############################## | UsbFix V 7.166 | [Research] User: Fadi (Administrator) # FADI-PC Updated 26/02/2014 by El Desaparecido - Team SosVirus Started at 20:05:56 | 08/03/2014 Website : http://www.en.usbfix.net/ Changelog : http://www.en.usbfix.net/changelog/ Support : http://www.sosvirus.net/ Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.en.usbfix.net/contact/ PC: TOSHIBA (PEQAA) CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz RAM -> [Total : 6052 Mo| Free : 1974 Mo] Bios: TOSHIBA Boot: Normal boot OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1 WB: Windows Internet Explorer : 11.0.9600.16518 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: Norton 360 [(!) Disabled | Updated] AS: Windows Defender [(!) Disabled | (!) Outdated] AS: Norton 360 [Enabled | Updated] FW: Norton 360 [Enabled] FW: Windows FireWall [Enabled] AS: Malwarebytes' Anti-Malware : 1.75.0001 C:\ (%systemdrive%) -> Fixed drive # 450 Gb (4 Mb free - 1%) [TI106151W0F] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [LINABEJJANI] # FAT32 ################## | Active Processes | C:\windows\system32\csrss.exe (ID: 700 |ParentID: 688) C:\windows\system32\wininit.exe (ID: 884 |ParentID: 688) C:\windows\system32\csrss.exe (ID: 904 |ParentID: 892) C:\windows\system32\winlogon.exe (ID: 948 |ParentID: 892) C:\windows\system32\services.exe (ID: 996 |ParentID: 884) C:\windows\system32\lsass.exe (ID: 1008 |ParentID: 884) C:\windows\system32\lsm.exe (ID: 1016 |ParentID: 884) C:\windows\system32\svchost.exe (ID: 896 |ParentID: 996) C:\windows\system32\svchost.exe (ID: 1036 |ParentID: 996) C:\windows\System32\svchost.exe (ID: 1136 |ParentID: 996) C:\windows\System32\svchost.exe (ID: 1180 |ParentID: 996) C:\windows\system32\svchost.exe (ID: 1220 |ParentID: 996) C:\windows\system32\svchost.exe (ID: 1252 |ParentID: 996) C:\windows\system32\svchost.exe (ID: 1388 |ParentID: 996) C:\windows\system32\svchost.exe (ID: 1504 |ParentID: 996) C:\windows\system32\WLANExt.exe (ID: 1600 |ParentID: 1180) C:\windows\system32\conhost.exe (ID: 1608 |ParentID: 700) C:\windows\system32\svchost.exe (ID: 1700 |ParentID: 996) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe (ID: 1796 |ParentID: 996) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (ID: 1912 |ParentID: 996) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 1960 |ParentID: 996) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 1420 |ParentID: 996) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (ID: 1200 |ParentID: 996) C:\windows\system32\taskhost.exe (ID: 2096 |ParentID: 996) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (ID: 2104 |ParentID: 1912) C:\windows\system32\Dwm.exe (ID: 2164 |ParentID: 1180) C:\windows\Explorer.EXE (ID: 2268 |ParentID: 2144) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe (ID: 2756 |ParentID: 1796) C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe (ID: 3308 |ParentID: 996) C:\windows\system32\svchost.exe (ID: 4180 |ParentID: 996) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 4700 |ParentID: 2268) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 4708 |ParentID: 2268) C:\Windows\System32\hkcmd.exe (ID: 4716 |ParentID: 2268) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 4728 |ParentID: 2268) C:\Program Files\TOSHIBA\TBS\HSON.exe (ID: 4736 |ParentID: 2268) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (ID: 4744 |ParentID: 2268) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (ID: 4780 |ParentID: 4752) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4960 |ParentID: 4728) C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe (ID: 1792 |ParentID: 4744) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2768 |ParentID: 996) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4648 |ParentID: 996) C:\windows\System32\svchost.exe (ID: 2032 |ParentID: 996) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 1076 |ParentID: 996) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 4480 |ParentID: 996) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (ID: 3972 |ParentID: 996) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 1736 |ParentID: 4480) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 2560 |ParentID: 996) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 2660 |ParentID: 2560) C:\windows\system32\conhost.exe (ID: 4880 |ParentID: 904) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ID: 1564 |ParentID: 4628) C:\windows\system32\svchost.exe (ID: 5400 |ParentID: 996) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 5244 |ParentID: 996) C:\Program Files (x86)\ClipX\clipx.exe (ID: 5648 |ParentID: 2756) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 1304 |ParentID: 996) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe (ID: 5288 |ParentID: 6452) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7044 |ParentID: 2268) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7144 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5596 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7780 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6452 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6176 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5972 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6608 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6068 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7708 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7460 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7092 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4884 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7508 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7660 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6728 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2120 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7960 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7576 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4216 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6168 |ParentID: 7044) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (ID: 6836 |ParentID: 896) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6244 |ParentID: 7044) C:\Users\Fadi\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2872 |ParentID: 7044) C:\windows\System32\WUDFHost.exe (ID: 2692 |ParentID: 1180) C:\windows\system32\wbem\wmiprvse.exe (ID: 768 |ParentID: 896) ################## | Regedit Run | 04 - HKLM\..\Run : [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM 04 - HKLM\..\Run : [] 04 - HKLM\..\RunOnce : [] 04 - HKLM64\..\Run : [] 04 - HKLM64\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 04 - HKLM64\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s 04 - HKLM64\..\Run : [HotKeysCmds] C:\windows\system32\hkcmd.exe 04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe 04 - HKLM64\..\Run : [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe 04 - HKLM64\..\Run : [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ################## | Generic Research | Found ! F:\~WRL0001.lnk Found ! F:\~$P&ANS.lnk Found ! F:\~$DDX.lnk Found ! F:\PS Lina.lnk Found ! F:\Final_Home_Visits_proposal.lnk Found ! F:\PS_Lina[1].lnk Found ! F:\.lnk Found ! F:\algorithms_hist_07.lnk Found ! F:\~$PBL 2.lnk Found ! F:\WMPInfo.lnk Found ! F:\~$07- Cranial Nerves.lnk Found ! F:\~$METABOLIC ACIDOSIS 1.lnk Found ! F:\~$Vesicouretral reflux.lnk Found ! F:\~$Sickle Cell Disease (Last).lnk Found ! F:\~$Sickle Cell Disease (Neo).lnk Found ! F:\~$Dyslipidemias.lnk Found ! F:\~$ylp final.lnk Found ! F:\Enterococcus faecalis.lnk Found ! F:\~$09- Primary Glomerular Diseases.lnk Found ! F:\~$Copy of YLP1.lnk Found ! F:\~$CEREBRAL COMUNICATION AND ASSYMETRY.lnk Found ! F:\~$HEAD TRAUMA.lnk Found ! F:\~$data entry1.lnk Found ! F:\Final final proposal.lnk Found ! F:\~$YLP POWER POINT LAST DRAFT.lnk Found ! F:\~$Moussa copy.lnk Found ! F:\~$12-inflasomes.lnk Found ! F:\~$C Sci 18 TREATMENT OF GLOMERULONEPHRITIS.lnk Found ! F:\~$13-gout and other crystal diseases.lnk Found ! F:\~$ETIOLOGIES OF ESRD.lnk Found ! F:\~$MedIV Courses Table-2012-2013.lnk Found ! F:\Subsequent management of peritonitis.lnk Found ! F:\~$PBL10 Etiology and pathophysiology of depression.lnk Found ! F:\ISPD PD related infections recommendations 2010 update.lnk Found ! F:\~$Morbidity_&_Mortality[1].lnk Found ! F:\Pediatrics Urinary Tract Infections.lnk Found ! F:\~$Labial Adhesion.lnk Found ! F:\Autorun.inf.lnk Found ! F:\.Trashes.lnk Found ! F:\.fseventsd.lnk Found ! F:\.Spotlight-V100.lnk Found ! C:\Users\Fadi\AppData\Local\dt.dat ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0 Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0 ################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |