Cannot open any programs on Windows 7.
Solved/Closed
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
-
Updated on Jan 13, 2019 at 11:20 AM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Nov 19, 2013 at 06:04 AM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Nov 19, 2013 at 06:04 AM
I have contracted a virus which will not allow me to open any programs whatsoever. I have tried regedit.exe but it will not allow me to open that and have also tried downloading the dougknox.com/xp/file_assoc.htm but that comes up with a message saying "Not all data was successfully written to the registry. Some keys are open by the system or other processes. Any help or input whatsoever would be greatly appreciated.
Related:
- Program won't open when i click on it windows 7
- Kmspico windows 10 - Download - Other
- Minecraft java edition free download for pc windows 7 - Download - Sandbox
- Download webcam for windows 7 - Download - Other
- Minecraft bedrock edition pc download free windows 7 - Download - Sandbox
- Microsoft fix it windows 7 - Download - Cleaning and optimization
15 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 14, 2013 at 06:10 AM
Nov 14, 2013 at 06:10 AM
Oh boy !
Your machine is badly infected: rogue trojan horse, trojan horse agent, hijacker, adware and unwanted programmes.
Here is the medicinal compound in three doses:
Step One
Please follow the following procedure carefully and to the letter.
You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.
You must kill the evil processes which the virus is presently running amd preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.
To kill the processes:
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Step two
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
Step three
Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
Ambucias
Moderator, Virus/Security Contributor
Your machine is badly infected: rogue trojan horse, trojan horse agent, hijacker, adware and unwanted programmes.
Here is the medicinal compound in three doses:
Step One
Please follow the following procedure carefully and to the letter.
You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.
You must kill the evil processes which the virus is presently running amd preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.
To kill the processes:
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Step two
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
Step three
Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
Ambucias
Moderator, Virus/Security Contributor
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 9, 2013 at 04:38 PM
Nov 9, 2013 at 04:38 PM
Hello
dougknox.com/xp/file_assoc.htm is for Windows XP only.
Can you boot in safe mode with networking and open you browser ?
dougknox.com/xp/file_assoc.htm is for Windows XP only.
Can you boot in safe mode with networking and open you browser ?
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 10, 2013 at 03:34 AM
Nov 10, 2013 at 03:34 AM
Yes I can do that no problem. I can also open the browser in normal mode. When I start windows it comes up with over 200 dialog boxes saying windows cannot open this file, but I cancel them and my computer runs fine...
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 10, 2013 at 05:03 AM
Nov 10, 2013 at 05:03 AM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on the "Configure" button.
7. Click on the Magnifying glass with the + sign.
8. Click on "Search"
Wait for the tool to finished (maybe a long time)
9. Close ZHPDiag.
10. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload »
12. Copy the URL and post it here.
Best regards
Ambucias
Moderator /Security Contributor
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on the "Configure" button.
7. Click on the Magnifying glass with the + sign.
8. Click on "Search"
Wait for the tool to finished (maybe a long time)
9. Close ZHPDiag.
10. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload »
12. Copy the URL and post it here.
Best regards
Ambucias
Moderator /Security Contributor
Didn't find the answer you are looking for?
Ask a question
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 14, 2013 at 01:40 AM
Nov 14, 2013 at 01:40 AM
Think I've just sorted the speedyshare.com part out, the new link I come up with is : [code]http://speedy.sh/d54U4/ZHPDiag.txt/code if that's any further help.
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 14, 2013 at 06:26 AM
Nov 14, 2013 at 06:26 AM
Oh, it's more serious than I thought then! Thank you for your help, after running the rkill link, I ended with a notepad with the following information, just wanted to check I've done this correct before moving onto step two:
Rkill 2.6.2 by Lawrence Abrams (Grinler)
https://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
https://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/
Program started at: 11/14/2013 11:18:08 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\TOSHIBA\AppData\Local\QuickCet\QuickCet\QuickCet.exe (PID: 4400) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\TOSHIBA\Desktop\rkill\rkill-11-14-2013-11-18-26.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\$Recycle.Bin\S-1-5-21-4197480782-1916531730-623419528-1000\$1ccb6b054caad53c151863bf333b4792\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-4197480782-1916531730-623419528-1000\$1ccb6b054caad53c151863bf333b4792\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-4197480782-1916531730-623419528-1000\$1ccb6b054caad53c151863bf333b4792\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-4197480782-1916531730-623419528-1000\$1ccb6b054caad53c151863bf333b4792\U\ [ZA Dir]
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 11/14/2013 11:18:50 AM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)
Rkill 2.6.2 by Lawrence Abrams (Grinler)
https://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
https://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/
Program started at: 11/14/2013 11:18:08 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\TOSHIBA\AppData\Local\QuickCet\QuickCet\QuickCet.exe (PID: 4400) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\TOSHIBA\Desktop\rkill\rkill-11-14-2013-11-18-26.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\$Recycle.Bin\S-1-5-21-4197480782-1916531730-623419528-1000\$1ccb6b054caad53c151863bf333b4792\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-4197480782-1916531730-623419528-1000\$1ccb6b054caad53c151863bf333b4792\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-4197480782-1916531730-623419528-1000\$1ccb6b054caad53c151863bf333b4792\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-4197480782-1916531730-623419528-1000\$1ccb6b054caad53c151863bf333b4792\U\ [ZA Dir]
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 11/14/2013 11:18:50 AM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 14, 2013 at 06:50 AM
Nov 14, 2013 at 06:50 AM
Thanks for the report.
Worst than seen after the initial analysis as we have a possible Zero Access Rootkit and they are a bugger to clean.
Continue with step 2 and 3 and let me know.
I may log off for 10 hours but will return to check up on you.
We will need to do further work.
Pip pip ! Chin-up and God save the Queen !
Worst than seen after the initial analysis as we have a possible Zero Access Rootkit and they are a bugger to clean.
Continue with step 2 and 3 and let me know.
I may log off for 10 hours but will return to check up on you.
We will need to do further work.
Pip pip ! Chin-up and God save the Queen !
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 14, 2013 at 08:58 AM
Nov 14, 2013 at 08:58 AM
Ok after running the Adwcleaner by Xplode, it automatically restarted my computer, to which it came back with a dialog box reading :The Recycle Bin on c:\ is corrupted. Do you want to empty the recycle bin for this drive? Yes or no. I have yet to choose an answer. It also opened up the notepad with the following log:
# AdwCleaner v3.012 - Report created 14/11/2013 at 13:47:14
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : TOSHIBA - TOSHIBA-TOSH
# Running from : C:\Users\TOSHIBA\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Users\TOSHIBA\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\TOSHIBA\AppData\Roaming\Systweak
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Google Chrome v30.0.1599.101
[ File : C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : search_url
Deleted : keyword
*************************
AdwCleaner[R0].txt - [2264 octets] - [14/11/2013 13:44:56]
AdwCleaner[S0].txt - [2237 octets] - [14/11/2013 13:47:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2297 octets] ##########
# AdwCleaner v3.012 - Report created 14/11/2013 at 13:47:14
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : TOSHIBA - TOSHIBA-TOSH
# Running from : C:\Users\TOSHIBA\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Users\TOSHIBA\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\TOSHIBA\AppData\Roaming\Systweak
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Google Chrome v30.0.1599.101
[ File : C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : search_url
Deleted : keyword
*************************
AdwCleaner[R0].txt - [2264 octets] - [14/11/2013 13:44:56]
AdwCleaner[S0].txt - [2237 octets] - [14/11/2013 13:47:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2297 octets] ##########
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 14, 2013 at 04:48 PM
Nov 14, 2013 at 04:48 PM
Yes, you empty the bin.
Once you have finished,
1. please reboot you machine.
2. I would appreciate if you paste the malwarebyte log here.
3. Delete the previous ZHP Diag report.
4. Generate a new log and upload it on speedyshare. (I would like to make another final analysis to ensure we got every thing and also make suggestions to make your system more virus proof)
Once you have finished,
1. please reboot you machine.
2. I would appreciate if you paste the malwarebyte log here.
3. Delete the previous ZHP Diag report.
4. Generate a new log and upload it on speedyshare. (I would like to make another final analysis to ensure we got every thing and also make suggestions to make your system more virus proof)
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 14, 2013 at 05:18 PM
Nov 14, 2013 at 05:18 PM
I can find the following two logs :
2013/11/14 11:56:43 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting protection
2013/11/14 11:56:43 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Protection started successfully
2013/11/14 11:56:43 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting IP protection
2013/11/14 11:57:05 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection started successfully
2013/11/14 11:57:10 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting database refresh
2013/11/14 11:57:10 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Stopping IP protection
2013/11/14 11:57:11 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection stopped successfully
2013/11/14 11:57:13 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Database refreshed successfully
2013/11/14 11:57:13 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting IP protection
2013/11/14 11:57:15 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection started successfully
2013/11/14 11:58:33 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Executing scheduled update: Daily
2013/11/14 11:58:35 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Database already up-to-date
2013/11/14 13:16:13 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\Users\TOSHIBA\AppData\Local\Temp\XxX.xXx Malware.Trace QUARANTINE
2013/11/14 13:16:14 GMT TOSHIBA-TOSH TOSHIBA ERROR Quarantine failed: SetFileAttributes failed with error code 2
2013/11/14 13:16:40 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\Users\TOSHIBA\AppData\Local\Temp\XxX.xXx Malware.Trace QUARANTINE
2013/11/14 13:47:18 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:24 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:29 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:34 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:39 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:44 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:49 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:54 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:59 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:49:29 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting protection
2013/11/14 13:49:29 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Protection started successfully
2013/11/14 13:49:29 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting IP protection
2013/11/14 13:49:32 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection started successfully
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56089, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56090, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56091, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56092, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56093, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56094, Process: chrome.exe)
2013/11/14 22:11:46 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting protection
2013/11/14 22:11:46 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Protection started successfully
2013/11/14 22:11:46 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting IP protection
2013/11/14 22:11:48 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection started successfully
and also :
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.14.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
TOSHIBA :: TOSHIBA-TOSH [administrator]
Protection: Enabled
14/11/2013 11:58:10
mbam-log-2013-11-14 (11-58-10).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358781
Time elapsed: 1 hour(s), 9 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\VÍTIMA (Backdoor.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\dir\install\install\server.exe -> Quarantined and deleted successfully.
HKCU\Software\vítima|FirstExecution (Backdoor.Trace) -> Data: 23/08/2013 -- 01:23 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 13
C:\Users\TOSHIBA\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.12150 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.12150 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
Files Detected: 34
C:\dir\install\install\server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\ashleyxxx?gpj.exe (Backdoor.Agent.MITGen) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\5ACD62F0DB94CD80.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\aweocrnsxm.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\CE3A.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\cnmraexosw.exe (Trojan.FakeNPPlus) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\rcaewoxsmn.exe (Rootkit.0Access.ED) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\VirtualStore\Windows\SysWOW64\fcba.tmp (Trojan.FakeSIG) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\uxsbn.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\Downloads\FlashPlayer_V.43042820c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\Downloads\VaudiX.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\dclogs\2013-11-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\dclogs\2013-11-08-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\AppLaunch\Service.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\loading_withWhiteBG.avi (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\unins000.dat (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\unins000.msg (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack\libclamav.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack\readme.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\ASP-Troubleshooter.chm (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.12150\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_11-08-2013.log (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
(end)
Thanks for your time again.
2013/11/14 11:56:43 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting protection
2013/11/14 11:56:43 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Protection started successfully
2013/11/14 11:56:43 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting IP protection
2013/11/14 11:57:05 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection started successfully
2013/11/14 11:57:10 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting database refresh
2013/11/14 11:57:10 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Stopping IP protection
2013/11/14 11:57:11 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection stopped successfully
2013/11/14 11:57:13 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Database refreshed successfully
2013/11/14 11:57:13 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting IP protection
2013/11/14 11:57:15 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection started successfully
2013/11/14 11:58:33 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Executing scheduled update: Daily
2013/11/14 11:58:35 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Database already up-to-date
2013/11/14 13:16:13 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\Users\TOSHIBA\AppData\Local\Temp\XxX.xXx Malware.Trace QUARANTINE
2013/11/14 13:16:14 GMT TOSHIBA-TOSH TOSHIBA ERROR Quarantine failed: SetFileAttributes failed with error code 2
2013/11/14 13:16:40 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\Users\TOSHIBA\AppData\Local\Temp\XxX.xXx Malware.Trace QUARANTINE
2013/11/14 13:47:18 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:24 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:29 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:34 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:39 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:44 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:49 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:54 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:47:59 GMT TOSHIBA-TOSH TOSHIBA DETECTION C:\dir\install\install\server.exe Trojan.Agent QUARANTINE
2013/11/14 13:49:29 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting protection
2013/11/14 13:49:29 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Protection started successfully
2013/11/14 13:49:29 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting IP protection
2013/11/14 13:49:32 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection started successfully
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56089, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56090, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56091, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56092, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56093, Process: chrome.exe)
2013/11/14 19:17:55 GMT TOSHIBA-TOSH TOSHIBA IP-BLOCK 88.208.1.236 (Type: outgoing, Port: 56094, Process: chrome.exe)
2013/11/14 22:11:46 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting protection
2013/11/14 22:11:46 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Protection started successfully
2013/11/14 22:11:46 GMT TOSHIBA-TOSH TOSHIBA MESSAGE Starting IP protection
2013/11/14 22:11:48 GMT TOSHIBA-TOSH TOSHIBA MESSAGE IP Protection started successfully
and also :
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.14.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
TOSHIBA :: TOSHIBA-TOSH [administrator]
Protection: Enabled
14/11/2013 11:58:10
mbam-log-2013-11-14 (11-58-10).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358781
Time elapsed: 1 hour(s), 9 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\VÍTIMA (Backdoor.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\dir\install\install\server.exe -> Quarantined and deleted successfully.
HKCU\Software\vítima|FirstExecution (Backdoor.Trace) -> Data: 23/08/2013 -- 01:23 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 13
C:\Users\TOSHIBA\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.12150 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.12150 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
Files Detected: 34
C:\dir\install\install\server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\ashleyxxx?gpj.exe (Backdoor.Agent.MITGen) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\5ACD62F0DB94CD80.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\aweocrnsxm.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\CE3A.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\cnmraexosw.exe (Trojan.FakeNPPlus) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\rcaewoxsmn.exe (Rootkit.0Access.ED) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\VirtualStore\Windows\SysWOW64\fcba.tmp (Trojan.FakeSIG) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\uxsbn.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\Downloads\FlashPlayer_V.43042820c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\Downloads\VaudiX.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\dclogs\2013-11-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\dclogs\2013-11-08-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Local\Temp\AppLaunch\Service.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\loading_withWhiteBG.avi (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\unins000.dat (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\unins000.msg (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack\libclamav.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack\readme.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\ASP-Troubleshooter.chm (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.12150\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_11-08-2013.log (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\TOSHIBA\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
(end)
Thanks for your time again.
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 14, 2013 at 05:30 PM
Nov 14, 2013 at 05:30 PM
And here's the new Zhpdiag report. :
~ Report of ZHPDiag v2013.11.14.33 - Nicolas Coolman (14/11/2013)
~ Launched by TOSHIBA (14/11/2013 22:21:01)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v30.0.1599.101 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security v11.6.434
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 10 ActiveX
Adobe Reader X
Java 7 Update 7
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4043.9 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 173 GB (74%) free of 232 GB
---\\ Connection to the system mode
~ Computer Name: TOSHIBA-TOSH
~ User Name: TOSHIBA
~ All Users Names: TOSHIBA, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\TOSHIBA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\TOSHIBA\AppData\Roaming\
~ %Desktop% : C:\Users\TOSHIBA\Desktop\
~ %Favorites% : C:\Users\TOSHIBA\Favorites\
~ %LocalAppData% : C:\Users\TOSHIBA\AppData\Local\
~ %StartMenu% : C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 173 Go of 232 Go)
D: Hard drive, Flash drive, Thumb drive (Free 218 Go of 232 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internet Extensions for Win32.) (.12/10/2013 - 08:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 03:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 01:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.25/02/2011 - 06:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 01s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/875
~ Mes musiques (My Musics) : 1/10
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/25
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/588
~ Hidden Files: Scanned in 00mn 01s
---\\ Process running
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3632]
[MD5.97A1AFD42B8016D132C7BF38C955C6E1] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304560] [PID.3860]
[MD5.2A1BE3D0B2F439ABB52EF1570D8EB4F7] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280] [PID.4120]
[MD5.D630F2D985E5FED43FC41D5A9430FBDC] - (.No owner - QuickCet.) -- C:\Users\TOSHIBA\AppData\Local\QuickCet\QuickCet\QuickCet.exe [46592] [PID.4204]
[MD5.47C1DE0A890613FFCFF1D67648EEDF90] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920] [PID.4588]
[MD5.B9FBE2C4DE9A72E8997697C8D5CAD009] - (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336] [PID.3148]
[MD5.4AFFDCAADCB1DBBFFAF06C7F82E7F6FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776] [PID.3380]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.4856]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.5920]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.7384]
[MD5.A9B236A317FD2D8C9C9F43F33707667E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8216064] [PID.6576]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1492]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1532]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1724]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2008]
[MD5.9F712B26EE3B0242DE997A42FD302E2C] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136] [PID.1556]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1480]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.10748]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.10464]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- c:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.10640]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.11200]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.do =>Hijacker.SearchDo
~ Google Browser: 9 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: BBC iPlayer Desktop.lnk . (...) -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Kioskea.exe.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop [Public]: Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe
O4 - GS\Program [Public]: BBC iPlayer Desktop.lnk . (...) -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - GS\QuickLaunch [TOSHIBA]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [TOSHIBA]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [TOSHIBA]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [TOSHIBA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [TOSHIBA]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 73 Legitimates Filtered in 00mn 03s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Toshiba Places Icon Utility.lnk . (.Toshiba - Toshiba Places Icon Utility.) -- C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
O4 - GS\Startup [TOSHIBA]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)
O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)
O4 - HKLM\..\Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe (.not file.)
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Teco] C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe (.not file.)
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
O4 - HKCU\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [QuickCet] . (.No owner - QuickCet.) -- C:\Users\TOSHIBA\AppData\Local\QuickCet\QuickCet\QuickCet.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Wow6432Node\Run: [TSleepSrv] . (.TOSHIBA - TOSHIBA Sleep Service.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4197480782-1916531730-623419528-1000\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-21-4197480782-1916531730-623419528-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKUS\S-1-5-21-4197480782-1916531730-623419528-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4197480782-1916531730-623419528-1000\..\Run: [QuickCet] . (.No owner - QuickCet.) -- C:\Users\TOSHIBA\AppData\Local\QuickCet\QuickCet\QuickCet.exe
~ Application: Scanned in 00mn 01s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BFFDE79-E2F8-449D-BCC4-9A455CF3301C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BFFDE79-E2F8-449D-BCC4-9A455CF3301C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BFFDE79-E2F8-449D-BCC4-9A455CF3301C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: QuickCet - (.QuickCet.) [HKCU][64Bits] -- QuickCet
~ Logic: 154 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ChrmTB]
~ Key Software: 160 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 20/06/2013 - 18:38:54 - [0.005] ----D C:\ProgramData\oodr
O43 - CFD: 08/11/2013 - 13:44:42 - [0] ----D C:\Users\TOSHIBA\AppData\Roaming\0D0S1L2Z1P1B
O43 - CFD: 08/11/2013 - 14:20:37 - [1.074] ----D C:\Users\TOSHIBA\AppData\Roaming\dosearches =>PUP.DoSearches
O43 - CFD: 15/05/2013 - 19:17:10 - [0.150] ----D C:\Users\TOSHIBA\AppData\Local\QuickCet
~ 238 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 367 Legitimates Filtered in 01mn 03s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.60A6A30499835C4FA5FEB1351840C89B] - 14/11/2013 - 16:19:21 ---A- - C:\Windows\Prefetch\FM.EXE-751F7775.pf
~ Prefetcher: 139 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
~ Drivers: 19 Legitimates Filtered in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] AD52FC5A0D30457F816CEDCD5861BF93 - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - https://www.bing.com/?toHttps=1&redig=A285299509A549C698CB8C1DF7646608
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\TOSHIBA\AppData\Local\Temp\Quarantine.exe [350259]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][13/04/2013] (...) -- C:\Users\TOSHIBA\AppData\Local\Temp\vgkzgxylp3j4api2u27wq9.exe [0]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.2053A256B7082A3C6CABAD9895679569] [WIS][11/09/2012] (.British Broadcasting Corp. - BBC iPlayer Desktop.) -- C:\Windows\Installer\44e1a.msi [22016]
~ WIS: 165 Legitimates Filtered in 00mn 36s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 28/01/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SR - | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 03/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SR - | Demand 09/09/2012 936848 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 11/05/2012 200728 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 28/01/2011 225216 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SR - | Auto 11/05/2012 200728 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 11/05/2012 200728 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 11/05/2012 200728 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 11/05/2012 200728 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 10/09/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 11/05/2012 200728 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 11/05/2012 200728 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 22/06/2012 237920 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 22/06/2012 218320 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 22/06/2012 177144 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 11/05/2012 200728 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 09/10/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 28/08/2013 566696 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 10/02/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SR - | Demand 29/11/2010 54136 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 20/10/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 09/12/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SS - | Demand 12/04/2010 196976 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 02/03/2011 266680 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SR - | Demand 08/12/2010 137632 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SR - | Demand 01/07/2011 828856 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 39s
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by TOSHIBA at 14/11/2013 22:26:55
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by TOSHIBA at 14/11/2013 22:26:57
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 12994 - (14/11/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\QuickCet] =>Adware.QuickCet
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QuickCet] =>Adware.QuickCet
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:QuickCet =>Adware.QuickCet
C:\Users\TOSHIBA\AppData\Roaming\dosearches =>PUP.DoSearches^
C:\Users\TOSHIBA\AppData\Local\QuickCet =>Adware.QuickCet
~ Additionnel Scan: 327212 Items scanned in 00mn 32s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/33477786-pup-dosearches =>PUP.DoSearches
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/28155479-adware-quickcet =>Adware.QuickCet
~ MSI: 4 link(s) detected in 00mn 32s
~ 1801 Legitimates filtered by white list
End of the scan (461 lines in 06mn 28s)(0)
~ Report of ZHPDiag v2013.11.14.33 - Nicolas Coolman (14/11/2013)
~ Launched by TOSHIBA (14/11/2013 22:21:01)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v30.0.1599.101 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security v11.6.434
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 10 ActiveX
Adobe Reader X
Java 7 Update 7
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4043.9 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 173 GB (74%) free of 232 GB
---\\ Connection to the system mode
~ Computer Name: TOSHIBA-TOSH
~ User Name: TOSHIBA
~ All Users Names: TOSHIBA, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\TOSHIBA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\TOSHIBA\AppData\Roaming\
~ %Desktop% : C:\Users\TOSHIBA\Desktop\
~ %Favorites% : C:\Users\TOSHIBA\Favorites\
~ %LocalAppData% : C:\Users\TOSHIBA\AppData\Local\
~ %StartMenu% : C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 173 Go of 232 Go)
D: Hard drive, Flash drive, Thumb drive (Free 218 Go of 232 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internet Extensions for Win32.) (.12/10/2013 - 08:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 03:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 01:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.25/02/2011 - 06:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 01s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/875
~ Mes musiques (My Musics) : 1/10
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/25
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/588
~ Hidden Files: Scanned in 00mn 01s
---\\ Process running
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3632]
[MD5.97A1AFD42B8016D132C7BF38C955C6E1] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304560] [PID.3860]
[MD5.2A1BE3D0B2F439ABB52EF1570D8EB4F7] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280] [PID.4120]
[MD5.D630F2D985E5FED43FC41D5A9430FBDC] - (.No owner - QuickCet.) -- C:\Users\TOSHIBA\AppData\Local\QuickCet\QuickCet\QuickCet.exe [46592] [PID.4204]
[MD5.47C1DE0A890613FFCFF1D67648EEDF90] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920] [PID.4588]
[MD5.B9FBE2C4DE9A72E8997697C8D5CAD009] - (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336] [PID.3148]
[MD5.4AFFDCAADCB1DBBFFAF06C7F82E7F6FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776] [PID.3380]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.4856]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.5920]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.7384]
[MD5.A9B236A317FD2D8C9C9F43F33707667E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8216064] [PID.6576]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1492]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1532]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1724]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2008]
[MD5.9F712B26EE3B0242DE997A42FD302E2C] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136] [PID.1556]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1480]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.10748]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.10464]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- c:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.10640]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.11200]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.do =>Hijacker.SearchDo
~ Google Browser: 9 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: BBC iPlayer Desktop.lnk . (...) -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Kioskea.exe.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop [Public]: Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe
O4 - GS\Program [Public]: BBC iPlayer Desktop.lnk . (...) -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - GS\QuickLaunch [TOSHIBA]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [TOSHIBA]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [TOSHIBA]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [TOSHIBA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [TOSHIBA]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 73 Legitimates Filtered in 00mn 03s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Toshiba Places Icon Utility.lnk . (.Toshiba - Toshiba Places Icon Utility.) -- C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
O4 - GS\Startup [TOSHIBA]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)
O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)
O4 - HKLM\..\Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe (.not file.)
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Teco] C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe (.not file.)
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
O4 - HKCU\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [QuickCet] . (.No owner - QuickCet.) -- C:\Users\TOSHIBA\AppData\Local\QuickCet\QuickCet\QuickCet.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Wow6432Node\Run: [TSleepSrv] . (.TOSHIBA - TOSHIBA Sleep Service.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4197480782-1916531730-623419528-1000\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-21-4197480782-1916531730-623419528-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKUS\S-1-5-21-4197480782-1916531730-623419528-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4197480782-1916531730-623419528-1000\..\Run: [QuickCet] . (.No owner - QuickCet.) -- C:\Users\TOSHIBA\AppData\Local\QuickCet\QuickCet\QuickCet.exe
~ Application: Scanned in 00mn 01s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BFFDE79-E2F8-449D-BCC4-9A455CF3301C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BFFDE79-E2F8-449D-BCC4-9A455CF3301C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BFFDE79-E2F8-449D-BCC4-9A455CF3301C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: QuickCet - (.QuickCet.) [HKCU][64Bits] -- QuickCet
~ Logic: 154 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ChrmTB]
~ Key Software: 160 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 20/06/2013 - 18:38:54 - [0.005] ----D C:\ProgramData\oodr
O43 - CFD: 08/11/2013 - 13:44:42 - [0] ----D C:\Users\TOSHIBA\AppData\Roaming\0D0S1L2Z1P1B
O43 - CFD: 08/11/2013 - 14:20:37 - [1.074] ----D C:\Users\TOSHIBA\AppData\Roaming\dosearches =>PUP.DoSearches
O43 - CFD: 15/05/2013 - 19:17:10 - [0.150] ----D C:\Users\TOSHIBA\AppData\Local\QuickCet
~ 238 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 367 Legitimates Filtered in 01mn 03s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.60A6A30499835C4FA5FEB1351840C89B] - 14/11/2013 - 16:19:21 ---A- - C:\Windows\Prefetch\FM.EXE-751F7775.pf
~ Prefetcher: 139 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
~ Drivers: 19 Legitimates Filtered in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] AD52FC5A0D30457F816CEDCD5861BF93 - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - https://www.bing.com/?toHttps=1&redig=A285299509A549C698CB8C1DF7646608
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\TOSHIBA\AppData\Local\Temp\Quarantine.exe [350259]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][13/04/2013] (...) -- C:\Users\TOSHIBA\AppData\Local\Temp\vgkzgxylp3j4api2u27wq9.exe [0]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.2053A256B7082A3C6CABAD9895679569] [WIS][11/09/2012] (.British Broadcasting Corp. - BBC iPlayer Desktop.) -- C:\Windows\Installer\44e1a.msi [22016]
~ WIS: 165 Legitimates Filtered in 00mn 36s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 28/01/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SR - | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 03/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SR - | Demand 09/09/2012 936848 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 11/05/2012 200728 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 28/01/2011 225216 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SR - | Auto 11/05/2012 200728 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 11/05/2012 200728 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 11/05/2012 200728 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 11/05/2012 200728 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 10/09/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 11/05/2012 200728 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 11/05/2012 200728 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 22/06/2012 237920 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 22/06/2012 218320 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 22/06/2012 177144 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 11/05/2012 200728 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 09/10/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 28/08/2013 566696 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 10/02/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SR - | Demand 29/11/2010 54136 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 20/10/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 09/12/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SS - | Demand 12/04/2010 196976 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 02/03/2011 266680 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SR - | Demand 08/12/2010 137632 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SR - | Demand 01/07/2011 828856 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 39s
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by TOSHIBA at 14/11/2013 22:26:55
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by TOSHIBA at 14/11/2013 22:26:57
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 12994 - (14/11/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\QuickCet] =>Adware.QuickCet
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QuickCet] =>Adware.QuickCet
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:QuickCet =>Adware.QuickCet
C:\Users\TOSHIBA\AppData\Roaming\dosearches =>PUP.DoSearches^
C:\Users\TOSHIBA\AppData\Local\QuickCet =>Adware.QuickCet
~ Additionnel Scan: 327212 Items scanned in 00mn 32s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/33477786-pup-dosearches =>PUP.DoSearches
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/28155479-adware-quickcet =>Adware.QuickCet
~ MSI: 4 link(s) detected in 00mn 32s
~ 1801 Legitimates filtered by white list
End of the scan (461 lines in 06mn 28s)(0)
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 14, 2013 at 05:34 PM
Nov 14, 2013 at 05:34 PM
By George, this is a total success ! Victory !
You system should be running fine now, at least better.
Please delete:
1. Rogue Killer
2. Adwcleaner
3. Malwarebyte
Adwcleaner always updates and Malwarebyte may conflict with your antivirus.
Tomorrow, after I analyse your ZHP log, I will steps to optomize your system for safety and better performance.
You system should be running fine now, at least better.
Please delete:
1. Rogue Killer
2. Adwcleaner
3. Malwarebyte
Adwcleaner always updates and Malwarebyte may conflict with your antivirus.
Tomorrow, after I analyse your ZHP log, I will steps to optomize your system for safety and better performance.
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 14, 2013 at 05:42 PM
Nov 14, 2013 at 05:42 PM
Argh well maybe the problem lies further, I still get the dredded 200+ messages of : window's cant open this file when I start Windows. Thank you for input and time I can't thank you enough.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 15, 2013 at 04:33 AM
Nov 15, 2013 at 04:33 AM
Please upload a new ZHP Diag log on Speedyshare
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 15, 2013 at 04:48 AM
Nov 15, 2013 at 04:48 AM
Ok, that's done, the url is
<a href="http://speedy.sh/CnY5j/ZHPDiag.txt">Download at SpeedyShare</a>
<a href="http://speedy.sh/CnY5j/ZHPDiag.txt">Download at SpeedyShare</a>
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 15, 2013 at 05:46 AM
Nov 15, 2013 at 05:46 AM
Stand-by!
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 15, 2013 at 06:07 AM
Nov 15, 2013 at 06:07 AM
Okay, got it !
(Warning to all other members other than Crakermatt, this is a custom made solution, do not copy or emulate or your machine may be damaged)
1. Close all applications
2. Select and copy all of the following bold lines.
[HKCU\Software\ChrmTB]
G1 - GCS: Preference [User Data\Default] http://search.do
O43 - CFD: 08/11/2013 - 14:20:37 - [1.074] ----D C:\Users\TOSHIBA\AppData\Roaming\dosearches
C:\Users\TOSHIBA\AppData\Roaming\dosearches
C:\Users\TOSHIBA\AppData\Local\Temp\GoogleToolbarInstaller1.log
O45 - LFCP:[MD5.2B411B3E1325C72805C91FE34963B199] - 15/11/2013 - 00:57:41 ---A- - C:\Windows\Prefetch\QUICKCET.EXE-06EA7130.pf
O45 - LFCP:[MD5.B14DC3744CE79A66E86C58F3F210238B] - 15/11/2013 - 00:58:22 ---A- - C:\Windows\Prefetch\GUS3499.TMP-D9105FCE.pf
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\TOSHIBA\AppData\Local\Temp\Quarantine.exe [350259]
[MD5.B84C34C7087AC42C69133581A1924A53] [SPRF][15/11/2013] (.SanctionedMedia - SmadUninstaller.) -- C:\Users\TOSHIBA\AppData\Local\Temp\smUninstall.exe [8192]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][13/04/2013] (...) -- C:\Users\TOSHIBA\AppData\Local\Temp\vgkzgxylp3j4api2u27wq9.exe
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not
4. Click on the the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
(Warning to all other members other than Crakermatt, this is a custom made solution, do not copy or emulate or your machine may be damaged)
1. Close all applications
2. Select and copy all of the following bold lines.
[HKCU\Software\ChrmTB]
G1 - GCS: Preference [User Data\Default] http://search.do
O43 - CFD: 08/11/2013 - 14:20:37 - [1.074] ----D C:\Users\TOSHIBA\AppData\Roaming\dosearches
C:\Users\TOSHIBA\AppData\Roaming\dosearches
C:\Users\TOSHIBA\AppData\Local\Temp\GoogleToolbarInstaller1.log
O45 - LFCP:[MD5.2B411B3E1325C72805C91FE34963B199] - 15/11/2013 - 00:57:41 ---A- - C:\Windows\Prefetch\QUICKCET.EXE-06EA7130.pf
O45 - LFCP:[MD5.B14DC3744CE79A66E86C58F3F210238B] - 15/11/2013 - 00:58:22 ---A- - C:\Windows\Prefetch\GUS3499.TMP-D9105FCE.pf
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\TOSHIBA\AppData\Local\Temp\Quarantine.exe [350259]
[MD5.B84C34C7087AC42C69133581A1924A53] [SPRF][15/11/2013] (.SanctionedMedia - SmadUninstaller.) -- C:\Users\TOSHIBA\AppData\Local\Temp\smUninstall.exe [8192]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][13/04/2013] (...) -- C:\Users\TOSHIBA\AppData\Local\Temp\vgkzgxylp3j4api2u27wq9.exe
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not
4. Click on the the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 15, 2013 at 06:55 AM
Nov 15, 2013 at 06:55 AM
Once I'ved copied and pasted the bold lines, and clicked Go - a dialog box opens with the following and won't let me go further:
Avertissement
Samples
----------------------
Script ZHPFix (Ligne obligatoire)
C:\ProgramFiles\Magnipic
[HKEY_CURRENT_USER\Software\Magnipic]
[HKEY_USER\S-1-5-18\Control Magnipic]
[HKCU\Software\MagniPic]
Thanks for your time yet again.
Avertissement
Samples
----------------------
Script ZHPFix (Ligne obligatoire)
C:\ProgramFiles\Magnipic
[HKEY_CURRENT_USER\Software\Magnipic]
[HKEY_USER\S-1-5-18\Control Magnipic]
[HKCU\Software\MagniPic]
Thanks for your time yet again.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 15, 2013 at 06:16 PM
Nov 15, 2013 at 06:16 PM
Click okay
Magnipic is a virus to be deleted
Magnipic is a virus to be deleted
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 16, 2013 at 03:00 AM
Nov 16, 2013 at 03:00 AM
I click ok, but it just goes back to the zhpfix box and everytime I click go the same box comes up.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 16, 2013 at 04:11 AM
Nov 16, 2013 at 04:11 AM
Close ZHP Fix
Boot in safe mode and repeat the entire process with ZHP Fix
Boot in safe mode and repeat the entire process with ZHP Fix
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 16, 2013 at 05:35 AM
Nov 16, 2013 at 05:35 AM
Another thing.
Can you check in your programme files if you have such software as Magnipic.
Thanks
Can you check in your programme files if you have such software as Magnipic.
Thanks
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 16, 2013 at 09:25 AM
Nov 16, 2013 at 09:25 AM
I have the same problem in Safe mode with ZHP Fix I'm afraid pal.
I can check program files okay - but unsure what to look for.
I can check program files okay - but unsure what to look for.
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 17, 2013 at 02:34 AM
Nov 17, 2013 at 02:34 AM
I thank you very kindly for your patience in dealing with this problem, you must be as frustrated as me at times lol, Do I run combofix in safe made with networking or normal windows?
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 17, 2013 at 06:06 AM
Nov 17, 2013 at 06:06 AM
I am not frustrated, but I get angry at those who create viruses just to spite good people.
You can run it in normal mode but remember to first deactivate your McAfee.
You can run it in normal mode but remember to first deactivate your McAfee.
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 17, 2013 at 08:33 AM
Nov 17, 2013 at 08:33 AM
Well yes, I'm sure their time could be better spent elsewhere, unfortunately the combofix process didn't work, although the log does list all the file names that pop up when I start Windows.
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 17, 2013 at 08:49 AM
Nov 17, 2013 at 08:49 AM
ComboFix 13-11-16.01 - TOSHIBA 17/11/2013 13:21:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2034 [GMT 0:00]
Running from: c:\users\TOSHIBA\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dir
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3094.OUE
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3105.XUA
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3904.JOA
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3968.QOE
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4089.PKR
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4515.NDK
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4529.KED
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4984.MKQ
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5259.FMW
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6120.AUH
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6143.WBL
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6917.DYJ
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6922.MMS
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7391.EOZ
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7535.IRL
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7619.QKZ
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8470.URD
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8476.SND
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8635.UTO
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8886.FMS
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8951.SQN
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9086.MFG
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9386.XYU
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9494.GUT
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9497.DWM
.
.
((((((((((((((((((((((((( Files Created from 2013-10-17 to 2013-11-17 )))))))))))))))))))))))))))))))
.
.
2013-11-17 13:26 . 2013-11-17 13:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-16 09:14 . 2013-11-16 09:20 -------- d-----w- c:\programdata\HitmanPro
2013-11-16 08:38 . 2013-11-16 08:38 -------- d-----w- c:\windows\ERUNT
2013-11-14 11:56 . 2013-11-14 11:56 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Malwarebytes
2013-11-14 11:56 . 2013-11-14 11:56 -------- d-----w- c:\programdata\Malwarebytes
2013-11-14 06:01 . 2013-11-15 12:18 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-11-14 05:47 . 2013-11-17 13:00 -------- d-----w- c:\program files (x86)\ZHPDiag
2013-11-14 05:47 . 2013-11-15 12:17 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\ZHP
2013-11-14 00:31 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-14 00:31 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-14 00:31 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-14 00:31 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-14 00:31 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-14 00:31 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-08 13:44 . 2013-11-08 13:44 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\0D0S1L2Z1P1B
2013-11-08 13:44 . 2013-11-08 14:20 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\dosearches
2013-11-08 13:44 . 2013-11-08 13:44 -------- d-----w- c:\users\TOSHIBA\AppData\Local\Programs
2013-11-07 23:04 . 2013-11-07 17:38 5 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\63419.MSP
2013-11-07 23:04 . 2013-11-08 02:45 -------- d-sh--w- c:\users\TOSHIBA\J34I
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 03:01 . 2012-09-18 18:24 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-09-08 02:30 . 2013-10-14 07:19 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-14 07:19 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-14 07:19 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:11 . 2013-10-09 06:47 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-14 07:19 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-14 07:19 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-14 07:18 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-14 07:19 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-14 07:19 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-14 07:19 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-14 07:19 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-14 07:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-14 07:19 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-14 07:19 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-14 07:19 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-14 07:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-14 07:18 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-14 07:18 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-14 07:18 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-14 07:18 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-14 07:19 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-14 07:17 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-08-28 1811880]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
10491.BHQ [2013-11-7 5]
10678.QPN [2013-11-7 5]
10768.WVS [2013-11-7 5]
10970.KUE [2013-11-7 5]
10996.YDZ [2013-11-7 5]
11709.IOZ [2013-11-7 5]
12426.HOU [2013-11-7 5]
13123.CQU [2013-11-7 5]
13191.BYC [2013-11-7 5]
13421.CIB [2013-11-7 5]
13428.HGT [2013-11-7 5]
14030.IDB [2013-11-7 5]
14977.UAN [2013-11-7 5]
15052.GGI [2013-11-7 5]
15268.OLA [2013-11-7 5]
15479.PAL [2013-11-7 5]
15602.BJQ [2013-11-7 5]
15683.OTN [2013-11-7 5]
15830.CRC [2013-11-7 5]
15902.QBZ [2013-11-7 5]
15974.KAX [2013-11-7 5]
16418.YXW [2013-11-7 5]
17164.YMG [2013-11-7 5]
17234.VXJ [2013-11-7 5]
1727.DNE [2013-11-7 4]
17305.SXD [2013-11-7 5]
18186.FRJ [2013-11-7 5]
19023.FZW [2013-11-7 5]
20400.NRO [2013-11-7 5]
20587.TRJ [2013-11-7 5]
20692.GNV [2013-11-7 5]
20793.YXE [2013-11-7 5]
21074.HZY [2013-11-7 5]
21083.JNM [2013-11-7 5]
21400.IIB [2013-11-7 5]
22004.DMX [2013-11-7 5]
22754.DKW [2013-11-7 5]
22832.QRM [2013-11-7 5]
23273.VRI [2013-11-7 5]
23446.FGR [2013-11-7 5]
24009.PMS [2013-11-7 5]
24101.GMK [2013-11-7 5]
24132.ECY [2013-11-7 5]
24450.EFS [2013-11-7 5]
24829.VLU [2013-11-7 5]
24909.KFI [2013-11-7 5]
24987.HNQ [2013-11-7 5]
25324.BDO [2013-11-7 5]
26074.WEN [2013-11-7 5]
26444.WXY [2013-11-7 5]
26565.VVL [2013-11-7 5]
26624.EFB [2013-11-7 5]
26674.NFC [2013-11-7 5]
26766.WOL [2013-11-7 5]
27403.LOE [2013-11-7 5]
27759.ZJI [2013-11-7 5]
28128.ZGW [2013-11-7 5]
28359.SJO [2013-11-7 5]
28675.LYX [2013-11-7 5]
29344.TRY [2013-11-7 5]
29974.VGY [2013-11-7 5]
31295.SHP [2013-11-7 5]
31843.ZDM [2013-11-7 5]
32152.FDM [2013-11-7 5]
32304.VFD [2013-11-7 5]
33112.PAM [2013-11-7 5]
33491.BJK [2013-11-7 5]
33591.IJI [2013-11-7 5]
33986.MSA [2013-11-7 5]
33995.OFY [2013-11-7 5]
34197.GJD [2013-11-7 5]
34397.MND [2013-11-7 5]
34421.HTX [2013-11-7 5]
34565.FTA [2013-11-7 5]
34958.GHJ [2013-11-7 5]
35077.BUO [2013-11-7 5]
35605.GAD [2013-11-7 5]
35672.HWR [2013-11-7 5]
36019.SQS [2013-11-7 5]
36297.UII [2013-11-7 5]
36604.NFL [2013-11-7 5]
37222.PNS [2013-11-7 5]
37252.MMQ [2013-11-7 5]
37601.NYZ [2013-11-7 5]
38175.TMZ [2013-11-7 5]
38677.CHL [2013-11-7 5]
38830.IXG [2013-11-7 5]
38870.NZZ [2013-11-7 5]
40374.WHG [2013-11-7 5]
40581.CBV [2013-11-7 5]
40593.NCQ [2013-11-7 5]
41000.UCE [2013-11-7 5]
41251.YSL [2013-11-7 5]
41359.PBU [2013-11-7 5]
41942.LWP [2013-11-7 5]
42151.OHR [2013-11-7 5]
42153.UMR [2013-11-7 5]
42582.OGC [2013-11-7 5]
42752.LVL [2013-11-7 5]
43042.ULM [2013-11-7 5]
43113.RVR [2013-11-7 5]
43156.AEA [2013-11-7 5]
43358.BPY [2013-11-7 5]
43422.WVS [2013-11-7 5]
43814.HYA [2013-11-7 5]
44154.PNM [2013-11-7 5]
44778.RGO [2013-11-7 5]
45054.GHO [2013-11-7 5]
45430.GBK [2013-11-7 5]
46949.FRK [2013-11-7 5]
47235.IXI [2013-11-7 5]
47717.ZXZ [2013-11-7 5]
47852.DPF [2013-11-7 5]
48191.CKA [2013-11-7 5]
49360.XOL [2013-11-7 5]
49887.CYQ [2013-11-7 5]
50343.XIP [2013-11-7 5]
50602.UDH [2013-11-7 5]
51046.LDX [2013-11-7 5]
51140.SYJ [2013-11-7 5]
51392.BKG [2013-11-7 5]
51499.OGT [2013-11-7 5]
51607.HGO [2013-11-7 5]
51626.WNN [2013-11-7 5]
52356.UFX [2013-11-7 5]
53054.IDO [2013-11-7 5]
53471.AOV [2013-11-7 5]
53584.BEW [2013-11-7 5]
53888.THR [2013-11-7 5]
54320.IIO [2013-11-7 5]
54704.MJG [2013-11-7 5]
54734.MHT [2013-11-7 5]
54874.KTK [2013-11-7 5]
55362.FQU [2013-11-7 5]
55379.XCW [2013-11-7 5]
55433.YFX [2013-11-7 5]
55865.GRC [2013-11-7 5]
56237.FBK [2013-11-7 5]
56428.JGK [2013-11-7 5]
57405.OTJ [2013-11-7 5]
57868.IWK [2013-11-7 5]
58167.KTK [2013-11-7 5]
58179.SLU [2013-11-7 5]
58590.TNB [2013-11-7 5]
58629.TWH [2013-11-7 5]
58783.AVU [2013-11-7 5]
58823.MQT [2013-11-7 5]
58840.RJP [2013-11-7 5]
59456.CYY [2013-11-7 5]
60259.IRN [2013-11-7 5]
60351.NUK [2013-11-7 5]
60579.EEZ [2013-11-7 5]
60597.KNK [2013-11-7 5]
60694.ITB [2013-11-7 5]
60739.ZPC [2013-11-7 5]
61151.EAK [2013-11-7 5]
61416.KOC [2013-11-7 5]
61723.KLO [2013-11-7 5]
61799.ISR [2013-11-7 5]
62190.PUU [2013-11-7 5]
62927.OXY [2013-11-7 5]
63173.XHN [2013-11-7 5]
63340.BNL [2013-11-7 5]
63419.MSP [2013-11-7 5]
63745.GDG [2013-11-7 5]
64219.SPF [2013-11-7 5]
64550.OZQ [2013-11-7 5]
64649.YLW [2013-11-7 5]
65398.CTQ [2013-11-7 5]
65593.SLD [2013-11-7 5]
65598.BHB [2013-11-7 5]
65763.GIA [2013-11-7 5]
66308.RMI [2013-11-7 5]
66417.PKK [2013-11-7 5]
66540.VAL [2013-11-7 5]
66762.OMX [2013-11-7 5]
67133.JAG [2013-11-7 5]
67614.RQK [2013-11-7 5]
67793.QKD [2013-11-7 5]
67878.VIH [2013-11-7 5]
68231.KGK [2013-11-7 5]
68312.NDE [2013-11-7 5]
68333.LSP [2013-11-7 5]
69075.INQ [2013-11-7 5]
69553.JWH [2013-11-7 5]
70013.RGL [2013-11-7 5]
70298.EJX [2013-11-7 5]
70691.LOH [2013-11-7 5]
70785.LUT [2013-11-7 5]
70982.XNP [2013-11-7 5]
71112.OWL [2013-11-7 5]
71389.DGW [2013-11-7 5]
71834.SML [2013-11-7 5]
72529.QCQ [2013-11-7 5]
72828.NRF [2013-11-7 5]
73408.KPA [2013-11-7 5]
73719.OXD [2013-11-7 5]
73953.HJD [2013-11-7 5]
74234.FDH [2013-11-7 5]
74715.KAU [2013-11-7 5]
74874.HCQ [2013-11-7 5]
75622.WWX [2013-11-7 5]
75889.YRJ [2013-11-7 5]
75958.DDA [2013-11-7 5]
77581.HNW [2013-11-7 5]
77996.IJI [2013-11-7 5]
79531.SFS [2013-11-7 5]
79596.ZOQ [2013-11-7 5]
79650.WPV [2013-11-7 5]
79767.DSG [2013-11-7 5]
79963.RZE [2013-11-7 5]
80391.ZZF [2013-11-7 5]
80433.YHP [2013-11-7 5]
81341.UBD [2013-11-7 5]
81655.QIX [2013-11-7 5]
81971.EHU [2013-11-7 5]
82239.EHX [2013-11-7 5]
82299.AEE [2013-11-7 5]
83026.HKZ [2013-11-7 5]
83352.KIH [2013-11-7 5]
83360.MYS [2013-11-7 5]
84113.KGC [2013-11-7 5]
84693.RKE [2013-11-7 5]
85378.KFX [2013-11-7 5]
85941.STR [2013-11-7 5]
86303.MGZ [2013-11-7 5]
86562.BDQ [2013-11-7 5]
86568.OQW [2013-11-7 5]
87117.OAP [2013-11-7 5]
87653.GIX [2013-11-7 5]
87653.JSV [2013-11-7 5]
88097.WQZ [2013-11-7 5]
88118.PDZ [2013-11-7 5]
88330.YRC [2013-11-7 5]
88390.TPJ [2013-11-7 5]
88766.JYN [2013-11-7 5]
88769.WGA [2013-11-7 5]
89197.VGE [2013-11-7 5]
89269.SPZ [2013-11-7 5]
89528.YGH [2013-11-7 5]
90304.RAC [2013-11-7 5]
91475.MPR [2013-11-7 5]
91540.PQF [2013-11-7 5]
91642.UBR [2013-11-7 5]
92167.LUT [2013-11-7 5]
92436.UVK [2013-11-7 5]
92560.NOM [2013-11-7 5]
92820.RNM [2013-11-7 5]
93631.RDF [2013-11-7 5]
93697.CXK [2013-11-7 5]
93799.BKN [2013-11-7 5]
93852.DKB [2013-11-7 5]
94225.BZX [2013-11-7 5]
94700.JXX [2013-11-7 5]
95011.SKJ [2013-11-7 5]
95214.NVS [2013-11-7 5]
97237.SIK [2013-11-7 5]
97249.RUX [2013-11-7 5]
97338.OIO [2013-11-7 5]
97522.KCP [2013-11-7 5]
97900.GJU [2013-11-7 5]
97919.IEN [2013-11-7 5]
98206.AJE [2013-11-7 5]
98250.LCZ [2013-11-7 5]
99406.DBX [2013-11-7 5]
99663.LWI [2013-11-7 5]
A14029.HIA [2013-11-7 6]
A47997.RTO [2013-11-7 6]
A60997.JLK [2013-11-7 6]
A6134.NON [2013-11-7 5]
A6381.LDL [2013-11-7 5]
A72892.UBQ [2013-11-7 6]
A83106.JHK [2013-11-7 6]
A87298.KCT [2013-11-7 6]
B10882.NDD [2013-11-7 6]
B19173.IIW [2013-11-7 6]
B28451.CAZ [2013-11-7 6]
B36964.XVN [2013-11-7 6]
B48725.OFR [2013-11-7 6]
B54400.XZJ [2013-11-7 6]
B55983.XMI [2013-11-7 6]
B6813.ZXJ [2013-11-7 5]
B70249.KNA [2013-11-7 6]
B75956.SNC [2013-11-7 6]
B93846.JQG [2013-11-7 6]
B94475.LLU [2013-11-7 6]
B96506.IRM [2013-11-7 6]
B97139.CCT [2013-11-7 6]
B97447.ZFA [2013-11-7 6]
C10034.BBU [2013-11-7 6]
C25838.TQN [2013-11-7 6]
C30458.WQP [2013-11-7 6]
C30602.YAJ [2013-11-7 6]
C37803.QKT [2013-11-7 6]
C49880.YIA [2013-11-7 6]
C7196.OCL [2013-11-7 5]
C76323.PMQ [2013-11-7 6]
C82264.CZM [2013-11-7 6]
C97445.ZPB [2013-11-7 6]
D49766.MAO [2013-11-7 6]
D58467.FNM [2013-11-7 6]
D65698.ACB [2013-11-7 6]
D75894.HHU [2013-11-7 6]
D78196.AEK [2013-11-7 6]
D90315.TCC [2013-11-7 6]
D94574.QPN [2013-11-7 6]
E2044.QBA [2013-11-7 5]
E52789.BVM [2013-11-7 6]
E60830.TYW [2013-11-7 6]
E65889.ODN [2013-11-7 6]
E71983.ABF [2013-11-7 6]
E82081.OZT [2013-11-7 6]
E87653.MTT [2013-11-7 6]
E88195.WNI [2013-11-7 6]
E9124.FDP [2013-11-7 5]
E94332.SOE [2013-11-7 6]
E97885.WEN [2013-11-7 6]
F28484.FRX [2013-11-7 6]
F28976.QCZ [2013-11-7 6]
F30552.OBL [2013-11-7 6]
F37638.ORJ [2013-11-7 6]
F49528.MDF [2013-11-7 6]
F60144.HFH [2013-11-7 6]
F65998.OCS [2013-11-7 6]
F70039.KAN [2013-11-7 6]
F85499.JCZ [2013-11-7 6]
F94004.TWB [2013-11-7 6]
G15328.BIJ [2013-11-7 6]
G15841.UMW [2013-11-7 6]
G32511.NNS [2013-11-7 6]
G37354.XDU [2013-11-7 6]
G41045.UYW [2013-11-7 6]
G48721.XJT [2013-11-7 6]
G50295.WIK [2013-11-7 6]
G55400.CXW [2013-11-7 6]
G57943.BCR [2013-11-7 6]
G66656.GMJ [2013-11-7 6]
G92040.KAR [2013-11-7 6]
H36116.FLA [2013-11-7 6]
H36307.DCV [2013-11-7 6]
H43310.RBU [2013-11-7 6]
H44061.SYW [2013-11-7 6]
H51744.BGM [2013-11-7 6]
H75365.FUJ [2013-11-7 6]
H93075.WBY [2013-11-7 6]
I12714.WTD [2013-11-7 6]
I18594.GRV [2013-11-7 6]
I23668.BPL [2013-11-7 6]
I51934.XTT [2013-11-7 6]
I53072.HTY [2013-11-7 6]
I83341.OBU [2013-11-7 6]
I87559.FPC [2013-11-7 6]
I88616.CVI [2013-11-7 6]
J19069.QAZ [2013-11-7 6]
J55172.IIR [2013-11-7 6]
J65259.SYY [2013-11-7 6]
J69607.ZZI [2013-11-7 6]
J71257.KAH [2013-11-7 6]
J79797.AXU [2013-11-7 6]
J87166.FXP [2013-11-7 6]
J97547.AQA [2013-11-7 6]
J98232.ECI [2013-11-7 6]
K21182.FKB [2013-11-7 6]
K49764.IPJ [2013-11-7 6]
K50336.LWW [2013-11-7 6]
K58493.XZF [2013-11-7 6]
K66672.SHT [2013-11-7 6]
K74377.TTN [2013-11-7 6]
K77668.WRR [2013-11-7 6]
K86489.MVO [2013-11-7 6]
K91649.OOT [2013-11-7 6]
L13044.PDQ [2013-11-7 6]
L39151.RZF [2013-11-7 6]
L41412.DPJ [2013-11-7 6]
L43802.JHN [2013-11-7 6]
L54923.ESN [2013-11-7 6]
L6063.VXY [2013-11-7 5]
L71322.RDY [2013-11-7 6]
L77594.ZWA [2013-11-7 6]
L93112.AXU [2013-11-7 6]
L9337.NRH [2013-11-7 5]
L96921.QPN [2013-11-7 6]
L99933.VNA [2013-11-7 6]
M11323.KGI [2013-11-7 6]
M13017.RIU [2013-11-7 6]
M14651.BZK [2013-11-7 6]
M23004.QMA [2013-11-7 6]
M28121.PTO [2013-11-7 6]
M30132.OZA [2013-11-7 6]
M54534.JYG [2013-11-7 6]
M65898.QDV [2013-11-7 6]
M72147.VNY [2013-11-7 6]
M75010.AZN [2013-11-7 6]
M83139.GKY [2013-11-7 6]
M86945.IMJ [2013-11-7 6]
M88992.DXB [2013-11-7 6]
M9393.NYM [2013-11-7 5]
N16609.YSS [2013-11-7 6]
N26925.AEA [2013-11-7 6]
N47132.BRH [2013-11-7 6]
N47271.LAZ [2013-11-7 6]
N54766.USE [2013-11-7 6]
N6015.NMF [2013-11-7 5]
N68858.SMV [2013-11-7 6]
N85986.VBF [2013-11-7 6]
N87261.LHJ [2013-11-7 6]
N88670.RRC [2013-11-7 6]
N8878.GGE [2013-11-7 5]
N91189.RTV [2013-11-7 6]
O19944.LBF [2013-11-7 6]
O21765.AYH [2013-11-7 6]
O4899.ZMI [2013-11-7 5]
O52815.SZR [2013-11-7 6]
O76609.TZQ [2013-11-7 6]
O79334.BLO [2013-11-7 6]
O94690.LXS [2013-11-7 6]
P1335.GZW [2013-11-7 5]
P17002.BOG [2013-11-7 6]
P26710.KMF [2013-11-7 6]
P27883.VMJ [2013-11-7 6]
P31774.PWH [2013-11-7 6]
P44221.KPO [2013-11-7 6]
P6603.FFH [2013-11-7 5]
P94544.GMG [2013-11-7 6]
Q17606.RQE [2013-11-7 6]
Q21886.SSL [2013-11-7 6]
Q42939.JMO [2013-11-7 6]
Q4389.TFI [2013-11-7 5]
Q52199.XDN [2013-11-7 6]
Q54202.WUU [2013-11-7 6]
Q63864.QAD [2013-11-7 6]
Q64480.TLH [2013-11-7 6]
Q67073.IVV [2013-11-7 6]
Q69518.WGY [2013-11-7 6]
Q82067.QWQ [2013-11-7 6]
Q85623.PDJ [2013-11-7 6]
Q97237.OVK [2013-11-7 6]
R11213.KEH [2013-11-7 6]
R39890.VHH [2013-11-7 6]
R41078.ZAF [2013-11-7 6]
R42974.ZTY [2013-11-7 6]
R46034.QRZ [2013-11-7 6]
R52101.DGK [2013-11-7 6]
R5251.NJB [2013-11-7 5]
R5573.KSP [2013-11-7 5]
R68575.KIN [2013-11-7 6]
R75160.RKZ [2013-11-7 6]
S12895.UHW [2013-11-7 6]
S17960.HEW [2013-11-7 6]
S23023.GEF [2013-11-7 6]
S24207.TBQ [2013-11-7 6]
S30238.JZN [2013-11-7 6]
S40360.GJF [2013-11-7 6]
S45741.JPT [2013-11-7 6]
S51357.MXJ [2013-11-7 6]
S68023.XLP [2013-11-7 6]
S82354.PTE [2013-11-7 6]
S84963.LWK [2013-11-7 6]
T13322.JMW [2013-11-7 6]
T18004.VCN [2013-11-7 6]
T2107.FZC [2013-11-7 5]
T37856.FUD [2013-11-7 6]
T42173.ZDB [2013-11-7 6]
T50579.PBE [2013-11-7 6]
T67488.OJB [2013-11-7 6]
T72871.UHW [2013-11-7 6]
T75931.FRV [2013-11-7 6]
T78624.QDE [2013-11-7 6]
T81148.HZL [2013-11-7 6]
T85296.WNX [2013-11-7 6]
T85660.HLK [2013-11-7 6]
T88787.SPQ [2013-11-7 6]
T90878.TEB [2013-11-7 6]
T93839.DJE [2013-11-7 6]
T96974.IUO [2013-11-7 6]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
U21116.HBL [2013-11-7 6]
U40267.MIX [2013-11-7 6]
U44505.HCY [2013-11-7 6]
U51373.LST [2013-11-7 6]
U5933.CFK [2013-11-7 5]
U59611.WXI [2013-11-7 6]
U77035.QJU [2013-11-7 6]
U78077.RZI [2013-11-7 6]
U95963.IKC [2013-11-7 6]
V18717.NHO [2013-11-7 6]
V27168.KHQ [2013-11-7 6]
V42242.BJF [2013-11-7 6]
V48959.RQR [2013-11-7 6]
V49584.NYP [2013-11-7 6]
V5951.JBP [2013-11-7 5]
V85018.FQZ [2013-11-7 6]
V90351.AHT [2013-11-7 6]
W15855.LGA [2013-11-7 6]
W16434.DXY [2013-11-7 6]
W18954.NXH [2013-11-7 6]
W27141.AMH [2013-11-7 6]
W29764.RMC [2013-11-7 6]
W30805.QGT [2013-11-7 6]
W49056.QDP [2013-11-7 6]
W83770.LUQ [2013-11-7 6]
X32796.BYI [2013-11-7 6]
X35376.WCL [2013-11-7 6]
X44123.DZQ [2013-11-7 6]
X44297.LMH [2013-11-7 6]
X54971.JZP [2013-11-7 6]
X5510.LLG [2013-11-7 5]
X60547.EKE [2013-11-7 6]
X79720.PWN [2013-11-7 6]
X93729.ZHZ [2013-11-7 6]
X95242.NSX [2013-11-7 6]
Y21438.XEU [2013-11-7 6]
Y36415.DDT [2013-11-7 6]
Y38659.GBL [2013-11-7 6]
Y51697.QTS [2013-11-7 6]
Y53028.DBZ [2013-11-7 6]
Y57499.RVA [2013-11-7 6]
Y63365.OFA [2013-11-7 6]
Y81213.KIN [2013-11-7 6]
Y83553.HUR [2013-11-7 6]
Z10542.LET [2013-11-7 6]
Z12803.UFS [2013-11-7 6]
Z27869.DGQ [2013-11-7 6]
Z31394.HMI [2013-11-7 6]
Z36479.XNT [2013-11-7 6]
Z39757.ZDR [2013-11-7 6]
Z45661.MEG [2013-11-7 6]
Z46642.GEX [2013-11-7 6]
Z48543.FIT [2013-11-7 6]
Z52021.WAX [2013-11-7 6]
Z52696.XPV [2013-11-7 6]
Z56133.IDJ [2013-11-7 6]
Z71342.DZT [2013-11-7 6]
Z76490.FND [2013-11-7 6]
Z78763.JEM [2013-11-7 6]
Z86376.PEY [2013-11-7 6]
Z87462.KZE [2013-11-7 6]
Z98383.FZF [2013-11-7 6]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 08:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:00]
.
2013-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-17 13:27:26
ComboFix-quarantined-files.txt 2013-11-17 13:27
.
Pre-Run: 187,865,980,928 bytes free
Post-Run: 188,368,183,296 bytes free
.
- - End Of File - - 8F3E351F0DAA5DA0BB2D575D422D1B42
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2034 [GMT 0:00]
Running from: c:\users\TOSHIBA\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dir
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3094.OUE
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3105.XUA
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3904.JOA
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3968.QOE
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4089.PKR
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4515.NDK
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4529.KED
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4984.MKQ
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5259.FMW
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6120.AUH
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6143.WBL
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6917.DYJ
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6922.MMS
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7391.EOZ
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7535.IRL
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7619.QKZ
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8470.URD
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8476.SND
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8635.UTO
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8886.FMS
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8951.SQN
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9086.MFG
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9386.XYU
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9494.GUT
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9497.DWM
.
.
((((((((((((((((((((((((( Files Created from 2013-10-17 to 2013-11-17 )))))))))))))))))))))))))))))))
.
.
2013-11-17 13:26 . 2013-11-17 13:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-16 09:14 . 2013-11-16 09:20 -------- d-----w- c:\programdata\HitmanPro
2013-11-16 08:38 . 2013-11-16 08:38 -------- d-----w- c:\windows\ERUNT
2013-11-14 11:56 . 2013-11-14 11:56 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Malwarebytes
2013-11-14 11:56 . 2013-11-14 11:56 -------- d-----w- c:\programdata\Malwarebytes
2013-11-14 06:01 . 2013-11-15 12:18 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-11-14 05:47 . 2013-11-17 13:00 -------- d-----w- c:\program files (x86)\ZHPDiag
2013-11-14 05:47 . 2013-11-15 12:17 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\ZHP
2013-11-14 00:31 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-14 00:31 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-14 00:31 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-14 00:31 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-14 00:31 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-14 00:31 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-08 13:44 . 2013-11-08 13:44 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\0D0S1L2Z1P1B
2013-11-08 13:44 . 2013-11-08 14:20 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\dosearches
2013-11-08 13:44 . 2013-11-08 13:44 -------- d-----w- c:\users\TOSHIBA\AppData\Local\Programs
2013-11-07 23:04 . 2013-11-07 17:38 5 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\63419.MSP
2013-11-07 23:04 . 2013-11-08 02:45 -------- d-sh--w- c:\users\TOSHIBA\J34I
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 03:01 . 2012-09-18 18:24 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-09-08 02:30 . 2013-10-14 07:19 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-14 07:19 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-14 07:19 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:11 . 2013-10-09 06:47 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-14 07:19 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-14 07:19 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-14 07:18 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-14 07:19 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-14 07:19 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-14 07:19 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-14 07:19 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-14 07:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-14 07:19 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-14 07:19 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-14 07:19 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-14 07:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-14 07:18 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-14 07:18 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-14 07:18 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-14 07:18 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-14 07:19 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-14 07:17 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-08-28 1811880]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
10491.BHQ [2013-11-7 5]
10678.QPN [2013-11-7 5]
10768.WVS [2013-11-7 5]
10970.KUE [2013-11-7 5]
10996.YDZ [2013-11-7 5]
11709.IOZ [2013-11-7 5]
12426.HOU [2013-11-7 5]
13123.CQU [2013-11-7 5]
13191.BYC [2013-11-7 5]
13421.CIB [2013-11-7 5]
13428.HGT [2013-11-7 5]
14030.IDB [2013-11-7 5]
14977.UAN [2013-11-7 5]
15052.GGI [2013-11-7 5]
15268.OLA [2013-11-7 5]
15479.PAL [2013-11-7 5]
15602.BJQ [2013-11-7 5]
15683.OTN [2013-11-7 5]
15830.CRC [2013-11-7 5]
15902.QBZ [2013-11-7 5]
15974.KAX [2013-11-7 5]
16418.YXW [2013-11-7 5]
17164.YMG [2013-11-7 5]
17234.VXJ [2013-11-7 5]
1727.DNE [2013-11-7 4]
17305.SXD [2013-11-7 5]
18186.FRJ [2013-11-7 5]
19023.FZW [2013-11-7 5]
20400.NRO [2013-11-7 5]
20587.TRJ [2013-11-7 5]
20692.GNV [2013-11-7 5]
20793.YXE [2013-11-7 5]
21074.HZY [2013-11-7 5]
21083.JNM [2013-11-7 5]
21400.IIB [2013-11-7 5]
22004.DMX [2013-11-7 5]
22754.DKW [2013-11-7 5]
22832.QRM [2013-11-7 5]
23273.VRI [2013-11-7 5]
23446.FGR [2013-11-7 5]
24009.PMS [2013-11-7 5]
24101.GMK [2013-11-7 5]
24132.ECY [2013-11-7 5]
24450.EFS [2013-11-7 5]
24829.VLU [2013-11-7 5]
24909.KFI [2013-11-7 5]
24987.HNQ [2013-11-7 5]
25324.BDO [2013-11-7 5]
26074.WEN [2013-11-7 5]
26444.WXY [2013-11-7 5]
26565.VVL [2013-11-7 5]
26624.EFB [2013-11-7 5]
26674.NFC [2013-11-7 5]
26766.WOL [2013-11-7 5]
27403.LOE [2013-11-7 5]
27759.ZJI [2013-11-7 5]
28128.ZGW [2013-11-7 5]
28359.SJO [2013-11-7 5]
28675.LYX [2013-11-7 5]
29344.TRY [2013-11-7 5]
29974.VGY [2013-11-7 5]
31295.SHP [2013-11-7 5]
31843.ZDM [2013-11-7 5]
32152.FDM [2013-11-7 5]
32304.VFD [2013-11-7 5]
33112.PAM [2013-11-7 5]
33491.BJK [2013-11-7 5]
33591.IJI [2013-11-7 5]
33986.MSA [2013-11-7 5]
33995.OFY [2013-11-7 5]
34197.GJD [2013-11-7 5]
34397.MND [2013-11-7 5]
34421.HTX [2013-11-7 5]
34565.FTA [2013-11-7 5]
34958.GHJ [2013-11-7 5]
35077.BUO [2013-11-7 5]
35605.GAD [2013-11-7 5]
35672.HWR [2013-11-7 5]
36019.SQS [2013-11-7 5]
36297.UII [2013-11-7 5]
36604.NFL [2013-11-7 5]
37222.PNS [2013-11-7 5]
37252.MMQ [2013-11-7 5]
37601.NYZ [2013-11-7 5]
38175.TMZ [2013-11-7 5]
38677.CHL [2013-11-7 5]
38830.IXG [2013-11-7 5]
38870.NZZ [2013-11-7 5]
40374.WHG [2013-11-7 5]
40581.CBV [2013-11-7 5]
40593.NCQ [2013-11-7 5]
41000.UCE [2013-11-7 5]
41251.YSL [2013-11-7 5]
41359.PBU [2013-11-7 5]
41942.LWP [2013-11-7 5]
42151.OHR [2013-11-7 5]
42153.UMR [2013-11-7 5]
42582.OGC [2013-11-7 5]
42752.LVL [2013-11-7 5]
43042.ULM [2013-11-7 5]
43113.RVR [2013-11-7 5]
43156.AEA [2013-11-7 5]
43358.BPY [2013-11-7 5]
43422.WVS [2013-11-7 5]
43814.HYA [2013-11-7 5]
44154.PNM [2013-11-7 5]
44778.RGO [2013-11-7 5]
45054.GHO [2013-11-7 5]
45430.GBK [2013-11-7 5]
46949.FRK [2013-11-7 5]
47235.IXI [2013-11-7 5]
47717.ZXZ [2013-11-7 5]
47852.DPF [2013-11-7 5]
48191.CKA [2013-11-7 5]
49360.XOL [2013-11-7 5]
49887.CYQ [2013-11-7 5]
50343.XIP [2013-11-7 5]
50602.UDH [2013-11-7 5]
51046.LDX [2013-11-7 5]
51140.SYJ [2013-11-7 5]
51392.BKG [2013-11-7 5]
51499.OGT [2013-11-7 5]
51607.HGO [2013-11-7 5]
51626.WNN [2013-11-7 5]
52356.UFX [2013-11-7 5]
53054.IDO [2013-11-7 5]
53471.AOV [2013-11-7 5]
53584.BEW [2013-11-7 5]
53888.THR [2013-11-7 5]
54320.IIO [2013-11-7 5]
54704.MJG [2013-11-7 5]
54734.MHT [2013-11-7 5]
54874.KTK [2013-11-7 5]
55362.FQU [2013-11-7 5]
55379.XCW [2013-11-7 5]
55433.YFX [2013-11-7 5]
55865.GRC [2013-11-7 5]
56237.FBK [2013-11-7 5]
56428.JGK [2013-11-7 5]
57405.OTJ [2013-11-7 5]
57868.IWK [2013-11-7 5]
58167.KTK [2013-11-7 5]
58179.SLU [2013-11-7 5]
58590.TNB [2013-11-7 5]
58629.TWH [2013-11-7 5]
58783.AVU [2013-11-7 5]
58823.MQT [2013-11-7 5]
58840.RJP [2013-11-7 5]
59456.CYY [2013-11-7 5]
60259.IRN [2013-11-7 5]
60351.NUK [2013-11-7 5]
60579.EEZ [2013-11-7 5]
60597.KNK [2013-11-7 5]
60694.ITB [2013-11-7 5]
60739.ZPC [2013-11-7 5]
61151.EAK [2013-11-7 5]
61416.KOC [2013-11-7 5]
61723.KLO [2013-11-7 5]
61799.ISR [2013-11-7 5]
62190.PUU [2013-11-7 5]
62927.OXY [2013-11-7 5]
63173.XHN [2013-11-7 5]
63340.BNL [2013-11-7 5]
63419.MSP [2013-11-7 5]
63745.GDG [2013-11-7 5]
64219.SPF [2013-11-7 5]
64550.OZQ [2013-11-7 5]
64649.YLW [2013-11-7 5]
65398.CTQ [2013-11-7 5]
65593.SLD [2013-11-7 5]
65598.BHB [2013-11-7 5]
65763.GIA [2013-11-7 5]
66308.RMI [2013-11-7 5]
66417.PKK [2013-11-7 5]
66540.VAL [2013-11-7 5]
66762.OMX [2013-11-7 5]
67133.JAG [2013-11-7 5]
67614.RQK [2013-11-7 5]
67793.QKD [2013-11-7 5]
67878.VIH [2013-11-7 5]
68231.KGK [2013-11-7 5]
68312.NDE [2013-11-7 5]
68333.LSP [2013-11-7 5]
69075.INQ [2013-11-7 5]
69553.JWH [2013-11-7 5]
70013.RGL [2013-11-7 5]
70298.EJX [2013-11-7 5]
70691.LOH [2013-11-7 5]
70785.LUT [2013-11-7 5]
70982.XNP [2013-11-7 5]
71112.OWL [2013-11-7 5]
71389.DGW [2013-11-7 5]
71834.SML [2013-11-7 5]
72529.QCQ [2013-11-7 5]
72828.NRF [2013-11-7 5]
73408.KPA [2013-11-7 5]
73719.OXD [2013-11-7 5]
73953.HJD [2013-11-7 5]
74234.FDH [2013-11-7 5]
74715.KAU [2013-11-7 5]
74874.HCQ [2013-11-7 5]
75622.WWX [2013-11-7 5]
75889.YRJ [2013-11-7 5]
75958.DDA [2013-11-7 5]
77581.HNW [2013-11-7 5]
77996.IJI [2013-11-7 5]
79531.SFS [2013-11-7 5]
79596.ZOQ [2013-11-7 5]
79650.WPV [2013-11-7 5]
79767.DSG [2013-11-7 5]
79963.RZE [2013-11-7 5]
80391.ZZF [2013-11-7 5]
80433.YHP [2013-11-7 5]
81341.UBD [2013-11-7 5]
81655.QIX [2013-11-7 5]
81971.EHU [2013-11-7 5]
82239.EHX [2013-11-7 5]
82299.AEE [2013-11-7 5]
83026.HKZ [2013-11-7 5]
83352.KIH [2013-11-7 5]
83360.MYS [2013-11-7 5]
84113.KGC [2013-11-7 5]
84693.RKE [2013-11-7 5]
85378.KFX [2013-11-7 5]
85941.STR [2013-11-7 5]
86303.MGZ [2013-11-7 5]
86562.BDQ [2013-11-7 5]
86568.OQW [2013-11-7 5]
87117.OAP [2013-11-7 5]
87653.GIX [2013-11-7 5]
87653.JSV [2013-11-7 5]
88097.WQZ [2013-11-7 5]
88118.PDZ [2013-11-7 5]
88330.YRC [2013-11-7 5]
88390.TPJ [2013-11-7 5]
88766.JYN [2013-11-7 5]
88769.WGA [2013-11-7 5]
89197.VGE [2013-11-7 5]
89269.SPZ [2013-11-7 5]
89528.YGH [2013-11-7 5]
90304.RAC [2013-11-7 5]
91475.MPR [2013-11-7 5]
91540.PQF [2013-11-7 5]
91642.UBR [2013-11-7 5]
92167.LUT [2013-11-7 5]
92436.UVK [2013-11-7 5]
92560.NOM [2013-11-7 5]
92820.RNM [2013-11-7 5]
93631.RDF [2013-11-7 5]
93697.CXK [2013-11-7 5]
93799.BKN [2013-11-7 5]
93852.DKB [2013-11-7 5]
94225.BZX [2013-11-7 5]
94700.JXX [2013-11-7 5]
95011.SKJ [2013-11-7 5]
95214.NVS [2013-11-7 5]
97237.SIK [2013-11-7 5]
97249.RUX [2013-11-7 5]
97338.OIO [2013-11-7 5]
97522.KCP [2013-11-7 5]
97900.GJU [2013-11-7 5]
97919.IEN [2013-11-7 5]
98206.AJE [2013-11-7 5]
98250.LCZ [2013-11-7 5]
99406.DBX [2013-11-7 5]
99663.LWI [2013-11-7 5]
A14029.HIA [2013-11-7 6]
A47997.RTO [2013-11-7 6]
A60997.JLK [2013-11-7 6]
A6134.NON [2013-11-7 5]
A6381.LDL [2013-11-7 5]
A72892.UBQ [2013-11-7 6]
A83106.JHK [2013-11-7 6]
A87298.KCT [2013-11-7 6]
B10882.NDD [2013-11-7 6]
B19173.IIW [2013-11-7 6]
B28451.CAZ [2013-11-7 6]
B36964.XVN [2013-11-7 6]
B48725.OFR [2013-11-7 6]
B54400.XZJ [2013-11-7 6]
B55983.XMI [2013-11-7 6]
B6813.ZXJ [2013-11-7 5]
B70249.KNA [2013-11-7 6]
B75956.SNC [2013-11-7 6]
B93846.JQG [2013-11-7 6]
B94475.LLU [2013-11-7 6]
B96506.IRM [2013-11-7 6]
B97139.CCT [2013-11-7 6]
B97447.ZFA [2013-11-7 6]
C10034.BBU [2013-11-7 6]
C25838.TQN [2013-11-7 6]
C30458.WQP [2013-11-7 6]
C30602.YAJ [2013-11-7 6]
C37803.QKT [2013-11-7 6]
C49880.YIA [2013-11-7 6]
C7196.OCL [2013-11-7 5]
C76323.PMQ [2013-11-7 6]
C82264.CZM [2013-11-7 6]
C97445.ZPB [2013-11-7 6]
D49766.MAO [2013-11-7 6]
D58467.FNM [2013-11-7 6]
D65698.ACB [2013-11-7 6]
D75894.HHU [2013-11-7 6]
D78196.AEK [2013-11-7 6]
D90315.TCC [2013-11-7 6]
D94574.QPN [2013-11-7 6]
E2044.QBA [2013-11-7 5]
E52789.BVM [2013-11-7 6]
E60830.TYW [2013-11-7 6]
E65889.ODN [2013-11-7 6]
E71983.ABF [2013-11-7 6]
E82081.OZT [2013-11-7 6]
E87653.MTT [2013-11-7 6]
E88195.WNI [2013-11-7 6]
E9124.FDP [2013-11-7 5]
E94332.SOE [2013-11-7 6]
E97885.WEN [2013-11-7 6]
F28484.FRX [2013-11-7 6]
F28976.QCZ [2013-11-7 6]
F30552.OBL [2013-11-7 6]
F37638.ORJ [2013-11-7 6]
F49528.MDF [2013-11-7 6]
F60144.HFH [2013-11-7 6]
F65998.OCS [2013-11-7 6]
F70039.KAN [2013-11-7 6]
F85499.JCZ [2013-11-7 6]
F94004.TWB [2013-11-7 6]
G15328.BIJ [2013-11-7 6]
G15841.UMW [2013-11-7 6]
G32511.NNS [2013-11-7 6]
G37354.XDU [2013-11-7 6]
G41045.UYW [2013-11-7 6]
G48721.XJT [2013-11-7 6]
G50295.WIK [2013-11-7 6]
G55400.CXW [2013-11-7 6]
G57943.BCR [2013-11-7 6]
G66656.GMJ [2013-11-7 6]
G92040.KAR [2013-11-7 6]
H36116.FLA [2013-11-7 6]
H36307.DCV [2013-11-7 6]
H43310.RBU [2013-11-7 6]
H44061.SYW [2013-11-7 6]
H51744.BGM [2013-11-7 6]
H75365.FUJ [2013-11-7 6]
H93075.WBY [2013-11-7 6]
I12714.WTD [2013-11-7 6]
I18594.GRV [2013-11-7 6]
I23668.BPL [2013-11-7 6]
I51934.XTT [2013-11-7 6]
I53072.HTY [2013-11-7 6]
I83341.OBU [2013-11-7 6]
I87559.FPC [2013-11-7 6]
I88616.CVI [2013-11-7 6]
J19069.QAZ [2013-11-7 6]
J55172.IIR [2013-11-7 6]
J65259.SYY [2013-11-7 6]
J69607.ZZI [2013-11-7 6]
J71257.KAH [2013-11-7 6]
J79797.AXU [2013-11-7 6]
J87166.FXP [2013-11-7 6]
J97547.AQA [2013-11-7 6]
J98232.ECI [2013-11-7 6]
K21182.FKB [2013-11-7 6]
K49764.IPJ [2013-11-7 6]
K50336.LWW [2013-11-7 6]
K58493.XZF [2013-11-7 6]
K66672.SHT [2013-11-7 6]
K74377.TTN [2013-11-7 6]
K77668.WRR [2013-11-7 6]
K86489.MVO [2013-11-7 6]
K91649.OOT [2013-11-7 6]
L13044.PDQ [2013-11-7 6]
L39151.RZF [2013-11-7 6]
L41412.DPJ [2013-11-7 6]
L43802.JHN [2013-11-7 6]
L54923.ESN [2013-11-7 6]
L6063.VXY [2013-11-7 5]
L71322.RDY [2013-11-7 6]
L77594.ZWA [2013-11-7 6]
L93112.AXU [2013-11-7 6]
L9337.NRH [2013-11-7 5]
L96921.QPN [2013-11-7 6]
L99933.VNA [2013-11-7 6]
M11323.KGI [2013-11-7 6]
M13017.RIU [2013-11-7 6]
M14651.BZK [2013-11-7 6]
M23004.QMA [2013-11-7 6]
M28121.PTO [2013-11-7 6]
M30132.OZA [2013-11-7 6]
M54534.JYG [2013-11-7 6]
M65898.QDV [2013-11-7 6]
M72147.VNY [2013-11-7 6]
M75010.AZN [2013-11-7 6]
M83139.GKY [2013-11-7 6]
M86945.IMJ [2013-11-7 6]
M88992.DXB [2013-11-7 6]
M9393.NYM [2013-11-7 5]
N16609.YSS [2013-11-7 6]
N26925.AEA [2013-11-7 6]
N47132.BRH [2013-11-7 6]
N47271.LAZ [2013-11-7 6]
N54766.USE [2013-11-7 6]
N6015.NMF [2013-11-7 5]
N68858.SMV [2013-11-7 6]
N85986.VBF [2013-11-7 6]
N87261.LHJ [2013-11-7 6]
N88670.RRC [2013-11-7 6]
N8878.GGE [2013-11-7 5]
N91189.RTV [2013-11-7 6]
O19944.LBF [2013-11-7 6]
O21765.AYH [2013-11-7 6]
O4899.ZMI [2013-11-7 5]
O52815.SZR [2013-11-7 6]
O76609.TZQ [2013-11-7 6]
O79334.BLO [2013-11-7 6]
O94690.LXS [2013-11-7 6]
P1335.GZW [2013-11-7 5]
P17002.BOG [2013-11-7 6]
P26710.KMF [2013-11-7 6]
P27883.VMJ [2013-11-7 6]
P31774.PWH [2013-11-7 6]
P44221.KPO [2013-11-7 6]
P6603.FFH [2013-11-7 5]
P94544.GMG [2013-11-7 6]
Q17606.RQE [2013-11-7 6]
Q21886.SSL [2013-11-7 6]
Q42939.JMO [2013-11-7 6]
Q4389.TFI [2013-11-7 5]
Q52199.XDN [2013-11-7 6]
Q54202.WUU [2013-11-7 6]
Q63864.QAD [2013-11-7 6]
Q64480.TLH [2013-11-7 6]
Q67073.IVV [2013-11-7 6]
Q69518.WGY [2013-11-7 6]
Q82067.QWQ [2013-11-7 6]
Q85623.PDJ [2013-11-7 6]
Q97237.OVK [2013-11-7 6]
R11213.KEH [2013-11-7 6]
R39890.VHH [2013-11-7 6]
R41078.ZAF [2013-11-7 6]
R42974.ZTY [2013-11-7 6]
R46034.QRZ [2013-11-7 6]
R52101.DGK [2013-11-7 6]
R5251.NJB [2013-11-7 5]
R5573.KSP [2013-11-7 5]
R68575.KIN [2013-11-7 6]
R75160.RKZ [2013-11-7 6]
S12895.UHW [2013-11-7 6]
S17960.HEW [2013-11-7 6]
S23023.GEF [2013-11-7 6]
S24207.TBQ [2013-11-7 6]
S30238.JZN [2013-11-7 6]
S40360.GJF [2013-11-7 6]
S45741.JPT [2013-11-7 6]
S51357.MXJ [2013-11-7 6]
S68023.XLP [2013-11-7 6]
S82354.PTE [2013-11-7 6]
S84963.LWK [2013-11-7 6]
T13322.JMW [2013-11-7 6]
T18004.VCN [2013-11-7 6]
T2107.FZC [2013-11-7 5]
T37856.FUD [2013-11-7 6]
T42173.ZDB [2013-11-7 6]
T50579.PBE [2013-11-7 6]
T67488.OJB [2013-11-7 6]
T72871.UHW [2013-11-7 6]
T75931.FRV [2013-11-7 6]
T78624.QDE [2013-11-7 6]
T81148.HZL [2013-11-7 6]
T85296.WNX [2013-11-7 6]
T85660.HLK [2013-11-7 6]
T88787.SPQ [2013-11-7 6]
T90878.TEB [2013-11-7 6]
T93839.DJE [2013-11-7 6]
T96974.IUO [2013-11-7 6]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
U21116.HBL [2013-11-7 6]
U40267.MIX [2013-11-7 6]
U44505.HCY [2013-11-7 6]
U51373.LST [2013-11-7 6]
U5933.CFK [2013-11-7 5]
U59611.WXI [2013-11-7 6]
U77035.QJU [2013-11-7 6]
U78077.RZI [2013-11-7 6]
U95963.IKC [2013-11-7 6]
V18717.NHO [2013-11-7 6]
V27168.KHQ [2013-11-7 6]
V42242.BJF [2013-11-7 6]
V48959.RQR [2013-11-7 6]
V49584.NYP [2013-11-7 6]
V5951.JBP [2013-11-7 5]
V85018.FQZ [2013-11-7 6]
V90351.AHT [2013-11-7 6]
W15855.LGA [2013-11-7 6]
W16434.DXY [2013-11-7 6]
W18954.NXH [2013-11-7 6]
W27141.AMH [2013-11-7 6]
W29764.RMC [2013-11-7 6]
W30805.QGT [2013-11-7 6]
W49056.QDP [2013-11-7 6]
W83770.LUQ [2013-11-7 6]
X32796.BYI [2013-11-7 6]
X35376.WCL [2013-11-7 6]
X44123.DZQ [2013-11-7 6]
X44297.LMH [2013-11-7 6]
X54971.JZP [2013-11-7 6]
X5510.LLG [2013-11-7 5]
X60547.EKE [2013-11-7 6]
X79720.PWN [2013-11-7 6]
X93729.ZHZ [2013-11-7 6]
X95242.NSX [2013-11-7 6]
Y21438.XEU [2013-11-7 6]
Y36415.DDT [2013-11-7 6]
Y38659.GBL [2013-11-7 6]
Y51697.QTS [2013-11-7 6]
Y53028.DBZ [2013-11-7 6]
Y57499.RVA [2013-11-7 6]
Y63365.OFA [2013-11-7 6]
Y81213.KIN [2013-11-7 6]
Y83553.HUR [2013-11-7 6]
Z10542.LET [2013-11-7 6]
Z12803.UFS [2013-11-7 6]
Z27869.DGQ [2013-11-7 6]
Z31394.HMI [2013-11-7 6]
Z36479.XNT [2013-11-7 6]
Z39757.ZDR [2013-11-7 6]
Z45661.MEG [2013-11-7 6]
Z46642.GEX [2013-11-7 6]
Z48543.FIT [2013-11-7 6]
Z52021.WAX [2013-11-7 6]
Z52696.XPV [2013-11-7 6]
Z56133.IDJ [2013-11-7 6]
Z71342.DZT [2013-11-7 6]
Z76490.FND [2013-11-7 6]
Z78763.JEM [2013-11-7 6]
Z86376.PEY [2013-11-7 6]
Z87462.KZE [2013-11-7 6]
Z98383.FZF [2013-11-7 6]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 08:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:00]
.
2013-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-17 13:27:26
ComboFix-quarantined-files.txt 2013-11-17 13:27
.
Pre-Run: 187,865,980,928 bytes free
Post-Run: 188,368,183,296 bytes free
.
- - End Of File - - 8F3E351F0DAA5DA0BB2D575D422D1B42
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 17, 2013 at 04:01 PM
Nov 17, 2013 at 04:01 PM
Combofix deleted more malware
How is you system performing now ?
How is you system performing now ?
Crackermatt
Posts
23
Registration date
Friday November 8, 2013
Status
Member
Last seen
November 19, 2013
Nov 17, 2013 at 04:21 PM
Nov 17, 2013 at 04:21 PM
The system itself is performing fine, I've not really had any problems with the performance - apart from I can't open games on the E:\drive (football manager)...and of course everytime I start windows the 200+ windows can't open this file pop up.
