2015-04-25 12:03 - 00000000 __SHD C:\$360Section
2017-01-21 10:34 - 2015-04-25 11:54 - 00000000 ____D C:\ProgramData\360Quarant
2017-01-16 12:44 - 2015-04-26 10:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-01-12 16:41 - 2015-04-24 18:25 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Adobe
2017-01-04 15:36 - 2015-05-11 19:21 - 02424456 _____ C:\Windows\ntbtlog.txt
2017-01-04 08:04 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-01-04 08:04 - 2006-11-02 10:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-04-26 14:11 - 2016-08-14 13:57 - 0078848 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-01 16:04 - 2016-07-01 16:04 - 0000836 _____ () C:\Users\Chris\AppData\Local\recently-used.xbel
2015-04-26 13:41 - 2017-01-30 07:41 - 0000040 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
2015-10-16 07:42 - 2015-10-16 07:42 - 5311104 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.8.3.Instal ler.exe
2015-12-05 08:06 - 2015-12-05 08:06 - 4103179 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.8.6.Instal ler.exe
2015-12-27 10:56 - 2015-12-27 10:56 - 4121418 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.8.8.Instal ler.exe
2016-04-22 15:52 - 2016-04-22 15:52 - 4203840 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.9.1.Instal ler.exe
2016-06-01 06:12 - 2016-06-01 06:12 - 4211112 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.9.2.Instal ler.exe
2016-04-06 09:11 - 2016-04-06 09:12 - 4204144 _____ () C:\Users\Chris\AppData\Local\Temp\npp.6.9.Installe r.exe
2016-11-23 07:53 - 2016-11-23 07:53 - 2842320 _____ () C:\Users\Chris\AppData\Local\Temp\npp.7.1.Installe r.exe
2015-11-06 10:44 - 2016-04-09 10:42 - 12741992 _____ () C:\Users\Chris\AppData\Local\Temp\reflectPatch.exe
2016-04-21 07:38 - 2016-04-21 07:38 - 0541696 _____ () C:\Users\Chris\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2016-04-24 13:26 - 2016-04-24 13:26 - 0089584 _____ () C:\Users\Chris\AppData\Local\Temp\vsdel.exe
2015-08-02 23:58 - 2015-08-02 23:58 - 0118784 _____ () C:\Users\Chris\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-30 06:31

==================== End of FRST.txt ============================
Reply With Quote