[Trying to get rid of cromeupdate.crx trojan permanantly]

The reset seems to have worked. I tried a few test searches and haven't been redirected since I reset Firefox. I will keep attempting a few more just to be sure.

[Trying to get rid of cromeupdate.crx trojan permanantly]

I have only been using Firefox for my browser. I tried disabling certain plugins just in case one of them was corrupted but I can't tell if it has worked. The redirection hasn't happened today but last night it was going on.

[Trying to get rid of cromeupdate.crx trojan permanantly]

Here are the logs, in the order you asked for. No problems with doing this part although before I uninstalled Java I was still getting redirected during searches. Hopefully it won't happen again.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.23.02

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Joshua :: JOSHUA-PC [administrator]

11/23/2012 12:39:27 AM

mbam-log-2012-11-23 (00-39-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 204400

Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:54:31 AM, on 11/23/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Toshiba\TOSDEVL\TUSBDCHG.exe

C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe

C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files\Infineon\Security Platform Software\PSDrt.exe

C:\Program Files\Infineon\Security Platform Software\SpTna.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Joshua\Downloads\HijackThis.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [TUSBDCHG.EXE] C:\Program Files\TOSHIBA\TOSDEVL\TUSBDCHG.EXE

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe

O4 - HKLM\..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s

O4 - HKLM\..\Run: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe

O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon

O4 - HKLM\..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start

O4 - HKLM\..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [iFXSPMGT] "C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe" /NotifyLogon

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: aaaTUSBEDS - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSDEVL\TUSBEDS.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: PACSPTISVR-Sound_Organizer - Sony Corporation - C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware View USB (vmware-view-usbd) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe

O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

--

End of file - 12417 bytes

[Trying to get rid of cromeupdate.crx trojan permanantly]

Sorry that took so long. Between work and the holidays I have been very busy. Here is the newest log. The computer has been running fine.

ComboFix 12-11-22.03 - Joshua 11/22/2012 23:09:45.2.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1479 [GMT -6:00]

Running from: c:\users\Joshua\Desktop\ComboFix.exe

Command switches used :: c:\users\Joshua\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\8BF1.tmp

c:\users\Joshua\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))

.

.

2012-11-23 05:21 . 2012-11-23 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-21 22:36 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08064769-BC79-48D5-A018-200895A522FD}\mpengine.dll

2012-11-20 15:17 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-16 16:05 . 2012-11-16 16:05 -------- d-----w- c:\program files\Common Files\DivX Shared

2012-11-16 16:03 . 2012-11-16 16:06 -------- d-----w- c:\program files\DivX

2012-11-16 16:01 . 2012-11-16 16:01 -------- d-----w- c:\program files\AutoGK

2012-11-16 06:19 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 06:19 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 06:19 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 04:23 . 2012-09-25 21:55 78336 ----a-w- c:\windows\system32\synceng.dll

2012-11-16 04:23 . 2012-10-18 17:57 2344960 ----a-w- c:\windows\system32\win32k.sys

2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2012-11-13 00:15 . 2012-11-13 00:15 -------- d-----w- c:\users\Joshua\AppData\Local\Macromedia

2012-11-12 23:57 . 2012-11-12 23:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-12 01:45 . 2012-11-12 01:45 -------- d-----w- c:\users\Joshua\AppData\Local\Cockatrice

2012-11-12 01:39 . 2012-11-12 01:39 -------- d-----w- c:\program files\Cockatrice

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-12 23:57 . 2011-06-13 13:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-11 04:52 . 2012-10-11 04:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-11 04:52 . 2012-10-11 04:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-11 04:52 . 2010-10-27 04:40 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-02 20:45 . 2012-10-20 14:13 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F213ACE1-439F-4C3F-8C10-956C6CBD6962}\gapaengine.dll

2012-10-02 20:45 . 2011-08-11 16:12 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-30 00:54 . 2011-06-13 16:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 18:30 . 2012-10-10 13:14 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-31 17:21 . 2012-10-10 13:13 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 03:03 . 2010-10-25 02:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 17:18 . 2012-10-10 13:12 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-30 17:18 . 2012-10-10 13:12 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-27 17:03 . 2012-10-27 17:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]

@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"

[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]

2009-09-15 23:36 147888 ----a-w- c:\program files\Toshiba\TFPU\TFPUOverlayIcon.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"TUSBDCHG.EXE"="c:\program files\TOSHIBA\TOSDEVL\TUSBDCHG.EXE" [2009-02-16 47480]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]

"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-06-23 513392]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2008-04-02 116040]

"TNRotate"="c:\program files\TOSHIBA\TNRotate\TNRotate.exe" [2007-04-25 602112]

"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2009-09-15 784304]

"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2009-09-15 888752]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]

"IFXSPMGT"="c:\program files\Infineon\Security Platform Software\ifxspmgt.exe" [2009-08-04 1107232]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKslb07b6e7a;MpKslb07b6e7a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\MpKslb07b6e7a.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 apf001;apf001;c:\program files\Softnyx\RakionIS\Bin\apf001.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [x]

R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]

S2 aaaTUSBEDS;aaaTUSBEDS;c:\program files\TOSHIBA\TOSDEVL\TUSBEDS.exe [x]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]

S2 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x]

S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119860771-1682334158-1523215448-1000Core.job

- c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 05:29]

.

2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119860771-1682334158-1523215448-1000UA.job

- c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 05:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\

FF - prefs.js: browser.startup.homepage - hxxp://startpage.com/do/mypage.pl?prf=e014ff91e85fce1f17e0d034117a7903

FF - ExtSQL: 2012-11-15 11:35; {5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}; c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\extensions\{5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}.xpi

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-119860771-1682334158-1523215448-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(520)

c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Infineon\Security Platform Software\ifxtcs.exe

c:\program files\Infineon\Security Platform Software\IfxPsdSv.exe

c:\windows\system32\ThpSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Toshiba\Power Saver\TosCoSrv.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-11-22 23:32:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-23 05:32

ComboFix2.txt 2012-11-16 06:13

.

Pre-Run: 49,074,520,064 bytes free

Post-Run: 50,853,609,472 bytes free

.

- - End Of File - - B50F1C1EDAC3B30B3A9D6B90B13DE1A3

[Trying to get rid of cromeupdate.crx trojan permanantly]

ComboFix 12-11-15.01 - Joshua 11/15/2012 23:58:22.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1953 [GMT -6:00]

Running from: c:\users\Joshua\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\Roaming

c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini

c:\users\Joshua\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

c:\users\Joshua\AppData\Roaming\Local

c:\users\Joshua\AppData\Roaming\mgexgo.dll

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\pt

c:\windows\system32\pt\smartfacevcp.dll.mui

c:\windows\system32\pt\ThpProp.exe.mui

c:\windows\system32\pt\ThpSrv.exe.mui

c:\windows\system32\pt\toscdspd.cpl.mui

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))

.

.

2012-11-16 06:06 . 2012-11-16 06:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-16 04:24 . 2012-11-16 04:24 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\MpKsl6fad2720.sys

2012-11-15 17:35 . 2012-11-15 17:35 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\offreg.dll

2012-11-15 10:10 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\mpengine.dll

2012-11-14 03:33 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-13 00:15 . 2012-11-13 00:15 -------- d-----w- c:\users\Joshua\AppData\Local\Macromedia

2012-11-12 23:57 . 2012-11-12 23:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-12 01:45 . 2012-11-12 01:45 -------- d-----w- c:\users\Joshua\AppData\Local\Cockatrice

2012-11-12 01:39 . 2012-11-12 01:39 -------- d-----w- c:\program files\Cockatrice

2012-10-22 13:26 . 2012-10-22 13:26 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2012-10-20 14:13 . 2012-10-02 20:45 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F213ACE1-439F-4C3F-8C10-956C6CBD6962}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-12 23:57 . 2011-06-13 13:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-11 04:52 . 2012-10-11 04:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-11 04:52 . 2012-10-11 04:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-11 04:52 . 2010-10-27 04:40 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-02 20:45 . 2011-08-11 16:12 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-30 00:54 . 2011-06-13 16:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 18:30 . 2012-10-10 13:14 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-31 17:21 . 2012-10-10 13:13 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-31 03:03 . 2010-10-25 02:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 17:18 . 2012-10-10 13:12 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-30 17:18 . 2012-10-10 13:12 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 17:10 . 2012-10-10 13:14 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59 . 2012-09-23 05:27 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-23 05:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-23 05:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 05:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 05:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-23 05:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-18 11:23 . 2012-10-10 13:14 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-18 11:21 . 2012-10-10 13:14 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-18 11:18 . 2012-10-10 13:14 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-18 11:09 . 2012-10-10 13:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-18 11:09 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-18 09:07 . 2012-10-10 13:14 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-18 09:07 . 2012-10-10 13:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-18 09:07 . 2012-10-10 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-18 09:07 . 2012-10-10 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-10-27 17:03 . 2012-10-27 17:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]

@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"

[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]

2009-09-15 23:36 147888 ----a-w- c:\program files\Toshiba\TFPU\TFPUOverlayIcon.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"TUSBDCHG.EXE"="c:\program files\TOSHIBA\TOSDEVL\TUSBDCHG.EXE" [2009-02-16 47480]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]

"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-06-23 513392]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2008-04-02 116040]

"TNRotate"="c:\program files\TOSHIBA\TNRotate\TNRotate.exe" [2007-04-25 602112]

"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2009-09-15 784304]

"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2009-09-15 888752]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]

"IFXSPMGT"="c:\program files\Infineon\Security Platform Software\ifxspmgt.exe" [2009-08-04 1107232]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKslb07b6e7a;MpKslb07b6e7a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\MpKslb07b6e7a.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 apf001;apf001;c:\program files\Softnyx\RakionIS\Bin\apf001.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [x]

R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S1 MpKsl6fad2720;MpKsl6fad2720;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0310B-4456-4647-9B2E-4F96B93F8D33}\MpKsl6fad2720.sys [x]

S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]

S2 aaaTUSBEDS;aaaTUSBEDS;c:\program files\TOSHIBA\TOSDEVL\TUSBEDS.exe [x]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]

S2 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x]

S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119860771-1682334158-1523215448-1000Core.job

- c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 05:29]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119860771-1682334158-1523215448-1000UA.job

- c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 05:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\

FF - prefs.js: browser.startup.homepage - hxxp://startpage.com/do/mypage.pl?prf=e014ff91e85fce1f17e0d034117a7903

FF - ExtSQL: 2012-11-15 11:35; {5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}; c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\extensions\{5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-uTorrent - c:\users\Joshua\Downloads\utorrent.exe

HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe

AddRemove-CamStudio - c:\program files\CamStudio\uninstall.exe

AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-119860771-1682334158-1523215448-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2944)

c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Infineon\Security Platform Software\ifxtcs.exe

c:\program files\Infineon\Security Platform Software\IfxPsdSv.exe

c:\windows\system32\ThpSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Toshiba\Power Saver\TosCoSrv.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\windows\system32\sppsvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-11-16 00:13:58 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-16 06:13

.

Pre-Run: 47,408,590,848 bytes free

Post-Run: 52,623,867,904 bytes free

.

- - End Of File - - 460D075EF9DB71B2CECE4A28F2FDB90D

[Trying to get rid of cromeupdate.crx trojan permanantly]

Ran ComboFix but there was a problem. After it finished running, I copied the log and was ready to repost it, but it seems to have cleared out of my clipboard and I don't have a save of it. I don't know if there is a way to get the log back, but I will say that running ComboFix didn't seem to be needed. I have had no occurences of the cromeupdate.crx file popping up again since running RogueKiller and in all other facets, the computer seems to be running fine. I will mention that after ComboFix was done, for some reason it had marked processes involved with Firefox for deletion and I couldn't open the browser until I shut down the computer to let some updates install. After I brought it back up again, everything seemed to be running fine and it still does. Thank you for all the help and I am very sorry that I messed up getting that last log. If I need to run it again so that I can get a log from it I can.

[Trying to get rid of cromeupdate.crx trojan permanantly]

I ran all of the programs that were asked. Computer has run normally the whole time except for the instances where cromeupdate.crx would continue to repopulate. It seems for now that this has stopped after running RogueKiller because it was actually able to stop the .dll that was responsible from running and make it deletable. Here are the logs in order.

Results of screen317's Security Check version 0.99.54

Windows 7 x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7 Update 7

Java 6 Update 6

Java version out of Date!

Adobe Flash Player 9 Flash Player out of Date!

Adobe Flash Player 11.5.502.110

Adobe Reader X (10.1.4)

Mozilla Firefox (16.0.2)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

# AdwCleaner v2.007 - Logfile created 11/15/2012 at 11:33:00

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Professional (32 bits)

# User : Joshua - JOSHUA-PC

# Boot Mode : Normal

# Running from : C:\Users\Joshua\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Joshua\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Joshua\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Deleted : HKLM\SOFTWARE\Software

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\jtjz0ld4.default\prefs.js

Deleted : user_pref("playsushi.position.button", true);

*************************

AdwCleaner[s1].txt - [3822 octets] - [15/11/2012 11:33:00]

########## EOF - C:\AdwCleaner[s1].txt - [3882 octets] ##########

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Joshua [Admin rights]

Mode : Scan -- Date : 11/15/2012 11:41:02

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joshua\AppData\Roaming\mgexgo.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : mgexgo ("C:\Windows\System32\rundll32.exe" "C:\Users\Joshua\AppData\Roaming\mgexgo.dll",write_png) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-119860771-1682334158-1523215448-1000[...]\Run : mgexgo ("C:\Windows\System32\rundll32.exe" "C:\Users\Joshua\AppData\Roaming\mgexgo.dll",write_png) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9SA00 +++++

--- User ---

[MBR] 9748b865e3c8ea2a23b378ca286da8e3

[bSP] 6c02d29cddccdb74627a8aa8a096c78e : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229341 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 472764416 | Size: 7633 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11152012_02d1141.txt >>

RKreport[1]_S_11152012_02d1141.txt

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Joshua [Admin rights]

Mode : Remove -- Date : 11/15/2012 11:41:25

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joshua\AppData\Roaming\mgexgo.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : mgexgo ("C:\Windows\System32\rundll32.exe" "C:\Users\Joshua\AppData\Roaming\mgexgo.dll",write_png) -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9SA00 +++++

--- User ---

[MBR] 9748b865e3c8ea2a23b378ca286da8e3

[bSP] 6c02d29cddccdb74627a8aa8a096c78e : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229341 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 472764416 | Size: 7633 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_11152012_02d1141.txt >>

RKreport[1]_S_11152012_02d1141.txt ; RKreport[2]_D_11152012_02d1141.txt

Thank you for the help once again.

[Trying to get rid of cromeupdate.crx trojan permanantly]

So around 1 am tonight as I was just about to go to sleep, Microsoft Security Essentials starts popping up repeatedly telling me it quarenteened some file. After 2 hours of trying to fight to stop this thing from constantly redownloading itself and having run a full scan of Malwarebytes, I finally decided just to turn here and see if someone could help. I've run the dds program and have the logs. Also, just to report everything that I have found out, there were two .dll application extentions in my Roaming file that I could not stop running long enough to delete and if I tried to stop Internet Explorer in the processes menu of the Windows Task Manager (there were three processes running at the same time and I don't ever use IE for my web browser), the process would start back up again immediatly. The .crx will duplicate even disconnected from the internet and Malwarebytes only managed to find and remove one of the .dll extentions but not the other. Without further ado, here are the logs copied and pasted.

DDS (Ver_2012-11-07.01) - NTFS_x86

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2

Run by Joshua at 3:46:14 on 2012-11-15

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1663 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Fingerprint Sensor\AtService.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\TOSHIBA\TOSDEVL\TUSBEDS.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe

C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe

C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe

C:\Windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Toshiba\TOSDEVL\TUSBDCHG.exe

C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe

C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Infineon\Security Platform Software\PSDrt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Infineon\Security Platform Software\SpTna.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Windows\system32\conhost.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.toshibadirect.com/dpdstart

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - c:\program files\toshiba\tfpu\TFPUPWDBankBHO.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [uTorrent] "c:\users\joshua\downloads\utorrent.exe" /MINIMIZED

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Google Update] "c:\users\joshua\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [mgexgo] "c:\windows\system32\rundll32.exe" "c:\users\joshua\appdata\roaming\mgexgo.dll",write_png

mRun: [TUSBDCHG.EXE] c:\program files\toshiba\tosdevl\TUSBDCHG.EXE

mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE

mRun: [TPCHWMsg] c:\program files\toshiba\tphm\TPCHWMsg.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TOSDCR] c:\program files\toshiba\passwordutility\TOSDCR.exe

mRun: [TosAutLk] c:\program files\toshiba\wirelesskeylogon\TosAutLk.exe -s

mRun: [TNRotate] c:\program files\toshiba\tnrotate\TNRotate.exe

mRun: [ThpSrv] c:\windows\system32\thpsrv /logon

mRun: [TFPUService] c:\program files\toshiba\tfpu\TFPUTaskMonitor.exe /start

mRun: [TFPUPWDBankService] c:\program files\toshiba\tfpu\TFPUPWDBank.exe /start

mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iTSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [iFXSPMGT] "c:\program files\infineon\security platform software\ifxspmgt.exe" /NotifyLogon

mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe

mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: DisableCAD = dword:1

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC}\1455F575966496 : DHCPNameServer = 131.204.41.6 131.204.41.3 131.204.110.12

TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC}\1475164656 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC}\27075673531313 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{857579F7-F091-419E-9F4A-D29D004C90CC}\E4544574541425 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D07E59A2-E0F6-40BE-8B57-2D7E172ADA9C} : DHCPNameServer = 24.177.176.38 71.92.29.130 24.217.201.67

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u wsauth

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\joshua\appdata\roaming\mozilla\firefox\profiles\jtjz0ld4.default\

FF - prefs.js: browser.startup.homepage - hxxp://startpage.com/do/mypage.pl?prf=e014ff91e85fce1f17e0d034117a7903

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\program files\toshiba\tfpu\firefoxaddin\components\TFPUPWDBankEx.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\users\joshua\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\users\joshua\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\joshua\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2012-11-15 03:24; {5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}; c:\users\joshua\appdata\roaming\mozilla\firefox\profiles\jtjz0ld4.default\extensions\{5a2d2a5a-2ef7-11e2-8271-b8ac6f996f26}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]

R1 MpKsl8b1675e0;MpKsl8b1675e0;c:\programdata\microsoft\microsoft antimalware\definition updates\{5fa07ea4-6166-423a-b469-ac39ecfce330}\MpKsl8b1675e0.sys [2012-11-15 29904]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2009-7-19 39712]

R2 aaaTUSBEDS;aaaTUSBEDS;c:\program files\toshiba\tosdevl\TUSBEDS.exe [2009-2-16 57720]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-9-11 1811704]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]

R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-6-23 636272]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-4-10 671344]

R2 vmware-view-usbd;VMware View USB;c:\program files\vmware\vmware view\client\bin\vmware-view-usbd.exe [2012-8-1 2370560]

R2 wsnm;VMware View Client;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2012-8-1 474264]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-14 659328]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-11-5 54136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-2 1153368]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\sony\sound organizer\sony.earth\PACSPTISVR.exe [2011-6-23 157544]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-5 1343400]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]

.

=============== Created Last 30 ================

.

2012-11-15 07:41:03 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5fa07ea4-6166-423a-b469-ac39ecfce330}\MpKsl8b1675e0.sys

2012-11-15 07:37:56 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5fa07ea4-6166-423a-b469-ac39ecfce330}\offreg.dll

2012-11-15 07:37:46 383488 ----a-w- c:\users\joshua\appdata\roaming\mgexgo.dll

2012-11-15 06:16:35 -------- d-----r- c:\users\joshua\Dropbox

2012-11-14 03:33:17 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5fa07ea4-6166-423a-b469-ac39ecfce330}\mpengine.dll

2012-11-13 00:45:39 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-11-13 00:15:18 -------- d-----w- c:\users\joshua\appdata\local\Macromedia

2012-11-12 23:57:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-12 01:45:13 -------- d-----w- c:\users\joshua\appdata\local\Cockatrice

2012-11-12 01:39:15 -------- d-----w- c:\program files\Cockatrice

2012-10-22 13:26:23 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2012-10-20 14:13:34 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f213ace1-439f-4c3f-8c10-956c6cbd6962}\gapaengine.dll

.

==================== Find3M ====================

.

2012-11-12 23:57:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-11 04:52:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-11 04:52:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-11 04:52:09 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-31 03:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-30 17:18:33 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-30 17:18:33 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 17:10:47 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 3:47:50.62 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/4/2010 8:32:39 PM

System Uptime: 11/15/2012 3:22:32 AM (0 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz | uFC-PGA Socket | 2261/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 224 GiB total, 58.683 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: TOSHIBA x86 ACPI-Compliant Value Added Logical and General Purpose Device

Device ID: ACPI\TOS6208\2&DABA3FF&1

Manufacturer: TOSHIBA

Name: TOSHIBA x86 ACPI-Compliant Value Added Logical and General Purpose Device

PNP Device ID: ACPI\TOS6208\2&DABA3FF&1

Service: TVALZ

.

==== System Restore Points ===================

.

RP621: 10/16/2012 8:48:06 PM - Windows Update

RP622: 10/20/2012 9:11:31 AM - Windows Update

RP623: 10/23/2012 11:44:21 PM - Windows Update

RP624: 10/27/2012 10:44:08 AM - Windows Update

RP625: 10/30/2012 9:57:17 PM - Windows Update

RP626: 11/4/2012 8:56:29 AM - Windows Update

RP627: 11/8/2012 7:29:05 AM - Windows Update

RP628: 11/11/2012 11:23:41 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

7-Zip 9.20

Acrobat.com

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Player 9 ActiveX

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

ALPS Touch Pad Driver

Amnesia: The Dark Descent

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AuthenTec Fingerprint Software

Belkin Setup and Router Monitor

Bluetooth Stack for Windows by Toshiba

Bonjour

Camera Assistant Software for Toshiba

CamStudio

CCH Small Firm Services (xulRunner)

CD/DVD Drive Acoustic Silencer

CDisplay 1.8

Cn3D 4.3

Cockatrice

File Type Assistant

Forsaken World

Free M4a to MP3 Converter 7.1

Google Talk Plugin

Google Toolbar for Internet Explorer

Infineon TPM Professional Package

Intel® Graphics Media Accelerator Driver

Intel® Network Connections Drivers

Intel® Matrix Storage Manager

iTunes

Java 7 Update 7

Java Auto Updater

Java™ 6 Update 6

Killing Floor

League of Legends

LSI V92 MOH Application

Magic: The Gathering - Duels of the Planeswalkers

Magic: The Gathering - Duels of the Planeswalkers 2013

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual J# 2.0 Redistributable Package

Microsoft XNA Framework Redistributable 4.0

Monday Night Combat

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA PhysX

Oblivion

OGA Notifier 2.0.0048.0

Picasa 2

Plants vs. Zombies: Game of the Year

Poppit To Go

Power Consumption Meter

Presto! BizCard 5 SE (English Version)

Presto! BizCard5 SE

Project64 1.6

Psychonauts

QuickTime

Realtek High Definition Audio Driver

Recettear: An Item Shop's Tale

RICOH Media Driver ver.2.07.01.00

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05

Runespell: Overture

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype Toolbars

Skype™ 5.10

Sonic Adventure DX

Sound Organizer

Spybot - Search & Destroy

Steam

Super Meat Boy

System Requirements Lab CYRI

Team Fortress 2

Terraria

TFPU

The Binding of Isaac

TOSHIBA 180 Degrees Rotation Utility

TOSHIBA Agreement Notification Utility

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Cooling Performance Diagnostic Tool

TOSHIBA Desktop Links

TOSHIBA Device Access Control V2.5

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Fingerprint Utility

TOSHIBA HDD Protection

TOSHIBA PC Health Monitor

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Security Assist

TOSHIBA Service Station

TOSHIBA Software Modem

TOSHIBA Upgrade Assistant

TOSHIBA USB Sleep and Charge Utility

TOSHIBA Value Added Package

TOSHIBA Wireless Key Logon

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VMware View Client

Windows Media Player Firefox Plugin

World of Goo

.

==== Event Viewer Messages From Past Week ========

.

11/9/2012 5:32:11 AM, Error: Service Control Manager [7034] - The TPCH Service service terminated unexpectedly. It has done this 1 time(s).

11/8/2012 9:04:55 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{857579F7-F091-419E-9F4A-D29D004C90CC} because another computer on the network has the same name. The server could not start.

11/8/2012 7:17:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

11/15/2012 3:34:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1999.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/15/2012 3:23:01 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

11/14/2012 2:20:37 PM, Error: NetBT [4321] - The name "JOSHUA-PC :0" could not be registered on the interface with IP address 172.17.96.183. The computer with the IP address 131.204.2.6 did not allow the name to be claimed by this computer.

11/14/2012 2:20:30 PM, Error: NetBT [4321] - The name "JOSHUA-PC :0" could not be registered on the interface with IP address 172.17.96.183. The computer with the IP address 131.204.2.7 did not allow the name to be claimed by this computer.

11/14/2012 10:23:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x854b6b60, 0x82f35ae0, 0x85b0dde0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111412-19780-01.

11/13/2012 9:21:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x854b8b60, 0x82f3cae0, 0x85759320). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-17815-01.

11/13/2012 9:04:24 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x854b8b60, 0x82f3aae0, 0x8782ec00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-17503-01.

.

==== End Of File ===========================

Thanks for any help provided.