Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed analyzing internet disconections


  • Please log in to reply
29 replies to this topic

#1 sl888y5

sl888y5

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 12 June 2016 - 04:57 PM

Hello everyone,My name is Shai

 

Hopefully this is the correct site and forum to find solution to a long and painful problem i experience surfing the internet with my computer.it looks like i have reached the heaven of problem solving :).

 

I'm experiencing this problem for over a year,it started with a damage to the router setup ( ISP reported there are a lot of connection requests from the router, one every 20 seconds ), after that was solved an damage to the LAN  adapter driver was found, when that was solved the disconnections are taken place with out any LAN indication.the only thing that i can see is a lot of disconnections from a chat I'm taking part in, on several sites and that Skype is also disconnect when the chats rooms are.video streams are been paused and more.

that brought me to the conclusion, I'M BEEN HACKED.

As i saw it , i was hacked by a hacker using the Adobe flash player.

 

The computer setup:

hardware:

Toshiba satellite L850 model PSKDLE

software:

OS:windows 7 home premium SP1 64bit.

Browser:Firefox 47.0

 

there are:

hjt log.

Wire shark sniffer log

screen shot of ip conflict  at my network

ipconfig /all output

arp output

 

what i have done:

 

Adode flash mms.cfg file is configured as follow:

 

SilentAutoUpdateEnable=0
AutoUpdateDisable=0
ProtectedMode=1
DisableHardwareAcceleration=1
DisableProductDownload=1
FileDownloadDisable=1
FileUploadDisable=1
LocalFileReadDisable=1
AllowUserLocalTrust=0
UseWAVPlayer=1

 

please help

shai



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 13 June 2016 - 04:32 PM

A

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply


Edited by InadequateInfirmity, 13 June 2016 - 04:32 PM.


#3 sl888y5

sl888y5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 19 June 2016 - 03:24 PM

thank you a lot, will be done



#4 sl888y5

sl888y5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 19 June 2016 - 07:54 PM

The logs:

 

 

# AdwCleaner v5.200 - Logfile created 19/06/2016 at 23:34:54
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-14.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : shai - SHAI-TOSH
# Running from : C:\Users\shai\Downloads\instracted\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\Partner

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [993 bytes] - [19/06/2016 23:34:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [1030 bytes] - [19/06/2016 23:32:35]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1138 bytes] ##########


**********************************************************************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by shai (Administrator) on Sun 06/19/2016 at 23:38:14.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 20

Successfully deleted: C:\Users\shai\AppData\Local\{3A5A8355-0CD8-4EC1-A312-356BC0C6B6CC} (Empty Folder)
Successfully deleted: C:\Users\shai\AppData\Local\{72EC21A0-C6BC-4C32-8004-3BB158460E60} (Empty Folder)
Successfully deleted: C:\Users\shai\AppData\Local\{9AF57664-EED9-4567-AAAD-9FFBA86EB39F} (Empty Folder)
Successfully deleted: C:\Users\shai\AppData\Local\{A8452F99-2194-4698-8D5B-81D18A6D9CA6} (Empty Folder)
Successfully deleted: C:\Users\shai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D82G1E3H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWZ385W2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCKNKUCR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN3957J0 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D82G1E3H (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWZ385W2 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCKNKUCR (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN3957J0 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/19/2016 at 23:40:17.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**************************************************************************************************************************


~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13)
~ Run by shai (Administrator)  (19/06/2016 23:56:22)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : No network file
~ Type : Repair
~ Report : C:\Users\shai\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\shai\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (1)
MOVED folder: C:\windows\Installer\MSI93E9.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (1)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 1619
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 2


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-19062016-23_56_57.txt
ZHPCleaner-[S]-19062016-23_56_05.txt



*****************************************************************************************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2016_06_19_23_42_00
OS: Windows 7 Home Premium - x64 Bit
Account Name: shai
Adware Definition: 06172016
Elapsed time: 06:17
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\


No results found
******************************************************************************************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2016_06_19_23_42_00
OS: Windows 7 Home Premium - x64 Bit
Account Name: shai
Adware Definition: 06172016
Elapsed time: 06:17
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\


No results found
*******************************************************************************************************************************************
Zemana AntiMalware 2.21.2.15 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/20
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i3-2350M CPU @ 2.30GHz
BIOS Mode              : Legacy
CUID                   : 126FF104C8CC2D59D004E9
Scan Type              : Deep Scan
Duration               : 13m 2s
Scanned Objects        : 120529
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects
*********************************************************************************************************************************************
 



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 19 June 2016 - 08:08 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#6 sl888y5

sl888y5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 20 June 2016 - 05:20 PM

-|x| RstHosts v2.0 - Rapport cr?? le 21/06/2016 ? 00:49:00
-|x| Syst?me d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
-|x| Nom d'utilisateur : shai - SHAI-TOSH (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propri?taire : Administrators - BUILTIN
Taille : 89 bytes
Date de cr?ation : 14/07/2009 - 05:34:48
Date de modification : 20/06/2016 - 23:59:38
Date de dernier acc?s : 20/06/2016 - 23:59:38

-|x|- Contenu du fichier -|x|-

# Fichier Hosts cr?? par RstHosts

127.0.0.1       localhost
::1             localhost

-|x|- E.O.F - C:\RstHosts.txt - 624 bytes -|x|-
************************************************************************************************














¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_13.06.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 00:04:08

Updated 13/06/2016 | 18.25 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[shai (Administrator)] - [SHAI-TOSH]
SID = S-1-5-21-2586114158-3974425417-932257911-1000

Boot: Normal boot
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
ProcessorNameString : Intel® Core™ i3-2350M CPU @ 2.30GHz
Identifier : Intel64 Family 6 Model 42 Stepping 7
CoreTemp : 82 Celsius - Max : 125 Celsius

Memory RAM = Total (MB) : 4153 | Free (MB) : 1994
Pagefile = Total (MB) : 8304 | Free (MB) : 5638
Virtual = Total (MB) : 4194 | Free (MB) : 4046

¤¤¤¤¤¤¤¤¤¤ # Components of starting up

C:\windows\Setup\Scripts\B2C.txt
C:\windows\Setup\Scripts\labelc2rdrive.exe
C:\windows\Setup\Scripts\labelc2rdrive.exe.config
C:\windows\Setup\Scripts\SetupComplete.cmd

¤¤¤¤¤¤¤¤¤¤¤ # Drives

C:\-> [Fixed] | [TI30880700C] | Total : 580 Go | Free : 528.95 Go -> NTFS [ATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates

Last detection : 2016-06-20 18:15:06
Downloaded last ones : 2016-06-20 18:56:55
Next search : 2016-06-21 15:20:18

Microsoft : +


¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\shai

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [21.06.2016 @ 00_01_33])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 9.0.8112.16421     (© Microsoft Corporation.)
FF : 47.0.0.5999     (©Firefox and Mozilla Developers; available under the MPL 2 license.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 11.2.202.228
Plugin : 21.0.0.242

���������� # Security

AM : Malwarebytes Anti-Malware   (2.3.173.0)     []
FW : ESET Personal firewall Enabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Auto(2)] = Running
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1056 | [Owner : SYSTEM |Parent : 796] - (.AMD - AMD External Events Service Module.) - (6.14.11.1114) = C:\Windows\System32\atiesrxx.exe
1544 | [Owner : SYSTEM |Parent : 1056] - (.AMD - AMD External Events Client Module.) - (6.14.11.1114) = C:\Windows\System32\atieclxx.exe
1676 | [Owner : SYSTEM |Parent : 796] - (. - GFNEXSrv.) - (1.0.0.12) = C:\Windows\System32\GFNEXSrv.exe
1852 | [Owner : SYSTEM |Parent : 796] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
2008 | [Owner : SYSTEM |Parent : 796] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.802.11.4130) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1292 | [Owner : SYSTEM |Parent : 796] - (.Intel® Corporation - Intel® Capability Licensing Service Interface.) - (1.23.605.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
1500 | [Owner : SYSTEM |Parent : 796] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2168 | [Owner : SYSTEM |Parent : 796] - (.Intel Corporation - Intel® Dynamic Application Loader Host Interface.) - (8.0.3.1427) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
2492 | [Owner : SYSTEM |Parent : 796] - (.TOSHIBA Corporation - TDCSrv Application.) - (1.0.0.8) = C:\Windows\System32\TODDSrv.exe
2556 | [Owner : SYSTEM |Parent : 796] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.5) = C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2724 | [Owner : SYSTEM |Parent : 796] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2888 | [Owner : SYSTEM |Parent : 2724] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2984 | [Owner : SYSTEM |Parent : 356] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe
756 | [Owner : SYSTEM |Parent : 796] - (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) - (1.3.0.0) = C:\Program Files\TOSHIBA\TECO\TecoService.exe
3936 | [Owner : SYSTEM |Parent : 796] - (.Microsoft Corporation - Windows Modules Installer.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe
3536 | [Owner : shai |Parent : 796] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.17514) = C:\Windows\System32\taskhost.exe
2716 | [Owner : NETWORK SERVICE |Parent : 796] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe
3584 | [Owner : shai |Parent : 4036] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\SysWOW64\rundll32.exe
4160 | [Owner : shai |Parent : 3332] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.0.770) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4500 | [Owner : shai |Parent : 3332] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) - (15.3.38.2) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4616 | [Owner : shai |Parent : 3332] - (.SRS Labs, Inc. - SRS Control Panel.) - (1.7.15.0) = C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
4692 | [Owner : shai |Parent : 3332] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.7) = C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
4872 | [Owner : shai |Parent : 3332] - (.TOSHIBA Corporation - TOSHIBA Flash Cards Main Module.) - (1.0.14.64) = C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
5012 | [Owner : shai |Parent : 3332] - (.TOSHIBA Corporation - TOSHIBA eco Utility.) - (1.3.0.0) = C:\Program Files\TOSHIBA\TECO\Teco.exe
5004 | [Owner : shai |Parent : 3332] - (.Toshiba Europe GmbH - Toshiba TEMPRO.) - (3.3.5.0) = C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
4472 | [Owner : shai |Parent : 3332] - (.TOSHIBA - TOSHIBA Online Product Information.) - (4.1.0.0) = C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
5096 | [Owner : shai |Parent : 4844] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (15.3.38.2) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5044 | [Owner : shai |Parent : 3332] - (.TOSHIBA CORPORATION. - Bluetooth Manager.) - (9.0.0.7) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
1484 | [Owner : shai |Parent : 3332] - (.Toshiba - Toshiba Places Icon Utility.) - (1.1.1.4) = C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
3328 | [Owner : shai |Parent : 3332] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
364 | [Owner : shai |Parent : 4808] - (.Intel Corporation - Intel® USB 3.0 Monitor.) - (1.0.0.120) = C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
4420 | [Owner : shai |Parent : 1100] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (2.0.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1392 | [Owner : shai |Parent : 4808] - (.TOSHIBA Corporation - TOSHIBA Service Station.) - (2.2.0.1) = C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
4152 | [Owner : shai |Parent : 4808] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
5068 | [Owner : shai |Parent : 4808] - (.Wondershare - Wondershare Studio.) - (2.3.5.0) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
4900 | [Owner : SYSTEM |Parent : 796] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
5660 | [Owner : SYSTEM |Parent : 796] - (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) - (7.1.406.0) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
5888 | [Owner : shai |Parent : 4420] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (3.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5780 | [Owner : shai |Parent : 5044] - (.TOSHIBA CORPORATION - TosLeSrvUseMng.) - (9.0.0.10) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
5460 | [Owner : shai |Parent : 356] - (.TOSHIBA CORPORATION - .) - (9.0.0.8) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe
5760 | [Owner : shai |Parent : 5044] - (.TOSHIBA CORPORATION - TosLeSrvProvider.) - (9.0.0.12) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
6120 | [Owner : shai |Parent : 5044] - (.TOSHIBA CORPORATION. - TosA2DP.) - (8.0.0.0) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
5532 | [Owner : shai |Parent : 5044] - (.TOSHIBA CORPORATION. - TosBtHid.) - (8.0.0.0) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
5852 | [Owner : shai |Parent : 5044] - (.TOSHIBA CORPORATION. - TosBtHSP.) - (8.0.0.0) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
3456 | [Owner : shai |Parent : 5044] - (.TOSHIBA CORPORATION. - TosAVRC.) - (8.0.0.0) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
5148 | [Owner : shai |Parent : 5044] - (.TOSHIBA CORPORATION. - tosOBEX.) - (8.0.0.2) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
6476 | [Owner : shai |Parent : 5148] - (.TOSHIBA CORPORATION. - Bluetooth Information Exchanger.) - (8.0.0.7) = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
6700 | [Owner : SYSTEM |Parent : 796] - (.Intel Corporation - Local Manageability Service.) - (8.0.3.1427) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
6844 | [Owner : SYSTEM |Parent : 796] - (.Nero AG - NeroUpdate.) - (11.0.27.0) = C:\Program Files (x86)\Nero\Update\NASvc.exe
1152 | [Owner : LOCAL SERVICE |Parent : 796] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
6588 | [Owner : SYSTEM |Parent : 796] - (.Intel Corporation - User Notification Service.) - (8.0.3.1427) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
4264 | [Owner : SYSTEM |Parent : 796] - (.TOSHIBA Corporation - TSS TMachInfo Service.) - (3.0.0.0) = C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
4084 | [Owner : SYSTEM |Parent : 796] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.17) = C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
5544 | [Owner : SYSTEM |Parent : 796] - (.TOSHIBA Corporation - TosSmartSrv.exe.) - (1.1.0.8) = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
3096 | [Owner : shai |Parent : 5112] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.10) = C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
5372 | [Owner : shai |Parent : 4676] - (.TOSHIBA Corporation - TosSENotify.exe.mui.) - (1.0.64.16) = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
5600 | [Owner : shai |Parent : 1236] - (.Microsoft Corporation - Windows Update.) - (7.6.7600.320) = C:\Windows\System32\wuauclt.exe
4612 | [Owner : shai |Parent : 936] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
4704 | [Owner : shai |Parent : 4612] - (.Mozilla Corporation - Firefox.) - (47.0.0.5999) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6272 | [Owner : shai |Parent : 1988] - (.Microsoft Corporation - Notepad.) - (6.1.7600.16385) = C:\Windows\SysWOW64\notepad.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine


¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !



Safeboot Minimal Subkeys : O.K !



Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center




¤¤¤¤¤¤¤¤¤¤ # Services


Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer


¤¤¤¤¤¤¤¤¤¤ # reparsepoint



¤¤¤¤¤¤¤¤¤¤ # Offsets


¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry




¤¤¤¤¤¤¤¤¤¤ # ADS


Prefetch -> cleaned



���������� | Hidden files

~ [Windows] : Hidden : 9 | Restored : 9


¤¤¤¤¤¤¤¤¤¤ # Drives

 Disk: 0   Size=610G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    27-UNKNWN  1.5G   Yes   No         2,048    3,072,000
  1    1    07-NTFS    594G   No    No     3,074,048  216,348,160

¤¤¤¤¤¤¤¤¤¤

Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1

End : 00:26:46


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 217


9 lab can not update with no firewall turned on for over then 9 minutes

 

cooling vent is working non stop

 

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 128.39590

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.0.8112.16421
shai :: SHAI-TOSH

21/06/2016 01:08:21
9lab-log-2016-06-21 (01-08-21).txt

Scan type: Full
Objects scanned: 15
Time Elapsed: 9 m 25 s
 

 

 

 



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 20 June 2016 - 05:28 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#8 sl888y5

sl888y5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 20 June 2016 - 09:25 PM

This keeps popping in: log file name - 2016.06.21-05.15.33-i2-t92-d1.txt

Is it got to do with our testing?

 

Zemana AntiMalware 2.21.2.15 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/21
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i3-2350M CPU @ 2.30GHz
BIOS Mode              : Legacy
CUID                   : 126FF104C8CC2D59D004E9
Scan Type              : Scheduled Scan
Duration               : 4m 49s
Scanned Objects        : 10945
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 766A994EC7B4B9770833001F922F0E7D
Publisher          : -
Size               : 89
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - Hosts file is hidden
                File - %systemroot%\system32\drivers\etc\hosts


Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0


Detected Objects
-------------------------------------------------------

Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 766A994EC7B4B9770833001F922F0E7D
Publisher          : -
Size               : 89
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - Hosts file is hidden
                File - %systemroot%\system32\drivers\etc\hosts

 


Edited by sl888y5, 20 June 2016 - 09:27 PM.


#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 20 June 2016 - 09:38 PM

Host file is fine, this can be ignored. :)



#10 sl888y5

sl888y5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 20 June 2016 - 10:24 PM

thank you,

i'm off to work,be posting the results later at night( in 16 hours).

Again, thank you for your time an effort

shai



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 21 June 2016 - 06:30 AM

Alright. :thumbup2:



#12 sl888y5

sl888y5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 21 June 2016 - 02:06 PM

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 128.39590

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.0.8112.16421
shai :: SHAI-TOSH

21/06/2016 20:09:39
9lab-log-2016-06-21 (20-09-39).txt

Scan type: Full
Objects scanned: 37541
Time Elapsed: 23 m 46 s

Files detected: 14
[3688374325B992DEF12793500307566D] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\Quarantine\hosts]
[BF210C304A0A36E5640845D7FD0A158B] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\Tempo.txt]
[446A99CCE5D0B885DBEEA735A9806FBC] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\Trace.txt]
[539CB926F9B22BB70614FB2BD9F31E0C] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\ZHPCleaner-[R]-19062016-23_56_57.txt]
[26751CF303424B5160FDA597C2B7F6CB] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\ZHPCleaner-[S]-19062016-23_56_05.txt]
[D724AC53A4D8A14E4E941C984F9DECFA] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[9F7232E0C39578DE94FE75ED12368B1E] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
[6512DCAA17D9EEA6E09F05456D654749] Trojan.FPL.Rotbrow.vb [c:\users\shai\appdata\roaming\ZHP\ZHPQ_Files.txt]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\AdsFix\smss.exe]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\Pre_Scan\smss.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\shai\Desktop\instructed\rsthosts_2.0.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\shai\Downloads\instructed\rsthosts_2.0.exe]
[58F7AE008538E3867A327956390D0470] Malware.Win32.Gen.cc!s1 [C:\Users\shai\Downloads\instructed\ZHPCleaner-2015.8.13.324.exe]

 

 

************************************************************************************************************************************************************************************************

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/06/2016
Scan Time: 20:40
Logfile: mawlware.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.21.05
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: shai

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300031
Time Elapsed: 22 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

***************************************************************************************************************************************************************************************************

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by shai (administrator) on 21-06-2016 at 21:43:39
Running from "C:\Users\shai\Desktop\instructed"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: SATELLITE L850 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Atheros AR9485WB-EG Wireless Network Adapter = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Wireless Network Connection" nexthop=192.168.1.1 publish=Yes
add address name="Local Area Connection" address=192.168.1.30 mask=255.255.255.0
add address name="Wireless Network Connection" address=192.168.1.31 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : shai-TOSH
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 4C-72-B9-0A-D3-BC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.30(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 91.205.152.204
                                       91.205.152.174
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0E329A0E-78FC-4B02-B374-7469BD29AC37}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  ns-cache1.018.net.il
Address:  91.205.152.204

Name:    google.com
Addresses:  2a00:1450:400d:802::200e
      5.102.252.245
      5.102.252.210
      5.102.252.217
      5.102.252.224
      5.102.252.237
      5.102.252.231
      5.102.252.251
      5.102.252.216
      5.102.252.230
      5.102.252.223
      5.102.252.244
      5.102.252.238


Pinging google.com [5.102.252.224] with 32 bytes of data:
Reply from 5.102.252.224: bytes=32 time=9ms TTL=56
Reply from 5.102.252.224: bytes=32 time=8ms TTL=56

Ping statistics for 5.102.252.224:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 8ms, Maximum = 9ms, Average = 8ms
Server:  ns-cache1.018.net.il
Address:  91.205.152.204

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=181ms TTL=47
Reply from 98.138.253.109: bytes=32 time=178ms TTL=47

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 178ms, Maximum = 181ms, Average = 179ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...4c 72 b9 0a d3 bc ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.30    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.30    276
     192.168.1.30  255.255.255.255         On-link      192.168.1.30    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.30    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.30    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.30    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/21/2016 06:32:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2016 05:12:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2016 12:44:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 10:15:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 05:13:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 12:30:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 12:10:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2016 11:36:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2016 11:35:54 PM) (Source: TOSHIBA Service Station) (User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.

Error: (06/19/2016 07:50:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/21/2016 08:49:30 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (06/21/2016 08:49:30 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\shai\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/21/2016 08:49:29 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (06/21/2016 08:49:29 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\shai\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/21/2016 08:49:29 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (06/21/2016 08:49:29 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\shai\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/21/2016 08:49:29 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (06/21/2016 08:49:29 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\shai\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/21/2016 08:49:28 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (06/21/2016 08:49:28 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\shai\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (06/21/2016 06:32:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2016 05:12:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2016 12:44:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 10:15:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 05:13:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 12:30:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 12:10:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2016 11:36:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2016 11:35:54 PM) (Source: TOSHIBA Service Station)(User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.

Error: (06/19/2016 07:50:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F856881A-D370-B1A7-2AFF-128F4AA93558}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.12 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Smart Security (HKLM\...\{0C26C0D5-9A65-45B6-83CE-AF5105212A06}) (Version: 9.0.375.0 - ESET, spol. s r.o.)
FileZilla Client 3.18.0 (HKCU\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
High-Definition Video Playback (HKLM-x32\...\{9193490D-5229-4FC4-9BB9-A6D63C09574A}) (Version: 11.1.10500.2.65 - Nero AG) Hidden
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iSpy (HKLM-x32\...\{8DF5ADAD-9BD0-4EDB-A80A-144C38D5F104}) (Version: 6.5.3.0 - DeveloperInABox)
iSpy package installer (HKLM-x32\...\{dcef8a3c-ff41-4d96-9050-05b3b7a8df5c}) (Version: 6.5.3.0 - DeveloperInABox)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Nero 11 Essentials (HKLM-x32\...\{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}) (Version: 11.0.00300 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.39 - TOSHIBA Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
welcome (HKLM-x32\...\{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}) (Version: 11.0.22500.0.0 - Nero AG) Hidden
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.7 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, http://www.wireshark.org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.15 - Zemana Ltd.)
גלריית התמונות של Windows Live (HKLM-x32\...\{CE929F09-3853-4180-BD90-30764BFF7136}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)

========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 4055.8 MB
Available physical RAM: 900.53 MB
Total Virtual: 8109.79 MB
Available Virtual: 3890.43 MB

========================= Partitions: =====================================

1 Drive c: (TI30880700C) (Fixed) (Total:580 GB) (Free:528.1 GB) NTFS

========================= Users: ========================================

User accounts for \\SHAI-TOSH

Administrator            Guest                    shai                     
znawxvdpd                


**** End of log ****

*******************************************************************************************************************************************************************************

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 21.06.2016 21:45:21
Path starting: C:\Users\shai\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: shai
VersionXML: 3.10is-21.06.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 19.05.2016 20:16:01
LicenseStatus: Windows® 7, HomePremium edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [580 Gb] Used: [51.9 Gb] Free: [528.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 9.0.8112.16421 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2016-06-20 22:22:18
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.4763.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
ESET Smart Security 9.0.375.0 (disabled and out of date)
---------------------------- [ Firewall_WMI ] -----------------------------
ESET Personal firewall (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and out of date)
ESET Smart Security 9.0.381.0 (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Smart Security v.9.0.375.0
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.21.15
--------------------------- [ OtherUtilities ] ----------------------------
FileZilla Client 3.18.0 v.3.18.0
7-Zip 15.14 v.15.14 Warning! Download Update
Uninstall old version and install new one.
VLC media player v.2.2.2 Warning! Download Update
Wireshark 1.12.7 (32-bit) v.1.12.7 Warning! Download Update
Microsoft Silverlight v.4.0.50401.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.23 v.7.23.105 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java™ 6 Update 30 v.6.0.300 Warning! This software is no longer supported. Please uninstall it and use Java SE 8.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 11 ActiveX 64-bit v.11.2.202.228 Warning! Download Update
Adobe Flash Player 21 NPAPI v.21.0.0.242 Warning! Download Update
Adobe Shockwave Player 12.0 v.12.0.0.112 Warning! Download Update
Adobe Reader X (10.1.16) MUI v.10.1.16 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 47.0 (x86 en-US) v.47.0
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.15.4.3502.0922
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.47.0.0.5999
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\ESET\ESET Smart Security\egui.exe v.9.0.376.0
ESET Service (ekrn) - The service is running
C:\Program Files\ESET\ESET Smart Security\ekrn.exe v.9.0.376.1
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
MBAMScheduler (MBAMScheduler) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.7.0
MBAMService (MBAMService) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
Windows Defender (WinDefend) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
----------------------------- [ End of Log ] ------------------------------
 

*********************************************************************************************************************************************************************

Eset log

C:\Users\shai\Downloads\adobe-shockwave-player-12-0-0-112-Shockwave_Installer_Full.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
 

 


Edited by sl888y5, 21 June 2016 - 02:10 PM.


#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 21 June 2016 - 02:53 PM

Remove the programs below with D-Uninstaller. If you have issues removing with D-uninstaller then use Geek Uninstaller.

 

 

Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.39 - TOSHIBA Corporation)


Edited by InadequateInfirmity, 21 June 2016 - 02:54 PM.


#14 sl888y5

sl888y5
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 21 June 2016 - 03:36 PM

Hi,

Are all infected?



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 AM

Posted 21 June 2016 - 03:40 PM

Hi,

Are all infected?

 

 

No just useless, and some are outdated. The useless ones run on your machine and slow things down in general.

 

Also, to boost your internet speeds, and stop the disconnections.... See below.

 

 

Disable IPV6

 

https://support.microsoft.com/en-us/kb/929852

 

 

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.




Change some settings.



Use this tool to remove the Tunnel adapters.





Disable Computer Browser Service



1. Press the Windows + R key at the same time, a Run Window will appear

2. Type or copy and paste Services.msc hit enter.

3. Scroll to the Computer Browser Service

4. Right-Click Computer Browser Service and choose Stop the service.

5. Right Click Computer Browser Service again select Properties.

6. Change the Startup type to disabled.

8cPC1j3.png
7. Hit Apply then Ok.





Uninstall Netbt Driver.



1. Press the Windows + R key at the same time, a Run Window will appear.

2. Now enter or copy and paste devmgmt.msc in the Run Window and click on OK

3. Click on View and select Show Hidden Devices

Crp3oNM.png



4. Then click on and unfold Non-Plug and Play Driver

27sS1dS.png




5. Then find NET BT, Right-click the device and choose to Uninstall the Driver.

6. Reboot your device when asked.





Hit enter after each command.




1. Open Start and type cmd, then right-click Command Prompt and choose Run as Administrator

2. Once Command Prompt has started enter the following command. nbtstat -R

3. Wait for that command to complete, a new line will appear, now enter the following command. nbtstat -RR

4 Wait for that command to complete, a new line will appear, now enter the following command. Shutdown – R


Disable netbios over tcpip.

 

 

Windows key & r at the same time.
Type or copy and paste ncpa.cpl hit enter.
Right click your connection hit properties.
Select internet protocol version 4 then properties.
Select Advanced, then Wins tab.
Put a tick next to Disable Net Bios over TCPIP.

 

 

 

Use DNS Jumper to set your dns to google dns.

 

http://www.sordum.org/7952/dns-jumper-v2-0/

 

 

Please post a fresh minitoolbox log after this.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users