# Program files/Toshiba/tosapins/comps1 folder?? NEEDED???



## graham112233 (Nov 25, 2009)

Hi guys,

First off, great site. As I have read through many threads, you have helped millions!!! Kudos..

Anyway, to the issue. I ran Avast, and it pointed out one file that stated it was a decopression bomb. Now I read your thread on this issue, so I understand it may be just a bunch of files that are zipped into one another, and it is a huge file as is, I have no intention of uinzipping it. Here is my problem, I have a neighbor where I live, he is obviously a hacker and my last lap top (an HP) up and died all of a sudden. Now I put intermediate as my level of expertise, however I have a bachelors in Computer Science, and am starting my masters in one of the IT fields shortly. MY question is, do you know what the Program files/Toshiba/tosapins/comps1 folder is for?? I assume it is to run all the toshiba junk (ie. face recognition, configfree, etc) which most I do not use. I first of all wanted to know if I should delete the file that Avast stated was a decompression bomb??? And secondly, this guy (a neighbor) is a hacker, I try to locate him and all my logs wont show his MAC as correct, it trace routes to somewhere else in the World... SO lets just say he is obviously not using his own MAC, I would think. I need a way to try and locate him, I have tried my router log, however even after setting security features with password, he is getting into it somehow. I assume either my roommate, or my computer had a keylogger, and trojan in one of them (laptops), we both have scanned and found at least 3 trojans and I found 2 loggers in the Registry. Any Idea's or known software's that I can use to catch this guy, I know his SSID, but he usually broadcasts without one. I am wondering if he got into my puter, if he could initiate the decomprssion of the file, and stop my system from starting again??? Also, if I was able to get his correct MAC, and proof of him breaking into our home network, in our state it is a felony to even break into a "home network" and put just one file into a computer, I just need proof of what he is doing, any ideas???/
(sorry for length of post and amount of questions)
Thanks again...


----------



## graham112233 (Nov 25, 2009)

Sorry about posting this three times, my highspeed connection keeps dropping me...


----------



## bp936 (Oct 13, 2003)

Welcome to TSG

I have 2 Toshibas, but can't find anything resembling the files, folder, that you mention.

If you got a degree in computer science, you should be able to figure out what you want to do.
If Avast found something, I would immediately delete that file.

Whenever you post, check if it is on the board, before you post again, I know, one can get kicked out and doublepost, but 4x times is a lot, you should have noticed it, stuff like this will help you with your computer science and a job.

Without sitting in front of your computer and checking out everything and every log, it might be hard to prove, if your neighbour has broken into your network. I assume if he logs off, nothing would show, so you have to catch him in the act.


----------



## Phantom010 (Mar 9, 2009)

*Decompression bomb*

It can be more serious than you think...

You might need to click on the *Report* button and kindly ask to be moved to the *Malware Removal* forum.

And,

Please click *here* to download and install the *HijackThis installer*. ​
Run it and select *Do a system scan and save a logfile*.

The log will be saved in Notepad. Copy and paste the log in your next post.

*Do not fix anything*​


----------



## graham112233 (Nov 25, 2009)

The 2 toshibas you have are probably older (9 months or older) as the tosapins folder stands for TOShiba APplication INStallation (therefore the caps TOSAPINS) so I know that the folder was put there by Toshiba, I just do not know if Avast found a compressed file, and mistakingly stated it a compression bomb? I looked through other threads as I stated before, and other people said they got similar reports from Avast. As far as having my Bachelors in Computer Science, that does not mean I know everything about computers. I know people that have been working with them for 37 years, and still do not know halfr of what there is to know, as there are so many area's one can expertise in... The two (2) extra posts were accidental, not four (4), so if they need to kick me off here, so be it, there are probably 50 of these tech sites, maybe more. I cannot help if I click post and my connection keeps going on and off. I did not see the posting until they were all posted.

I do know there are ways to install something from cisco on my router, that is an encrypted log, with a very high security rate, so that perhaps the person hacking cannot delete it. I will look elsewhere for more in depth ideas.

Thanks for the attempt


----------



## graham112233 (Nov 25, 2009)

Phantom,

Thank you for post- here is Hijack log-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:28 PM, on 11/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O13 - Gopher Prefix: 
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{278ABD96-3D8F-424B-B667-77699AF63206}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{278ABD96-3D8F-424B-B667-77699AF63206}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS5\Services\Tcpip\..\{278ABD96-3D8F-424B-B667-77699AF63206}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS6\Services\Tcpip\..\{278ABD96-3D8F-424B-B667-77699AF63206}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
--
End of file - 11480 bytes


----------



## Phantom010 (Mar 9, 2009)

Do you recognize the following entries as being from your ISP?

O17 - HKLM\System\CCS\Services\Tcpip\..\{278ABD96-3D8F-424B-B667-77699AF63206}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{278ABD96-3D8F-424B-B667-77699AF63206}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS5\Services\Tcpip\..\{278ABD96-3D8F-424B-B667-77699AF63206}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS6\Services\Tcpip\..\{278ABD96-3D8F-424B-B667-77699AF63206}: NameServer = 156.154.70.22,156.154.71.22

OrgName: NeuStar, Inc.
OrgID: NEUS
Address: 45980 Center Oak Plaza
Address: Network Operations Center
City: Sterling
StateProv: VA
PostalCode: 20166
Country: US


As for the Toshiba crapware, if you're not using it, you might as well disable it from your Startup list.


----------



## calvin-c (May 17, 2006)

I'd check with Toshiba to be certain, but I suspect the compressed folder contains the 'factory image' of your software. that would indeed be a lot of files, often zipped inside one another, but it wouldn't be malicious. (Well...I've sometimes wondered about the junk Toshiba installs, but I give them the benefit of my doubts.)


----------



## bp936 (Oct 13, 2003)

Graham, you don't have to try other sites, I am sorry  if my post was worded wrong. I was just thinking, a computer expert like you should be able to figure out problems, but you are so correct, there is just too much junk out there to know it all.
Phantom is excellent, follow his instructions, he has helped me before.

and yes, my laptops are old.


----------



## flavallee (May 12, 2002)

graham:

Get rid of *COMODO Internet Security* for 2 reasons:

It has a poor rating.

It'll conflict with *Alwil Avast4*. You don't want multiple anti-virus programs installed and running at the same time.

----------------------------------------------------------------


----------

