Hard Drive Diagnostic - Vista doesn't open MBAM after restart

I'm sorry... As pressure increases instead of getting reduced on all sides, the virus-removal has to cease much more often than I want it to... On top of that my disability and ignorance when it comes to computer... Sorry!!!

1) I keep wondering whether or not (remnants of) Hard Drive Diagnostic (are) is still on my computer. Is there a way to know?

2) As for the "blinking" shortcuts at shutdown you're not sure, but what about the background - which was set by default when I bought the computer and wasn't changed ever since - being turned into a black screen after running MBAM?
How come the shortcut Hard Drive Diagnostic made on my desktop is still there, but has changed?
As for the dial-up: I do have broadband, but ever since having exchanged information with a bleutooth-device, every now and then I got a dialup screen...

3) Do I first run MBAM or ComboFix?
a) For MBAM: Should I delete/uninstall and start all over again with downloading, installing,... or can I just dubbelclick on the shortcut, give permission to update, perform another quick scan and afterwards check all items to "remove selected"?
b) For ComboFix:
1) In my previous post I tried to tell you I'm not able to "Disable your AntiVirus and AntiSpyware applications..." as I don't know what exactly is on my computer... I tried to explain as well as I could what I did know and pasted printscreens of my Add/Remove Programs, hoping (together with logs I already provided) you might be able to tell me what to disable/delete...
2) "Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel": do I copy and paste that literally, or do "%userprofile%" or "commy.exe" /stepdel" have a meaning and do I have to fill in? If so, what's the meaning, how do I fill in?

1) I keep wondering whether or not (remnants of) Hard Drive Diagnostic (are) is still on my computer. Is there a way to know?

HDD rogue is a simple program to remove, so it looks good from here.

2) As for the "blinking" shortcuts at shutdown you're not sure, but what about the background - which was set by default when I bought the computer and wasn't changed ever since - being turned into a black screen after running MBAM?

If it's just a background, that can be easily changed in the Desktop settings.

How come the shortcut Hard Drive Diagnostic made on my desktop is still there, but has changed?

Delete that, it's a leftover.

As for the dial-up: I do have broadband, but ever since having exchanged information with a bleutooth-device, every now and then I got a dialup screen...

Are you wireless or hard wired to a router?

3) Do I first run MBAM or ComboFix?

Combofix please.

a) For MBAM: Should I delete/uninstall and start all over again with downloading, installing,... or can I just dubbelclick on the shortcut, give permission to update, perform another quick scan and afterwards check all items to "remove selected"?

Just open it and do an update, it will download the latest.

1) In my previous post I tried to tell you I'm not able to "Disable your AntiVirus and AntiSpyware applications..." as I don't know what exactly is on my computer... I tried to explain as well as I could what I did know and pasted printscreens of my Add/Remove Programs, hoping (together with logs I already provided) you might be able to tell me what to disable/delete...

It's it's complaining of Mcafee as I see Mcafee is installed, then see HERE for how to disable your AV.

2) "Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel": do I copy and paste that literally, or do "%userprofile%" or "commy.exe" /stepdel" have a meaning and do I have to fill in? If so, what's the meaning, how do I fill in?

Copy and paste the command as one whole line.

1) Thanks for the appeasement!

2) As I already chose a picture and put it on the desktop background and thus far havn't noticed any further problems with that, I can leave it the way it is now, just forget about it?
About the shortcut Hard Drive Diagnostic made on my desktop and is still there but has changed: just throw in recycle bin and empty?
About the dial-up: I'm wireless.

3) a) For MBAM: After having run ComboFix, I just (update and) run MBAM, perform quick scan, than check all items - regardless of how many or which have come out - for "remove selected" and just remove all?
b) For ComboFix:
1) If I understand correctly, in McAfee I have to just turn off everything what's under "Computer and files" and everything what's under "Internet and network"? As for the others - "E-mail and express" included - I just leave everything as it is (on)?
2) As for the Microsoft Windows Recovery Console: when I bought this computer, there were NO CD/DVD's with it. Is it - in this case - save to just skip Microsoft Windows Recovery Console? Should I manually install? If so, before or after running Combofix? How?
3) Do I run ComboFix/install Microsoft Windows Recovery Console/MBAM in Safe Mode (with networking) or can I just boot and work in Normal Mode?

2) As I already chose a picture and put it on the desktop background and thus far havn't noticed any further problems with that, I can leave it the way it is now, just forget about it?

Yep.

About the shortcut Hard Drive Diagnostic made on my desktop and is still there but has changed: just throw in recycle bin and empty?

Yes.

About the dial-up: I'm wireless.

Try hardwire, wireless speed tends to drop based on the signal streanght.

3) a) For MBAM: After having run ComboFix, I just (update and) run MBAM, perform quick scan, than check all items - regardless of how many or which have come out - for "remove selected" and just remove all?

Yes, remove whatever it finds.

1) If I understand correctly, in McAfee I have to just turn off everything what's under "Computer and files" and everything what's under "Internet and network"? As for the others - "E-mail and express" included - I just leave everything as it is(on)?

Turn off everything possible.

2) As for the Microsoft Windows Recovery Console: when I bought this computer, there were NO CD/DVD's with it. Is it - in this case - save to just skip Microsoft Windows Recovery Console? Should I manually install? If so, before or after running Combofix? How?

Allow Combofix to install the RC for you. It's there for a safety reason should something bad happen when CF is running.

3) Do I run ComboFix/install Microsoft Windows Recovery Console/MBAM in Safe Mode (with networking) or can I just boot and work in Normal Mode?

Either mode should work, but preferably normal mode.

As for the wireless/hardwire: I’m afraid I’m not the one to decide… As the majority loves the advantages of wireless (quite frankly: me too), that’s probably not going to be changed back into hardwire…

Next things I did/happened:
1) I tried to turn off everything possible in McAfee. I even made printscreens of what I did:


2) I downloaded ComboFix from the Bleepingcomputer-link in Post 5 and saved as commy.exe on my desktop.

3) I clicked Start then copy pasted “"%userprofile%\desktop\commy.exe" /stepdel” into the search box & hit enter. UAC asked for permission, I gave it. I got “DISCLAIMER OF WARRANTY ON SOFTWARE”, I clicked Yes. I got “Backing up registry…”-window, it automatically closed when ready. After that I’m convinced ComboFix just started scanning. (I’m not 100% certain, nevertheless pretty convinced Microsoft Windows Recovery Console was not mentioned.) ComboFix was going to reboot – do NOT do it yourself, Combofix will – and did so. ComboFix was prepairing Log Report – Do not run any programs until ComboFix has finished. After a while ComboFix-window was closed and Notepad-window presenting ComboFix-log was opened. I’ll copy paste below as “ComboFix-log".
BUT, I also got an error-box:


Not having a clue what “CEC_MAIN.exe” would mean, but assuming this would start the Microsoft Windows Recovery Console, I just clicked OK… Nothing happened.
While waiting patiently for something to happen, I did notice the shortcut Hard Drive Diagnostic made on my desktop and was still there but had changed, was changed again! This time it has been turned into an Internet Explorer-shortcut. The background on the other hand - which was set by default when I bought the computer and wasn't changed ever since until I ran MBAM (it turned into a black screen after running MBAM) seems unmoved by ComboFix: the picture I chose and put it on the desktop background (to replace the black screen) is still there.
As just waiting for something to happen after having clicked OK-button had failed, I decided to prepair another post.
Meanwhile I had some urgent presents which had to come first. Virus-removal had to cease for a while, although I felt insecure about the status of my computer (having disabled every possible protection, having run ComboFix but not knowing what about the error, what about Microsoft Windows Recovery Console…).
As I wanted to go on the internet, I was prompted with a message Internet Explorer was not my standard browser, did I want to alter it into my standard browser? Although I couldn’t remember Internet Explorer not being my standard browser, I just clicked Yes. Ever since having done that, this message doesn’t seem to appear anymore.
More of a concern however, I was presented with a message I was going to leave save internetconnection. The information you send, could be watched by others. Do you want to continue?

This message keeps appearing, every time I open Internet Explorer.
When I want to open GMail (thus far I only noticed for GMail, possibly it's for some other things too, I just don't know it yet) an other message appears stating I'm going to display pages through a safe connection. The information you exchange with this website can be viewed by nobody else on the internet.


Thinking that would be it, yesterday at shutdown I noticed McAfee-icon being checked in taskbar: apparently McAfee did a scan anyway although I tried my best to disable completely (1)) and hadn't changed back because I wanted to ask you first.

So far I think that shall be it.
Wat do I do now?



ComboFix-log:
ComboFix 11-01-10.07 - Anneke 11/01/2011 9:33.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.32.1043.18.3069.1811 [GMT 1:00]
Gestart vanuit: c:\users\Anneke\Desktop\commy.exe
gebruikte Opdracht switches :: /stepdel
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Anneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic
c:\windows\system32\drivers\sst3B3E.sys
c:\program files\Internet Explorer\msimg32.dll
c:\users\Anneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic\Hard Drive Diagnostic.lnk
c:\users\Anneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic\Uninstall Hard Drive Diagnostic.lnk
c:\users\Anneke\Desktop\Hard Drive Diagnostic.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\arp.exe
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sst3B3E
-------\Service_sst3B3E


(((((((((((((((((((( Bestanden Gemaakt van 2010-12-11 to 2011-01-11 ))))))))))))))))))))))))))))))
.

2011-01-11 08:39 . 2011-01-11 08:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 12:48 . 2010-12-28 12:49 -------- d-----w- c:\windows\system32\ca-ES
2010-12-28 12:48 . 2010-12-28 12:49 -------- d-----w- c:\windows\system32\eu-ES
2010-12-28 12:48 . 2010-12-28 12:49 -------- d-----w- c:\windows\system32\vi-VN
2010-12-28 11:32 . 2010-12-28 11:32 -------- d-----w- c:\windows\system32\EventProviders
2010-12-24 13:55 . 2010-12-24 13:55 -------- d-----w- c:\programdata\IsolatedStorage
2010-12-21 11:56 . 2010-12-21 11:56 -------- d-----w- c:\users\Anneke\AppData\Roaming\Malwarebytes
2010-12-21 11:53 . 2010-12-21 11:53 -------- d-----w- c:\programdata\Malwarebytes
2010-12-21 11:53 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 11:53 . 2010-12-21 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-21 11:53 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 10:39 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-17 10:39 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-17 10:39 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-17 10:39 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 10:39 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-17 10:39 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-17 10:39 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-17 10:39 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-17 10:39 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-17 10:39 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 14:58 . 2010-12-06 14:58 82944 ----a-w- c:\windows\system32\drivers\sst195D.sys
2010-12-06 14:58 . 2010-12-06 14:58 0 ----a-w- c:\windows\system32\drivers\sst195D.tmp
2010-12-06 14:57 . 2010-12-06 14:57 0 ----a-w- c:\windows\system32\drivers\sst3B3E.tmp
2010-11-12 17:53 . 2010-05-14 10:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-10 122368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]

c:\users\Anneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-12 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-09 30192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:17]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:17]

2008-08-08 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-05 11:32]

2009-12-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-05 11:32]

2011-01-11 c:\windows\Tasks\User_Feed_Synchronization-{CD84C335-872B-4F86-81AE-25F3500FCE74}.job
- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
.
.
------- Bestandsassociaties -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe



**************************************************************************
scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????????*???P?y?x?y???y???y??

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden:

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(4600)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conime.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\Power Saver\TPwrMain.exe
c:\program files\Toshiba\SmoothView\SmoothView.exe
c:\program files\Toshiba\FlashCards\TCrdMain.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\BTWLANDP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Voltooingstijd: 2011-01-11 09:47:18 - machine werd herstart
ComboFix-quarantined-files.txt 2011-01-11 08:47

Pre-Run: 101.037.477.888 bytes beschikbaar
Post-Run: 105.179.316.224 bytes beschikbaar

- - End Of File - - 3F66BE5A4B8E6E2EEC6A787C13068B06

Hello.
Could you translate the pics for me? I only speak English and not whatever language that's in.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Hi…
I’m very sorry for another – way too long! – interruption… As urgent presents keep piling up it’s getting increasingly difficult to keep my priorities straight… On the one hand there are things that really can’t wait, on the other hand I need my computer for some of those things and therefore it’s important to get and keep him as ‘healthy’ as possible…
I was a fool to believe I was almost there and to plan not having to spend much more time on this case: just run ComboFix - don’t worry about Microsoft Windows Recovery Console, it will be self-evident while running Combofix – and post the log, delete the shortcut-leftover, than run MBAM once again, delete whatever it finds and post the log… Possibly some finalization and off we go… Yaehhh…

As for the pictures… They are in Dutch…
As you might have noticed, English is not my first language… Sometimes it’s quite difficult for me to explain in another language – even in English, especially in cases like this I know so few about it would be even difficult to explain in my own language!
I open a translator next to my reply-window, spending a lot of precious time trying to explain as well as I can… in English…
Apparently the result is not according to the efforts… I’m very sorry!
I do, however, appreciate you making the effort to tell me you don’t understand what I mean much more than just ignoring the peaces you don’t understand… Please, keep doing so and thank you very much for making so many efforts to help me out!


As I’m convinced you do understand the McAfee-printscreen-scheme and the ComboFix-log, I’m going to skip them for now. They’re going to take quite some time I’m afraid and if it’s useless… If, however, you think a translation of either would be of use to you, please, just tell me so, I’ll work on it as fast (and as well) as I can!

As for the others:
1)

In English would be something in the sense of


2)

In English would be something in the sense of


3)

In English would be something in the sense of



Before proceeding with ESET Online Scan, I’d like to ask you what about the consequences of not having been able to execute the ComboFix-procedure properly, especially the Microsoft Windows Recovery Console.
In Post 5 you told me

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.

As I expressed my concerns about no CD/DVD’s were with this computer when I bought it, in Post 14 you told me to

Allow Combofix to install the RC for you. It's there for a safety reason should something bad happen when CF is running.

As I told you in Post 15 MWRC was not mentioned while running ComboFix, I’m wondering whether or not MWRC was already installed on my computer? Is there a way to know?

1) Do I install MWRC yet? How?
2) What about the error-box (picture 1))?
3) What about the Internet Explorer-boxes (pictures 2) and 3))?
4) What about McAfee – which seems to keep performing some kind of scan although I havn’t changed settings since making efforts to disable completely in order to run ComboFix? For several days now I also get

In English would be something in the sense of

Do I change McAfee-settings? Into what?
I did (accidentally) order a trial version of McAfee Total Protection (but didn’t download nor install)… Do I install it? When?
5) What about the ‘mystery shortcut’ Hard Drive Diagnostic made on my desktop - which had changed but was still there after MBAM and which I planned to just throw in recycle bin and empty after having run ComboFix, but apparently turned into a Internet Explorer-shortcut? Can I just use it or do I throw in recycle bin and empty anyway just to be certain?
N.B.: As desktop background seems unmoved by ComboFix I assume that case just stays solved. I was however pleasantly surprised getting the impression also the ‘blinking shortcut’-problem seems eliminated.
6) About the ESET Online Scan: Is there something I preferably do before/during/…? Do I disable anti-stuff? Do I close all windows? Do I perform in Safe Mode (with networking) or in Normal Mode?...???

Where is the "solved" coming from?

I'm very sorry!
As I saw "solved" in front of the title, I thought the case might be closed for some reason I didn't know, too late with next post maybe?
As I would really want to solve the case before closing, it's an appeasement seeing it isn't there anymore...
Once again my apologies for this misunderstanding!

Bump?

Hello.
Allows Mcafee to check for updates.

Delete the the HDD diagnostic icon, it's overleft.
Perform the ESET scan in normal mode and leave protection stuff enabled, ESET can run while they are active.

Hi,

1) About the mess:
A) Did I do something wrong? What (trying to avoid doing it again)?
Can I please get my “edit”-buttons back? How?

2) About what you already know I did/happened:
A) Were the picture-translations satisfying? Do you want me to translate McAfee-printscreen-scheme or ComboFix-log anyway?
What about the consequences of not having been able to execute the ComboFix-procedure properly, especially the Microsoft Windows Recovery Console?
C) What about the error-boxes?

3) About next I did/happened:
Since my Post 15 I kept my hands of protection stuff, because I didn’t knew – and still don’t know – what to do with it. As in your Post 21 you didn’t actually reply to my Post 17 (would you be so kind? ), but told me to delete the icon and perform ESET scan, I guessed (hopefully right!) you wanted me to do them first…
A) About the “mystery shortcut”: In right-click-menu I chose “delete”, thinking I would throw in recycle bin and planning to empty afterwards. I did get a “Are you sure?”, but was too anxious to click “Yes” and didn’t read the lines underneath properly. I think it said something like I could restore afterwards in Control Panel, Personal Preferences...
Anyway, when I wanted to empty recycle bin, I saw there wasn’t anything in it…
I’d rather think that would mean it had become a “real” Internet Explorer shortcut than a virus-remnant now possibly wouldn’t be completely removed, but as I’m not sure, I thought to mention it anyway…
About ESET Online scanner: I accepted Terms of Use, Start, Install ActiveX for all users, Install, UAC permission, than got what I printscreened and will paste below as Printscreen 1 and Printscreen 2.
After that Internet Explorer crashed… “The webpage has expired”, so I just closed and decided to prepare this post.
1) Can I just start over?
2) Do I leave all settings as they are automatically (also for what I havn't seen yet)?
3) Where is Windows Defender (Printscreen 2) coming from?

Printscreen 1:


Printscreen 2:

Hi,

As I had a little time, I was stupid enough to think to just try and see how far I’d come…
I clicked the link in your Post 16, ESET Online Scan, Agree Terms of Use, Start, than got window I pasted in two parts in my Post 22 above.
Although I had second thoughts about the “Scan for potentially unwanted applications” being checked, but meantime the “Scan for potentially unsafe applications” being unchecked, I left all settings as they were automatically and clicked Start. I got Initialization, than Scanning.
(As threats were found and I wanted to make some printscreens, I did accidentally press ALT+F12 instead of ALT+PRTSC… Seemingly nothing happened, so I just let the scan continue. As I can’t find a proper log, I mention it just to be sure.)
After about an hour I got


As I wanted to see “List of found threats” I clicked on it and got


As I just wanted to go back to take a look at “Manage quarantine”, I clicked Back-button, but I’m afraid my (largely overpaid fancy Logitech mouse ) granted me (another!) favour by forcing the click not only on Back-button, but also on Finish-button in the screen I wanted to click “Manage quarantine” in… I got a ‘want-to-buy ESET-products’-window instead and didn’t seem able to go back… “The webpage has expired”…
As you told me in your Post 16

•Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

I closed ESET Online Scanner windows and went to C:\Program Files\... ESET because there wasn’t any esetonlinescanner directly under Program Files, so ESET\ESET Online Scanner\log.
I tried to make a printscreen so you could clearly see I went to the right place:


Apparently it’s not all that clear, but hopefully clear enough to see the log should have been in the file I opened…
Copypaste of what’s in the log (so you could read):

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Posted this to "keep you up to date"... Would you be so kind answering my questions in my previous Post 22 as well?

Hmm.
Did you get the full filepath for the file that's in the C:\Windows\system32\drivers folder by any chance?

How is the machine running now?

Hi,

Once again I'm afraid I'll have to make excuse for my incompetence: I'm not sure what you mean by

Did you get the full filepath for the file that's in the C:\Windows\system32\drivers folder by any chance?

, but I think I didn't. At least not for as far as I'm aware of.

As far as I know the machine is still running as it was before performing ESET Online Scan. I tried my best to describe as well as I could in previous posts... Also my questions do remain... Would you be so kind?

Hello.

B) Can I please get my “edit”-buttons back? How?

On your posts do you mean?

A) Were the picture-translations satisfying? Do you want me to translate McAfee-printscreen-scheme or ComboFix-log anyway?

No thanks, there good enough now.

B) What about the consequences of not having been able to execute the ComboFix-procedure properly, especially the Microsoft Windows Recovery Console?

Aslong as nothing unexpected happens, doesn't matter, the RC is so if anything goes wrong, we can fix it.

I’d rather think that would mean it had become a “real” Internet Explorer shortcut than a virus-remnant now possibly wouldn’t be completely removed, but as I’m not sure, I thought to mention it anyway…

It's fine, aslong as it's gone.

If the machine is running fine, then all should be well.

Hi...

Yes on my posts I mean (get my "edit"-buttons back).
If you'd ever like some help to make a mess...



OVERVIEW: (D from Done, C from Consequence, Q from Question)

D1) Windows in Safe Mode with Networking -> MBAM -> quick scan (1) -> 229 infected objects (MBAM left 2 of them unselected and therefore these objects were not removed). -> At restart to complete process system tray displays message some programs are blocked. -> Administrator permission -> nothing happens -> dubbelclick MBAM's shortcut on desktop -> main program -> quick scan (2) -> 2 infected objects (which I'm convinced MBAM already detected during first scan, but for some reason weren't selected for removal).

D1C1) Background desktop turned black -> selected picture to put on it. => Thus far no further problems with that.

D1C2) Layout (the picture) shortcut Hard Drive Diagnostic made on desktop changed -> ComboFix turned into "Real?" Internet Explorer-shortcut (Post 15) -> "deleted" previous to running ESET-scan (Post 22). => Thus far no further problems with that.

D1C3) "Blinking" shortcuts (especially at shutdown) -> ComboFix => Ever since having run ComboFix I havn't noticed any "blinking" shortcuts anymore (at least so far).

D1C4) Dial-up more likely to emerge -> From your comments it seems to me that probably has to do more with my wireless connection than with my computer being infected.
=> Q1) Do I have to live with the dial-up or is there something (other than switching to hardwire) that can fix or at least improve the situation? (F.e.: Internet Explorer -> Extra -> Internet Options -> tab Connections -> alter "Dial whenever there is no network connection" into "Never dial a connection"?)


D2) Making efforts to disable AntiVirus and AntiSpyware applications (Posts 9-15) -> ComboFix (your Post 5 and my Post 15).

D2C1) Microsoft Windows Recovery Console was not mentioned. -> Googled MWRC and found something like the MWRC in earlier versions of Windows has been removed in Vista and replaced by several tools: The System Recovery Options menu.
=> Q2) Do I understand correctly ComboFix does install the MWRC in earlier versions of Windows, but not in Vista because in Vista the MWRC has been replaced by the SROM - which should be either on the Windows installation disc or preinstalled (hopefully so in my case, as I told before there was NOT A SINGLE DISC with my computer) - and together with the fact "nothing unexpected (?<=>? D2C2 & D2C3) happened" running ComboFix I shouldn't worry? (For now?) Shouldn't I check whether SROM (or any other piece of recovery you'd recommend) is installed on my computer - and if not take precautions - in case something would go wrong in the futur?

D2C2) At ComboFix-reboot “CEC_MAIN.exe”-error-box appears (Posts 15 & 17)

-> Googled “CEC_MAIN.exe”: probably would have something to do with the build-in-webcam on my Toshiba (which I havn't used so far, although would like to be able to whenever it suits me).
=> Q3) What do I do with that?

D2C3) Ever since having run ComboFix I get Security-Warning-windows using Internet Explorer (Posts 15 &17)
and
=> Q4) Do I have to live with continuously Yes, OK, Yes,... or is there something that can fix or at least improve the situation? (F.e.: Internet Explorer -> Extra -> Internet Options -> tab Advanced -> uncheck "Warn if it switches between secured and unsecured mode"?)


D3) ESET Online Scanner, leaving all the default settings as they were (Post22) -> scan -> 4 files infected and cleaned -> take a look at “List of found threats” (Post 23) -> click on Back-button (wanting to take a look at “Manage quarantine”) forced on Finish-button too -> log traceless.

Being convinced ‘want-to-buy ESET-products’-window appeared by pressing through click on Back-button onto Finish-button, both "Uninstall application on close" and "Delete quarantined files" should have stayed as they were: unchecked.

Consequently I'd think the (4) files (infected and cleaned) should still be somewhere on my computer - be it in quarantine.
=> Q5) Where do I find these quarantined files and what do I do with them?


Q6) If I understand correctly, scans do quarantine items they consider possibly harmful, but not delete them in case an item should be "misinterpreted" so it could be placed back. What happens to the quarantine (and the quarantined items in it) once the program which has quarantined gets deleted/uninstalled from the computer?

Q7) Should I perform another ESET-scan? If so, should I check “Scan for potentially unsafe applications”? At finish check "Uninstall application on close" and/or "Delete quarantined files"?

Q8) Should I perform another quick scan with MBAM, check all items - regardless of how many or which have come out - for "remove selected" and remove all?


As I didn't know exactly which "anti-stuff" was on my computer and tried to figure out in order to run ComboFix (Posts 9-12), I got convinced only such thing on my computer was from McAfee. Although having made efforts to disable completely (Post 15)(and not having changed back ever since) scan continued to be done (only thing that seems to have changed, is I started getting (and still am getting) messages on my system tray (Post 17) "Check for updates should already have taken place"). Consequently I was rather surprised noticing ESET-scan state (next to McAfee also) Windows Defender "may affect the performance and the quality of the scan".

=> Q9) Is Windows Defender (active) on my computer?

Q10) Do I change McAfee settings back into what they were before (Post 15)?

Q11) Do I do anything else with protection stuff?

Q12) Should I "clean up"? What do I do with which of the quarantines/quarantined items/programs?

Hello.

Q1) Do I have to live with the dial-up or is there something (other than switching to hardwire) that can fix or at least improve the situation?

Nope, and to be honest, if your not living in the middle of nowhere, then you should be able to get broadband

Do I understand correctly ComboFix does install the MWRC in earlier versions of Windows, but not in Vista because in Vista the MWRC has been replaced by the SROM

Yep, that's for XP only.

and together with the fact "nothing unexpected (?<=>? D2C2 & D2C3) happened" running ComboFix I shouldn't worry? (For now?) Shouldn't I check whether SROM (or any other piece of recovery you'd recommend) is installed on my computer - and if not take precautions - in case something would go wrong in the futur?

Honestly no, if there is no new problems, then no need to worry.

=> Q3) What do I do with that?

Do you have the drivers for it? like it says, reinstall the drivers.

Do I have to live with continuously Yes, OK, Yes,... or is there something that can fix or at least improve the situation?

Tick the boxes for not showing the warning anymore and they will stop bothering you.

=> Q5) Where do I find these quarantined files and what do I do with them?

They should be under C:\Program File\Eset, you can leave them if you wish, they are dead items.

Q6) If I understand correctly, scans do quarantine items they consider possibly harmful, but not delete them in case an item should be "misinterpreted" so it could be placed back. What happens to the quarantine (and the quarantined items in it) once the program which has quarantined gets deleted/uninstalled from the computer?

They will either get left behind, or are removed as well.

Q7) Should I perform another ESET-scan? If so, should I check “Scan for potentially unsafe applications”? At finish check "Uninstall application on close" and/or "Delete quarantined files"?

Leave "Scan for potentially unsafe applications" unticked, but tick the other two if you wish.

Q8) Should I perform another quick scan with MBAM, check all items - regardless of how many or which have come out - for "remove selected" and remove all?

If you want to, but I doubt it will find anything.

=> Q9) Is Windows Defender (active) on my computer?

Yep.

Q10) Do I change McAfee settings back into what they were before (Post 15)?

Yes please.

Q11) Do I do anything else with protection stuff?

No, we may install little extras later once I give you my prevention speech.

Q12) Should I "clean up"? What do I do with which of the quarantines/quarantined items/programs?

Yes, other scanners may also pick up the quarantined items as actual threats.