Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Windows 7 Recovery Problem

This is a discussion on Windows 7 Recovery Problem within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello, I first got this about a month ago as "Win 7 2011 Security Alert" which wouldn't let me open


Closed Thread
 
Thread Tools Search this Thread
Old 04-17-2011, 03:49 AM   #1
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



Hello,

I first got this about a month ago as "Win 7 2011 Security Alert" which wouldn't let me open internet explorer, disabled malwarebytes and caused general chaos. I managed to get malware bytes open by running an antivirus scan (Panda) and then malware bytes could update and detect/remove several malicious files. A month later and it is now back and I can't get rid of it.

Any help is greatly appreciated.

I had a slight problem with two steps from your "NEW INSTRUCTIONS" page:

1) I right-clicked on the "Attach" file drom DDS and it wouldnt let me compress/zip it. It was already a .txt file so I have attached this to the post, hope this is okay.

2) The GMER scan "didn't find any system modification" and didn't produce a log for me to save. I had already turned off my virus scanner (Panda). Also, upon scanning the top eight check boxes in the right column were "greyed out" and I couldn't select these.

Please find DDS.txt below:


DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Richardson Firth at 10:30:55.65 on 17/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4027.2109 [GMT 1:00]
.
AV: Panda Global Protection 2010 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Global Protection 2010 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2010 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\TPSrvWow.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost -k Panda
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\pavsrvx86.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
c:\program files (x86)\panda security\panda global protection 2010\firewall\PSHOST.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PsImSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PavBckPT.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\psimreal.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Richardson Firth\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\Inicio.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Panda_cleaner] C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\pskdr.exe "C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\75b249e4f6631e90fd5dd03ab5712290pskdr.act"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Richardson Firth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [(Default)]
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
mRun-x64: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2011-3-11 33800]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2011-3-11 46136]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2011-3-11 57352]
R2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2011-3-11 116744]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2011-3-11 15928]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2011-3-11 82952]
R2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2011-3-11 31800]
R2 Gwmsrv;Panda Goodware Cache Manager;C:\windows\system32\svchost -k Panda --> C:\windows\system32\svchost -k Panda [?]
R2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2011-3-11 78856]
R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2011-3-11 170504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-7-12 1604200]
R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PsCtrlS.exe [2011-3-11 173312]
R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PavFnSvr.exe [2011-3-11 169216]
R2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2011-3-11 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\pavsrvx86.exe [2011-3-11 293120]
R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\psksvc.exe [2011-3-11 28928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-12 2320920]
R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-3-13 24576]
R2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2011-3-11 74760]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-12 56344]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;C:\Windows\System32\drivers\n64i1639.sys [2011-3-11 214536]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-1-28 86120]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-7-13 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-12 330856]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-12 1103904]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-12 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-5-18 164464]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-11 1255736]
.
=============== Created Last 30 ================
.
2011-04-15 16:18:59 860160 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-04-13 11:42:04 -------- d--h--w- C:\Panda Software
2011-03-29 20:13:06 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-29 17:47:41 189520 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys
2011-03-29 17:05:13 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B947E537-8362-4C6A-8AB0-9E88C61BEE4C}\mpengine.dll
2011-03-20 15:10:50 -------- d--h--w- C:\Users\RICHAR~1\AppData\Roaming\DVDVideoSoftIEHelpers
2011-03-20 15:10:33 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2011-03-20 15:10:33 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
.
==================== Find3M ====================
.
2011-03-11 09:40:53 15928 ----a-w- C:\windows\System32\drivers\COMFiltr.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-03-08 06:14:30 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-03-03 06:17:10 182272 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\windows\System32\win32k.sys
2011-02-24 06:30:00 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-02-18 16:36:58 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\windows\System32\usbaaplrc.dll
2011-02-18 06:37:05 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-02-12 06:14:41 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\windows\System32\winresume.exe
2011-02-02 18:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
.
============= FINISH: 10:32:36.13 ===============
Attached Files
File Type: txt Attach.txt (11.9 KB, 34 views)
RichieFth is offline  
Sponsored Links
Advertisement
 
Old 04-17-2011, 05:07 AM   #2
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



Additional Info:

Just noticed that this virus/malware problem has either disabled/deleted all of the files in my documents. Is this normal? What steps should I take, is it possible to recover these?

Also I keep getting an error message from "Microsoft .NET Framework" saying:

"Unhandled exception has occured in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately"

??
RichieFth is offline  
Old 04-21-2011, 11:17 AM   #3
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



Hi,

I can now access my documents and they arent lost forever :-)

However, I still believe I have not fully got rid of this problem, if anybody could help me it would be greatly appreciated.

Thank you.
RichieFth is offline  
Sponsored Links
Advertisement
 
Old 04-21-2011, 06:50 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello RichieFth,

Kindly tell me what you have done thus far to clean the infection. I'll also need a new dds.txt to see what remains.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-22-2011, 04:10 AM   #5
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



Hi Ried,

I went into safe mode which enabled me to run malwarebytes. This removed 4/5 malicious files. I then returned to normal windows and ran malware bytes scans and my virus scanner which didnt pick anything else up.

My laptop now seems to run fine but this happened last time and the same problem returned a few weeks later.

Also I still get a constant error message from "Microsoft .NET Framework" saying:

"Unhandled exception has occured in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately"

This reappears every 30 seconds even when I cancel/quit the message.

Please find current DDS Scan report below:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Richardson Firth at 12:07:04.92 on 22/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4027.2188 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\TPSrvWow.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost -k Panda
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\pavsrvx86.exe
c:\program files (x86)\panda security\panda global protection 2010\firewall\PSHOST.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PsImSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PavBckPT.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PAVJOBS.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\psimreal.exe
C:\Users\Richardson Firth\Downloads\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\Inicio.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Panda_cleaner] C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\pskdr.exe "C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\75b249e4f6631e90fd5dd03ab5712290pskdr.act"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Richardson Firth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [(Default)]
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
mRun-x64: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2011-3-11 33800]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2011-3-11 46136]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2011-3-11 57352]
R2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2011-3-11 116744]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2011-3-11 15928]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2011-3-11 82952]
R2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2011-3-11 31800]
R2 Gwmsrv;Panda Goodware Cache Manager;C:\windows\system32\svchost -k Panda --> C:\windows\system32\svchost -k Panda [?]
R2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2011-3-11 78856]
R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2011-3-11 170504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-7-12 1604200]
R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PsCtrlS.exe [2011-3-11 173312]
R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\PavFnSvr.exe [2011-3-11 169216]
R2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2011-3-11 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\pavsrvx86.exe [2011-3-11 293120]
R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Global Protection 2010\psksvc.exe [2011-3-11 28928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-12 2320920]
R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-3-13 24576]
R2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2011-3-11 74760]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-12 56344]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;C:\Windows\System32\drivers\n64i1639.sys [2011-3-11 214536]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-1-28 86120]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-7-13 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-12 330856]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-12 1103904]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-12 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-5-18 164464]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-11 1255736]
.
=============== Created Last 30 ================
.
2011-04-19 09:30:07 -------- d-----w- C:\Users\RICHAR~1\AppData\Local\Downloaded Installations
2011-04-17 14:17:09 -------- d-----w- C:\Users\RICHAR~1\AppData\Local\Nero_AG
2011-04-17 11:56:12 -------- d-----w- C:\windows\System32\wbem\repository
2011-04-15 16:18:59 860160 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-04-13 11:42:04 -------- d--h--w- C:\Panda Software
2011-03-29 20:13:06 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-29 17:47:41 189520 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys
2011-03-29 17:05:13 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B947E537-8362-4C6A-8AB0-9E88C61BEE4C}\mpengine.dll
.
==================== Find3M ====================
.
2011-03-11 09:40:53 15928 ----a-w- C:\windows\System32\drivers\COMFiltr.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-03-08 06:14:30 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-03-03 06:17:10 182272 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\windows\System32\win32k.sys
2011-02-24 06:30:00 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-02-18 16:36:58 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\windows\System32\usbaaplrc.dll
2011-02-18 06:37:05 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-02-12 06:14:41 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\windows\System32\winresume.exe
2011-02-02 18:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
.
============= FINISH: 12:08:14.32 ===============
RichieFth is offline  
Old 04-22-2011, 07:46 AM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. Can you please post the logs showing what MBAM has detected and removed? Open MBAM, click on the Logs tab and copy/past the content of any of the logs that cleaned anything.

Quote:
Also I still get a constant error message from "Microsoft .NET Framework" saying:

"Unhandled exception has occured in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately"
What are you doing when this messge pops up?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-23-2011, 06:41 AM   #7
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



With the error message it also says:

"Access to the path 'C:zProgramData\ToshibaEurope\Registration\settings.xml' is denied"

I click "quit" and then it re-appears thirty seconds later.

I have three old logs from MBMA and one I have just run now which has infected items. Please see each log below:

Log 1

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6424

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/04/2011 14:34:02
mbam-log-2011-04-23 (14-33-54).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 312795
Time elapsed: 39 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\richardson firth\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> No action taken.

Files Infected:
c:\Users\richardson firth\Desktop\windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\Users\richardson firth\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\Users\richardson firth\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> No action taken.

Log 2

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6377

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

17/04/2011 09:59:43
mbam-log-2011-04-17 (09-59-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 304729
Time elapsed: 23 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oXoFPXBPrtQ (Trojan.Agent) -> Value: oXoFPXBPrtQ -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\oxofpxbprtq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\48553736.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\Local\Temp\ms0cfg32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\Local\Temp\tmp5D43.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Log 3

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6304

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07/04/2011 21:38:04
mbam-log-2011-04-07 (21-38-04).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Objects scanned: 302652
Time elapsed: 30 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Richardson Firth\AppData\Local\rod.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\richardson firth\AppData\Local\Temp\0.20524152528606676.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\Local\Temp\0.9929473497203528.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\LocalLow\Sun\Java\deployment\cache\6.0\2\4811cb02-5f2b96f9 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\LocalLow\Sun\Java\deployment\cache\6.0\23\41fc1c17-741f63e2 (Trojan.Agent) -> Quarantined and deleted successfully.

Log 4

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6208

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/03/2011 21:47:35
mbam-log-2011-03-29 (21-47-35).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Objects scanned: 300280
Time elapsed: 33 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\richardson firth\AppData\Local\Temp\6182.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\Local\Temp\setup1425110000.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\Local\Temp\setup3058203232.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\Local\Temp\setup3588827216.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\richardson firth\AppData\Local\Temp\socemxnrwa.exe (Adware.Agent) -> Quarantined and deleted successfully.
RichieFth is offline  
Old 04-23-2011, 02:37 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thank you. :)

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-25-2011, 03:43 AM   #9
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



Ried,

I am struggling to run the Combofix programme. I disabled my Antivirus following the instructions below:

Panda Antivirus

Though an icon for Panda Antivirus will always be present in your computer's system tray, you cannot disable Panda Antivirus protection through this icon. Instead, you're going to have to load the Windows Task Manager and manually force Panda Antivirus to close if you want to disable it at any time.
Right-click on the long, horizontal bar that holds your "Start" menu icon, i.e. taskbar.
Click "Start Task Manager."
Click the "Processes" tab.
Look under the "Description" column for the file that represents Panda Antivirus. Once located, click on it.
Click the "End Task" button. Click "End Task" again in the new window that appears. This will disable Panda Antivirus on your computer, until you restart.

I then run the programme which creates a system restore point and then starts the scan which says it will take at least 10 minutes/double this with infected machines etc.

The programme then gets to "stage 50 completed" and seems to stop working and become unresponsive. I left it for an hour and still nothing happened. I turned it off and then tried to shut down/reboot but my laptop wouldnt reboot and I had to manually turn it off at the main power button.

i tried again and the same as above happened. Is there something I am doing wrong?

Thanks.
RichieFth is offline  
Old 04-25-2011, 05:39 AM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



No, there's nothing you're doing wrong. :)

Try running Combofix from Safe Mode.

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-25-2011, 07:22 AM   #11
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



That seemed to do the trick! :)

Combofix log:

ComboFix 11-04-24.04 - Richardson Firth 25/04/2011 15:09:19.3.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4027.2848 [GMT 1:00]
Running from: c:\users\Richardson Firth\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Richardson Firth\AppData\Roaming\Adobe\plugs
c:\users\Richardson Firth\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2011-03-25 to 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-25 14:14 . 2011-04-25 14:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-04-25 14:14 . 2011-04-25 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-24 11:31 . 2011-04-24 11:31 -------- d-----w- c:\program files (x86)\Safari
2011-04-24 11:27 . 2011-04-24 11:27 -------- d-----w- c:\program files\iPod
2011-04-24 11:27 . 2011-04-24 11:28 -------- d-----w- c:\program files\iTunes
2011-04-24 11:24 . 2011-04-24 11:24 -------- d-----w- c:\program files\Bonjour
2011-04-24 11:24 . 2011-04-24 11:24 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-19 09:30 . 2011-04-19 09:30 -------- d-----w- c:\users\Richardson Firth\AppData\Local\Downloaded Installations
2011-04-17 14:17 . 2011-04-17 14:17 -------- d-----w- c:\users\Richardson Firth\AppData\Local\Nero_AG
2011-04-17 11:56 . 2011-04-25 14:07 -------- d-----w- c:\windows\system32\wbem\repository
2011-04-15 16:18 . 2011-02-24 06:32 696592 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-04-13 11:42 . 2011-04-13 11:42 -------- d-----w- C:\Panda Software
2011-04-06 15:26 . 2011-04-06 15:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:26 . 2011-04-06 15:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:26 . 2011-04-06 15:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:26 . 2011-04-06 15:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-29 20:13 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-29 17:47 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-03-29 17:05 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B947E537-8362-4C6A-8AB0-9E88C61BEE4C}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 09:40 . 2011-03-11 09:40 15928 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2011-03-08 22:30 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-09 19:47 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 19:47 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 19:47 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 19:47 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 19:47 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 16:36 . 2011-02-18 16:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 18:11 . 2010-12-09 19:08 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-13 22:50 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-13 22:50 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-13 22:50 144384 ----a-w- c:\windows\system32\cdd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 12:51 3911776 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-08-12 56064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [x]
R1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [x]
R2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [x]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [x]
R2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [x]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]
R2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [x]
R2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
R2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\DRIVERS\n64i1639.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Global Protection 2010\PskSvc.exe [2009-08-25 28928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\Basic clean-up.job
- c:\program files (x86)\Panda Security\Panda Global Protection 2010\PlaTasks.exe [2011-03-11 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Richardson Firth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B} - c:\program files\Amazon\UninstallerAmazon.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,74,b6,19,4b,38,cd,43,a4,47,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,74,b6,19,4b,38,cd,43,a4,47,92,\
.
[HKEY_USERS\S-1-5-21-517381251-2513163617-831530793-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-517381251-2513163617-831530793-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-25 15:16:19
ComboFix-quarantined-files.txt 2011-04-25 14:16
.
Pre-Run: 407,675,826,176 bytes free
Post-Run: 407,287,099,392 bytes free
.
- - End Of File - - FC1F55C3571885DB41D7221985143215
RichieFth is offline  
Old 04-25-2011, 12:40 PM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Nice job. :) How is the machine behaving now? Are you still getting that error message?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-25-2011, 02:44 PM   #13
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



My latop appears to be working okay. Did Combofix permanently remove the problem? What had happened?

The error message still appears however. My inkling is the file got infected and I deleted it with malware bytes but it is a default file toshiba programme in when you boot up?? I have more information from the error message when I click on the details tab this message comes up......



See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.UnauthorizedAccessException: Access to the path 'C:\ProgramData\ToshibaEurope\Registration\settings.xml' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize)
at System.IO.StreamWriter..ctor(String path)
at Toshiba.OOBE.Common.RegistrationSettings.Save()
at Toshiba.OOBE.Reminder.ReminderForm.reminderTimer_Tick(Object sender, EventArgs e)
at System.Windows.Forms.Timer.OnTick(EventArgs e)
at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.4959 (win7RTMGDR.050727-4900)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
----------------------------------------
ToshibaReminder
Assembly Version: 8.1.9.0
Win32 Version: 8.1.9.0
CodeBase: file:///C:/Program%20Files/Toshiba/Registration/ToshibaReminder.exe
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
CodeBase: file:///C:/windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
ToshibaCommon
Assembly Version: 8.1.9.0
Win32 Version: 8.1.9.0
CodeBase: file:///C:/Program%20Files/Toshiba/Registration/ToshibaCommon.DLL
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.Management
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Management/2.0.0.0__b03f5f7f11d50a3a/System.Management.dll
----------------------------------------
ToshibaReminder.resources
Assembly Version: 8.1.9.0
Win32 Version: 8.1.9.0
CodeBase: file:///C:/Program%20Files/Toshiba/Registration/en/ToshibaReminder.resources.DLL
----------------------------------------
mmk5sqd8
Assembly Version: 8.1.9.0
Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
CodeBase: file:///C:/windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.


Do you know what this means Ried?

Many thanks.
RichieFth is offline  
Old 04-25-2011, 06:03 PM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Let's see if we can narrow that down a bit.

Download SystemLook from one of the links below and save it to your desktop.

Download Mirror #1
Download Mirror #2


Right click SystemLook.exe and run as administrator.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :regfind
    settings.xml
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt.

    Right click and rename the file to RegistryLook.txt

    ============================

    I'd like for you to do another search with that tool. This time, copy/paste the following in the main textfield:

    Code:
    :filefind
    settings.xml
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt (No need to rename this one. I had you rename the first search so the .txt result wouldn't be overwritten by this search.)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-26-2011, 01:39 AM   #15
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



First Search:

SystemLook 04.09.10 by jpshortstuff
Log created at 09:33 on 26/04/2011 by Richardson Firth
Administrator - Elevation successful

========== regfind ==========

Searching for "settings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ABFA6E5C8601FBBACF25F92ED789A79]
"FA81541CF0A193D4081196AB0AC13D08"="C:\Program Files\TOSHIBA\BulletinBoard\Gadgets\ToshibaGadgets\GadgetSettings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14B0000DE22125FF070C5C45FAA93DA9]
"FA81541CF0A193D4081196AB0AC13D08"="C:\Program Files\TOSHIBA\BulletinBoard\Gadgets\ToDoList\GadgetSettings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6817C40B569DBE0469A08A9F5C835F47]
"D3610C7F8DC9F5F4AB8CE3540A00A0FF"="C?\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\Settings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90E050749C6914707D3175A8F6460D6B]
"FA81541CF0A193D4081196AB0AC13D08"="C:\Program Files\TOSHIBA\BulletinBoard\Gadgets\IconGadget\GadgetSettings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\979C27D417A95FD435725E0472FB8A9C]
"FA81541CF0A193D4081196AB0AC13D08"="C:\Program Files\TOSHIBA\BulletinBoard\Gadgets\WebThumbnailGadget\GadgetSettings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD4E3F633A5BBA3D29607165B9843C37]
"FA81541CF0A193D4081196AB0AC13D08"="C:\Program Files\TOSHIBA\BulletinBoard\Gadgets\StickyNote\GadgetSettings.xml"

-= EOF =-

Second Search:

SystemLook 04.09.10 by jpshortstuff
Log created at 09:35 on 26/04/2011 by Richardson Firth
Administrator - Elevation successful

========== filefind ==========

Searching for "settings.xml"
C:\Program Files\Toshiba\BulletinBoard\DefaultSettings\Settings.xml --a---- 122 bytes [20:19 02/07/2009] [20:19 02/07/2009] 15E3395BA8F340F702D876418FDDDBCA
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\Settings.xml --a---- 5564 bytes [13:46 07/03/2008] [13:46 07/03/2008] FB4C5915687BFDD7578ADF8D2734B806
C:\ProgramData\ToshibaEurope\Registration\settings.xml --ah--- 1671 bytes [18:16 09/12/2010] [23:12 16/04/2011] 60D71C3980ABD48720E6942F119BF6FD
C:\Users\All Users\ToshibaEurope\Registration\settings.xml --ah--- 1671 bytes [18:16 09/12/2010] [23:12 16/04/2011] 60D71C3980ABD48720E6942F119BF6FD
C:\Users\Richardson Firth\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml --a---- 654 bytes [08:18 10/12/2010] [10:48 08/03/2011] 295B0DC1BE1B1258C135FB272104CFD5

-= EOF =-
RichieFth is offline  
Old 04-26-2011, 02:42 PM   #16
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



None of the registry keys listed, are calling that file from the location the error message is giving you.

When exactly, does this message pop up? Only upon boot up? Opening programs?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-26-2011, 03:09 PM   #17
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



As soon as you boot up and everything has loaded up on the desktop it pops in in the middle of the screen. You have to drag it down to the bottom of the page and ignore it because everytime you "red cross it" or select "continue" or "quit" the same message pops up again straight away.

Is all the malware cleared?
RichieFth is offline  
Old 04-26-2011, 03:11 PM   #18
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Yes, the malware is cleared. :)

Let me research, and work on this a bit more, see what I can dig up, and I'll get back to you. It's quite an annoying occurrence I wouldn't want happening on my machine.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-26-2011, 03:15 PM   #19
Registered Member
 
Join Date: Mar 2005
Posts: 35
OS: Windows 7



Superb! :-)

Thank you very much Ried. It is much appreciated! :-) Needless to say it is a very annoying error message.

Please let me know if you need any more information.
RichieFth is offline  
Old 04-27-2011, 05:14 PM   #20
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Ok, educated guess here. On your keyboard, press the Windows logo key and the letter R to bring up the Run command box.

Type the following into the Run box and click OK:

msconfig

Click on the Startup Tab and you'll see the list of all the items slated to run at Startup.

Look for Toshiba Registration and untick the box next to it.

(You can make each column wider so you can read the full entry. Hover your mouse over the Column titles until you see it become a large +, then drag.)

Click Apply and OK your way out. When prompted to restart, click Restart Now.

Still getting that message at boot?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with XP Anti Spyware 2011 removal
Good evening A neighbours PC has fallen foul of XP Anti Spyware 2011. I've tried dealing with it through Malwarebytes in Safe Mode but this appears to have been disabled. Could someone have a look at the DDS and GMER logs for me and advise on the best way forward. Thanks Dave . DDS...
riffraff99 Resolved HJT Threads 16 04-19-2011 02:45 AM
Virus keeps redirecting google and bing to other sites.
After opening a "bad" site two days ago, a virus/malware keeps redirecting google and Bing searches to other sites. The Google page comes up but then when you click on a link, it redirects you to a page you don't want. Also keep getting a script error that concides with a "site visited" going to...
tommylow97 Resolved HJT Threads 65 04-13-2011 08:03 PM
Virus redirecting all of my pages.
My computer is completely screwed! First no sound now this! Almost every time I try to do something on the internet my page is getting redirected to something else! I always have to rush to click the X button to stop the page from loading. But I want a permanent fix! Please help.
TheresMoreToMe Resolved HJT Threads 26 01-26-2011 04:48 PM
Generic Host Process For Win32 popups.....
Hello, I am getting the following 3 problems: 1. msg popup: Generic Host Process For Win32 Services Encountered A Problem and needs to close. 2. random pop up ads I've never seen before 3. the appearance on my windows XP will change from the typical blue w green start button look, to an...
woodstiff Resolved HJT Threads 17 01-25-2011 05:10 PM
Random popups and site redirecting virus
Hello, I'm new to the forum and my problem is that I'm being redirected to unwanted sites like Tazinga or Binkx. I'm running Windows XP and my laptop is about 7 years old. Any help would be great! Here are the Hijack specc UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED,...
Hexamus Inactive Malware Help Topics 2 01-11-2011 07:15 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:55 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts