DeathlyPlacebo

Members

View Profile See their activity

Posts
8
Joined
November 15, 2012
Last visited
November 26, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by DeathlyPlacebo

Trying to get rid of cromeupdate.crx trojan permanantly

DeathlyPlacebo replied to DeathlyPlacebo's topic in Resolved Malware Removal Logs

The reset seems to have worked. I tried a few test searches and haven't been redirected since I reset Firefox. I will keep attempting a few more just to be sure.
- November 26, 2012
- 19 replies
Trying to get rid of cromeupdate.crx trojan permanantly

DeathlyPlacebo replied to DeathlyPlacebo's topic in Resolved Malware Removal Logs

I have only been using Firefox for my browser. I tried disabling certain plugins just in case one of them was corrupted but I can't tell if it has worked. The redirection hasn't happened today but last night it was going on.
- November 23, 2012
- 19 replies
Trying to get rid of cromeupdate.crx trojan permanantly

DeathlyPlacebo replied to DeathlyPlacebo's topic in Resolved Malware Removal Logs

Here are the logs, in the order you asked for. No problems with doing this part although before I uninstalled Java I was still getting redirected during searches. Hopefully it won't happen again. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.23.02 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Joshua :: JOSHUA-PC [administrator] 11/23/2012 12:39:27 AM mbam-log-2012-11-23 (00-39-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 204400 Time elapsed: 7 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:54:31 AM, on 11/23/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Toshiba\TOSDEVL\TUSBDCHG.exe C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files\Infineon\Security Platform Software\PSDrt.exe C:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\wuauclt.exe C:\Users\Joshua\Downloads\HijackThis.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [TUSBDCHG.EXE] C:\Program Files\TOSHIBA\TOSDEVL\TUSBDCHG.EXE O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe O4 - HKLM\..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s O4 - HKLM\..\Run: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon O4 - HKLM\..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start O4 - HKLM\..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [iFXSPMGT] "C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe" /NotifyLogon O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: aaaTUSBEDS - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSDEVL\TUSBEDS.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: PACSPTISVR-Sound_Organizer - Sony Corporation - C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware View USB (vmware-view-usbd) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing) O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- End of file - 12417 bytes
- November 23, 2012
- 19 replies
Trying to get rid of cromeupdate.crx trojan permanantly

DeathlyPlacebo replied to DeathlyPlacebo's topic in Resolved Malware Removal Logs

Sorry that took so long. Between work and the holidays I have been very busy. Here is the newest log. The computer has been running fine. ComboFix 12-11-22.03 - Joshua 11/22/2012 23:09:45.2.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1479 [GMT -6:00] Running from: c:\users\Joshua\Desktop\ComboFix.exe Command switches used :: c:\users\Joshua\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\8BF1.tmp c:\users\Joshua\AppData\Local\Temp\1.tmp\F_IN_BOX.dll . . ((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 ))))))))))))))))))))))))))))))) . . 2012-11-23 05:21 . 2012-11-23 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-21 22:36 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08064769-BC79-48D5-A018-200895A522FD}\mpengine.dll 2012-11-20 15:17 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-16 16:05 . 2012-11-16 16:05 -------- d-----w- c:\program files\Common Files\DivX Shared 2012-11-16 16:03 . 2012-11-16 16:06 -------- d-----w- c:\program files\DivX 2012-11-16 16:01 . 2012-11-16 16:01 -------- d-----w- c:\program files\AutoGK 2012-11-16 06:19 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 06:19 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 06:19 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 04:23 . 2012-09-25 21:55 78336 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 04:23 . 2012-10-18 17:57 2344960 ----a-w- c:\windows\system32\win32k.sys 2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-11-13 00:15 . 2012-11-13 00:15 -------- d-----w- c:\users\Joshua\AppData\Local\Macromedia 2012-11-12 23:57 . 2012-11-12 23:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-12 01:45 . 2012-11-12 01:45 -------- d-----w- c:\users\Joshua\AppData\Local\Cockatrice 2012-11-12 01:39 . 2012-11-12 01:39 -------- d-----w- c:\program files\Cockatrice . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-12 23:57 . 2011-06-13 13:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-11 04:52 . 2012-10-11 04:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-11 04:52 . 2012-10-11 04:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-11 04:52 . 2010-10-27 04:40 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-02 20:45 . 2012-10-20 14:13 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F213ACE1-439F-4C3F-8C10-956C6CBD6962}\gapaengine.dll 2012-10-02 20:45 . 2011-08-11 16:12 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-30 00:54 . 2011-06-13 16:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 18:30 . 2012-10-10 13:14 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-31 17:21 . 2012-10-10 13:13 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 03:03 . 2010-10-25 02:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 17:18 . 2012-10-10 13:12 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:18 . 2012-10-10 13:12 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-27 17:03 . 2012-10-27 17:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon] @="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}" [HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}] 2009-09-15 23:36 147888 ----a-w- c:\program files\Toshiba\TFPU\TFPUOverlayIcon.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080] "Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "TUSBDCHG.EXE"="c:\program files\TOSHIBA\TOSDEVL\TUSBDCHG.EXE" [2009-02-16 47480] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512] "TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-06-23 513392] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296] "TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2008-04-02 116040] "TNRotate"="c:\program files\TOSHIBA\TNRotate\TNRotate.exe" [2007-04-25 602112] "TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2009-09-15 784304] "TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2009-09-15 888752] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848] "IFXSPMGT"="c:\program files\Infineon\Security Platform Software\ifxspmgt.exe" [2009-08-04 1107232] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 MpKslb07b6e7a;MpKslb07b6e7a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\MpKslb07b6e7a.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 apf001;apf001;c:\program files\Softnyx\RakionIS\Bin\apf001.sys [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [x] R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x] S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x] S2 aaaTUSBEDS;aaaTUSBEDS;c:\program files\TOSHIBA\TOSDEVL\TUSBEDS.exe [x] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x] S2 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119860771-1682334158-1523215448-1000Core.job - c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 05:29] . 2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119860771-1682334158-1523215448-1000UA.job - c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 05:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\ FF - prefs.js: browser.startup.homepage - hxxp://startpage.com/do/mypage.pl?prf=e014ff91e85fce1f17e0d034117a7903 FF - ExtSQL: 2012-11-15 11:35; {5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}; c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\extensions\{5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}.xpi . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-119860771-1682334158-1523215448-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(520) c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Infineon\Security Platform Software\ifxtcs.exe c:\program files\Infineon\Security Platform Software\IfxPsdSv.exe c:\windows\system32\ThpSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\Toshiba\Power Saver\TosCoSrv.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-11-22 23:32:35 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-23 05:32 ComboFix2.txt 2012-11-16 06:13 . Pre-Run: 49,074,520,064 bytes free Post-Run: 50,853,609,472 bytes free . - - End Of File - - B50F1C1EDAC3B30B3A9D6B90B13DE1A3
- November 23, 2012
- 19 replies
Trying to get rid of cromeupdate.crx trojan permanantly

DeathlyPlacebo replied to DeathlyPlacebo's topic in Resolved Malware Removal Logs

ComboFix 12-11-15.01 - Joshua 11/15/2012 23:58:22.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1953 [GMT -6:00] Running from: c:\users\Joshua\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\users\Joshua\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\users\Joshua\AppData\Roaming\Local c:\users\Joshua\AppData\Roaming\mgexgo.dll c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\pt c:\windows\system32\pt\smartfacevcp.dll.mui c:\windows\system32\pt\ThpProp.exe.mui c:\windows\system32\pt\ThpSrv.exe.mui c:\windows\system32\pt\toscdspd.cpl.mui c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 ))))))))))))))))))))))))))))))) . . 2012-11-16 06:06 . 2012-11-16 06:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-16 04:24 . 2012-11-16 04:24 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\MpKsl6fad2720.sys 2012-11-15 17:35 . 2012-11-15 17:35 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\offreg.dll 2012-11-15 10:10 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\mpengine.dll 2012-11-14 03:33 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-13 00:15 . 2012-11-13 00:15 -------- d-----w- c:\users\Joshua\AppData\Local\Macromedia 2012-11-12 23:57 . 2012-11-12 23:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-12 01:45 . 2012-11-12 01:45 -------- d-----w- c:\users\Joshua\AppData\Local\Cockatrice 2012-11-12 01:39 . 2012-11-12 01:39 -------- d-----w- c:\program files\Cockatrice 2012-10-22 13:26 . 2012-10-22 13:26 -------- d-----w- c:\program files\Free M4a to MP3 Converter 2012-10-20 14:13 . 2012-10-02 20:45 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F213ACE1-439F-4C3F-8C10-956C6CBD6962}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-12 23:57 . 2011-06-13 13:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-11 04:52 . 2012-10-11 04:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-11 04:52 . 2012-10-11 04:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-11 04:52 . 2010-10-27 04:40 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-02 20:45 . 2011-08-11 16:12 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-30 00:54 . 2011-06-13 16:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 18:30 . 2012-10-10 13:14 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-31 17:21 . 2012-10-10 13:13 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 03:03 . 2010-10-25 02:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 17:18 . 2012-10-10 13:12 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:18 . 2012-10-10 13:12 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 17:10 . 2012-10-10 13:14 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 06:59 . 2012-09-23 05:27 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-23 05:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-23 05:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 05:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 05:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-23 05:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-18 11:23 . 2012-10-10 13:14 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-18 11:21 . 2012-10-10 13:14 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-18 11:18 . 2012-10-10 13:14 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-18 11:09 . 2012-10-10 13:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-18 09:07 . 2012-10-10 13:14 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-18 09:07 . 2012-10-10 13:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-18 09:07 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-18 09:07 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-10-27 17:03 . 2012-10-27 17:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon] @="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}" [HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}] 2009-09-15 23:36 147888 ----a-w- c:\program files\Toshiba\TFPU\TFPUOverlayIcon.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080] "Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "TUSBDCHG.EXE"="c:\program files\TOSHIBA\TOSDEVL\TUSBDCHG.EXE" [2009-02-16 47480] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512] "TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-06-23 513392] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296] "TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2008-04-02 116040] "TNRotate"="c:\program files\TOSHIBA\TNRotate\TNRotate.exe" [2007-04-25 602112] "TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2009-09-15 784304] "TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2009-09-15 888752] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848] "IFXSPMGT"="c:\program files\Infineon\Security Platform Software\ifxspmgt.exe" [2009-08-04 1107232] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 MpKslb07b6e7a;MpKslb07b6e7a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\MpKslb07b6e7a.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 apf001;apf001;c:\program files\Softnyx\RakionIS\Bin\apf001.sys [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [x] R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x] S1 MpKsl6fad2720;MpKsl6fad2720;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\MpKsl6fad2720.sys [x] S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x] S2 aaaTUSBEDS;aaaTUSBEDS;c:\program files\TOSHIBA\TOSDEVL\TUSBEDS.exe [x] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x] S2 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119860771-1682334158-1523215448-1000Core.job - c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 05:29] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119860771-1682334158-1523215448-1000UA.job - c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 05:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\ FF - prefs.js: browser.startup.homepage - hxxp://startpage.com/do/mypage.pl?prf=e014ff91e85fce1f17e0d034117a7903 FF - ExtSQL: 2012-11-15 11:35; {5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}; c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\extensions\{5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}.xpi . - - - - ORPHANS REMOVED - - - - . HKCU-Run-uTorrent - c:\users\Joshua\Downloads\utorrent.exe HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe AddRemove-CamStudio - c:\program files\CamStudio\uninstall.exe AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-119860771-1682334158-1523215448-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2944) c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Infineon\Security Platform Software\ifxtcs.exe c:\program files\Infineon\Security Platform Software\IfxPsdSv.exe c:\windows\system32\ThpSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\Toshiba\Power Saver\TosCoSrv.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\windows\system32\sppsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-11-16 00:13:58 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-16 06:13 . Pre-Run: 47,408,590,848 bytes free Post-Run: 52,623,867,904 bytes free . - - End Of File - - 460D075EF9DB71B2CECE4A28F2FDB90D
- November 17, 2012
- 19 replies
Trying to get rid of cromeupdate.crx trojan permanantly

DeathlyPlacebo replied to DeathlyPlacebo's topic in Resolved Malware Removal Logs

Ran ComboFix but there was a problem. After it finished running, I copied the log and was ready to repost it, but it seems to have cleared out of my clipboard and I don't have a save of it. I don't know if there is a way to get the log back, but I will say that running ComboFix didn't seem to be needed. I have had no occurences of the cromeupdate.crx file popping up again since running RogueKiller and in all other facets, the computer seems to be running fine. I will mention that after ComboFix was done, for some reason it had marked processes involved with Firefox for deletion and I couldn't open the browser until I shut down the computer to let some updates install. After I brought it back up again, everything seemed to be running fine and it still does. Thank you for all the help and I am very sorry that I messed up getting that last log. If I need to run it again so that I can get a log from it I can.
- November 16, 2012
- 19 replies
Trying to get rid of cromeupdate.crx trojan permanantly

DeathlyPlacebo replied to DeathlyPlacebo's topic in Resolved Malware Removal Logs

I ran all of the programs that were asked. Computer has run normally the whole time except for the instances where cromeupdate.crx would continue to repopulate. It seems for now that this has stopped after running RogueKiller because it was actually able to stop the .dll that was responsible from running and make it deletable. Here are the logs in order. Results of screen317's Security Check version 0.99.54 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 7 Java 6 Update 6 Java version out of Date! Adobe Flash Player 9 Flash Player out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader X (10.1.4) Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` # AdwCleaner v2.007 - Logfile created 11/15/2012 at 11:33:00 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional (32 bits) # User : Joshua - JOSHUA-PC # Boot Mode : Normal # Running from : C:\Users\Joshua\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Joshua\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Joshua\AppData\LocalLow\Toolbar4 ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com Key Deleted : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\prefs.js Deleted : user_pref("playsushi.position.button", true); ************************* AdwCleaner[s1].txt - [3822 octets] - [15/11/2012 11:33:00] ########## EOF - C:\AdwCleaner[s1].txt - [3882 octets] ########## RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : Joshua [Admin rights] Mode : Scan -- Date : 11/15/2012 11:41:02 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joshua\AppData\Roaming\mgexgo.dll -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : mgexgo ("C:\Windows\System32\rundll32.exe" "C:\Users\Joshua\AppData\Roaming\mgexgo.dll",write_png) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-119860771-1682334158-1523215448-1000[...]\Run : mgexgo ("C:\Windows\System32\rundll32.exe" "C:\Users\Joshua\AppData\Roaming\mgexgo.dll",write_png) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543225L9SA00 +++++ --- User --- [MBR] 9748b865e3c8ea2a23b378ca286da8e3 [bSP] 6c02d29cddccdb74627a8aa8a096c78e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229341 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 472764416 | Size: 7633 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11152012_02d1141.txt >> RKreport[1]_S_11152012_02d1141.txt RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : Joshua [Admin rights] Mode : Remove -- Date : 11/15/2012 11:41:25 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joshua\AppData\Roaming\mgexgo.dll -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : mgexgo ("C:\Windows\System32\rundll32.exe" "C:\Users\Joshua\AppData\Roaming\mgexgo.dll",write_png) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543225L9SA00 +++++ --- User --- [MBR] 9748b865e3c8ea2a23b378ca286da8e3 [bSP] 6c02d29cddccdb74627a8aa8a096c78e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229341 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 472764416 | Size: 7633 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_11152012_02d1141.txt >> RKreport[1]_S_11152012_02d1141.txt ; RKreport[2]_D_11152012_02d1141.txt Thank you for the help once again.
- November 15, 2012
- 19 replies
Trying to get rid of cromeupdate.crx trojan permanantly

DeathlyPlacebo posted a topic in Resolved Malware Removal Logs

So around 1 am tonight as I was just about to go to sleep, Microsoft Security Essentials starts popping up repeatedly telling me it quarenteened some file. After 2 hours of trying to fight to stop this thing from constantly redownloading itself and having run a full scan of Malwarebytes, I finally decided just to turn here and see if someone could help. I've run the dds program and have the logs. Also, just to report everything that I have found out, there were two .dll application extentions in my Roaming file that I could not stop running long enough to delete and if I tried to stop Internet Explorer in the processes menu of the Windows Task Manager (there were three processes running at the same time and I don't ever use IE for my web browser), the process would start back up again immediatly. The .crx will duplicate even disconnected from the internet and Malwarebytes only managed to find and remove one of the .dll extentions but not the other. Without further ado, here are the logs copied and pasted. DDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2 Run by Joshua at 3:46:14 on 2012-11-15 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1663 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Fingerprint Sensor\AtService.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\TOSHIBA\TOSDEVL\TUSBEDS.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe C:\Windows\system32\ThpSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Toshiba\TOSDEVL\TUSBDCHG.exe C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Infineon\Security Platform Software\PSDrt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Windows\system32\conhost.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.toshibadirect.com/dpdstart uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - c:\program files\toshiba\tfpu\TFPUPWDBankBHO.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [uTorrent] "c:\users\joshua\downloads\utorrent.exe" /MINIMIZED uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Google Update] "c:\users\joshua\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [mgexgo] "c:\windows\system32\rundll32.exe" "c:\users\joshua\appdata\roaming\mgexgo.dll",write_png mRun: [TUSBDCHG.EXE] c:\program files\toshiba\tosdevl\TUSBDCHG.EXE mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [TPCHWMsg] c:\program files\toshiba\tphm\TPCHWMsg.exe mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60 mRun: [TOSDCR] c:\program files\toshiba\passwordutility\TOSDCR.exe mRun: [TosAutLk] c:\program files\toshiba\wirelesskeylogon\TosAutLk.exe -s mRun: [TNRotate] c:\program files\toshiba\tnrotate\TNRotate.exe mRun: [ThpSrv] c:\windows\system32\thpsrv /logon mRun: [TFPUService] c:\program files\toshiba\tfpu\TFPUTaskMonitor.exe /start mRun: [TFPUPWDBankService] c:\program files\toshiba\tfpu\TFPUPWDBank.exe /start mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iTSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [iFXSPMGT] "c:\program files\infineon\security platform software\ifxspmgt.exe" /NotifyLogon mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" uPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: DisableCAD = dword:1 IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC}\1455F575966496 : DHCPNameServer = 131.204.41.6 131.204.41.3 131.204.110.12 TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC}\1475164656 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC}\27075673531313 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC}\E4544574541425 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D07E59A2-E0F6-40BE-8B57-2D7E172ADA9C} : DHCPNameServer = 24.177.176.38 71.92.29.130 24.217.201.67 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u wsauth Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\joshua\appdata\roaming\mozilla\firefox\profiles\jtjz0ld4.default\ FF - prefs.js: browser.startup.homepage - hxxp://startpage.com/do/mypage.pl?prf=e014ff91e85fce1f17e0d034117a7903 FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\program files\toshiba\tfpu\firefoxaddin\components\TFPUPWDBankEx.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\users\joshua\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\users\joshua\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\joshua\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-11-15 03:24; {5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}; c:\users\joshua\appdata\roaming\mozilla\firefox\profiles\jtjz0ld4.default\extensions\{5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}.xpi . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120] R1 MpKsl8b1675e0;MpKsl8b1675e0;c:\programdata\microsoft\microsoft antimalware\definition updates\{5fa07ea4-6166-423a-b469-ac39ecfce330}\MpKsl8b1675e0.sys [2012-11-15 29904] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2009-7-19 39712] R2 aaaTUSBEDS;aaaTUSBEDS;c:\program files\toshiba\tosdevl\TUSBEDS.exe [2009-2-16 57720] R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-9-11 1811704] R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272] R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-6-23 636272] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-4-10 671344] R2 vmware-view-usbd;VMware View USB;c:\program files\vmware\vmware view\client\bin\vmware-view-usbd.exe [2012-8-1 2370560] R2 wsnm;VMware View Client;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2012-8-1 474264] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-14 659328] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016] R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728] R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-11-5 54136] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-2 1153368] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\sony\sound organizer\sony.earth\PACSPTISVR.exe [2011-6-23 157544] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-5 1343400] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?] . =============== Created Last 30 ================ . 2012-11-15 07:41:03 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5fa07ea4-6166-423a-b469-ac39ecfce330}\MpKsl8b1675e0.sys 2012-11-15 07:37:56 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5fa07ea4-6166-423a-b469-ac39ecfce330}\offreg.dll 2012-11-15 07:37:46 383488 ----a-w- c:\users\joshua\appdata\roaming\mgexgo.dll 2012-11-15 06:16:35 -------- d-----r- c:\users\joshua\Dropbox 2012-11-14 03:33:17 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5fa07ea4-6166-423a-b469-ac39ecfce330}\mpengine.dll 2012-11-13 00:45:39 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-11-13 00:15:18 -------- d-----w- c:\users\joshua\appdata\local\Macromedia 2012-11-12 23:57:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-12 01:45:13 -------- d-----w- c:\users\joshua\appdata\local\Cockatrice 2012-11-12 01:39:15 -------- d-----w- c:\program files\Cockatrice 2012-10-22 13:26:23 -------- d-----w- c:\program files\Free M4a to MP3 Converter 2012-10-20 14:13:34 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f213ace1-439f-4c3f-8c10-956c6cbd6962}\gapaengine.dll . ==================== Find3M ==================== . 2012-11-12 23:57:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-11 04:52:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-11 04:52:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-11 04:52:09 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 03:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 17:18:33 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:18:33 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 17:10:47 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 3:47:50.62 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 11/4/2010 8:32:39 PM System Uptime: 11/15/2012 3:22:32 AM (0 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz | uFC-PGA Socket | 2261/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 224 GiB total, 58.683 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: TOSHIBA x86 ACPI-Compliant Value Added Logical and General Purpose Device Device ID: ACPI\TOS6208\2&DABA3FF&1 Manufacturer: TOSHIBA Name: TOSHIBA x86 ACPI-Compliant Value Added Logical and General Purpose Device PNP Device ID: ACPI\TOS6208\2&DABA3FF&1 Service: TVALZ . ==== System Restore Points =================== . RP621: 10/16/2012 8:48:06 PM - Windows Update RP622: 10/20/2012 9:11:31 AM - Windows Update RP623: 10/23/2012 11:44:21 PM - Windows Update RP624: 10/27/2012 10:44:08 AM - Windows Update RP625: 10/30/2012 9:57:17 PM - Windows Update RP626: 11/4/2012 8:56:29 AM - Windows Update RP627: 11/8/2012 7:29:05 AM - Windows Update RP628: 11/11/2012 11:23:41 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system 7-Zip 9.20 Acrobat.com Adobe AIR Adobe Flash Player 11 Plugin Adobe Flash Player 9 ActiveX Adobe Reader X (10.1.4) Adobe Shockwave Player 11.5 ALPS Touch Pad Driver Amnesia: The Dark Descent Apple Application Support Apple Mobile Device Support Apple Software Update AuthenTec Fingerprint Software Belkin Setup and Router Monitor Bluetooth Stack for Windows by Toshiba Bonjour Camera Assistant Software for Toshiba CamStudio CCH Small Firm Services (xulRunner) CD/DVD Drive Acoustic Silencer CDisplay 1.8 Cn3D 4.3 Cockatrice File Type Assistant Forsaken World Free M4a to MP3 Converter 7.1 Google Talk Plugin Google Toolbar for Internet Explorer Infineon TPM Professional Package Intel® Graphics Media Accelerator Driver Intel® Network Connections Drivers Intel® Matrix Storage Manager iTunes Java 7 Update 7 Java Auto Updater Java™ 6 Update 6 Killing Floor League of Legends LSI V92 MOH Application Magic: The Gathering - Duels of the Planeswalkers Magic: The Gathering - Duels of the Planeswalkers 2013 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual J# 2.0 Redistributable Package Microsoft XNA Framework Redistributable 4.0 Monday Night Combat Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA PhysX Oblivion OGA Notifier 2.0.0048.0 Picasa 2 Plants vs. Zombies: Game of the Year Poppit To Go Power Consumption Meter Presto! BizCard 5 SE (English Version) Presto! BizCard5 SE Project64 1.6 Psychonauts QuickTime Realtek High Definition Audio Driver Recettear: An Item Shop's Tale RICOH Media Driver ver.2.07.01.00 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 Runespell: Overture Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Skype Toolbars Skype™ 5.10 Sonic Adventure DX Sound Organizer Spybot - Search & Destroy Steam Super Meat Boy System Requirements Lab CYRI Team Fortress 2 Terraria TFPU The Binding of Isaac TOSHIBA 180 Degrees Rotation Utility TOSHIBA Agreement Notification Utility TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Cooling Performance Diagnostic Tool TOSHIBA Desktop Links TOSHIBA Device Access Control V2.5 TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Fingerprint Utility TOSHIBA HDD Protection TOSHIBA PC Health Monitor TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Security Assist TOSHIBA Service Station TOSHIBA Software Modem TOSHIBA Upgrade Assistant TOSHIBA USB Sleep and Charge Utility TOSHIBA Value Added Package TOSHIBA Wireless Key Logon Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VMware View Client Windows Media Player Firefox Plugin World of Goo . ==== Event Viewer Messages From Past Week ======== . 11/9/2012 5:32:11 AM, Error: Service Control Manager [7034] - The TPCH Service service terminated unexpectedly. It has done this 1 time(s). 11/8/2012 9:04:55 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{857579F7-F091-419E-9F4A-D29D004C90CC} because another computer on the network has the same name. The server could not start. 11/8/2012 7:17:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 11/15/2012 3:34:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1999.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 11/15/2012 3:23:01 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 11/14/2012 2:20:37 PM, Error: NetBT [4321] - The name "JOSHUA-PC :0" could not be registered on the interface with IP address 172.17.96.183. The computer with the IP address 131.204.2.6 did not allow the name to be claimed by this computer. 11/14/2012 2:20:30 PM, Error: NetBT [4321] - The name "JOSHUA-PC :0" could not be registered on the interface with IP address 172.17.96.183. The computer with the IP address 131.204.2.7 did not allow the name to be claimed by this computer. 11/14/2012 10:23:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x854b6b60, 0x82f35ae0, 0x85b0dde0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111412-19780-01. 11/13/2012 9:21:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x854b8b60, 0x82f3cae0, 0x85759320). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-17815-01. 11/13/2012 9:04:24 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x854b8b60, 0x82f3aae0, 0x8782ec00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-17503-01. . ==== End Of File =========================== Thanks for any help provided.
- November 15, 2012
- 19 replies

Sign In

DeathlyPlacebo

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by DeathlyPlacebo

Trying to get rid of cromeupdate.crx trojan permanantly

Trying to get rid of cromeupdate.crx trojan permanantly

Trying to get rid of cromeupdate.crx trojan permanantly

Trying to get rid of cromeupdate.crx trojan permanantly

Trying to get rid of cromeupdate.crx trojan permanantly

Trying to get rid of cromeupdate.crx trojan permanantly

Trying to get rid of cromeupdate.crx trojan permanantly

Trying to get rid of cromeupdate.crx trojan permanantly

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information