TechSpot

[Closed] System Check Malware / Windows Security Malware

By LiveFreeOrDie
Jan 3, 2012
  1. My laptop has been infected by the “system check” malware described on other threads in this forum. After following Julio's instructions to another user, things were looking pretty good; however, upon connecting to the internet to post the logs, another (perhaps related) malware seemed to take root.

    This second variant mimicked the windows security center, advising me to “upgrade to a full version of vista security” in order to get rid of supposed trojans. At this point both IE and Firefox were subjected to redirection, so I disconnected from the internet and ran the whole process a second time. The logs below date from this point.

    It may not be relevant to the issue, but an additional problem is that program shortcuts and icons no longer function properly: to get a program to run I now have to right-click and select “start” in order to get them moving.

    I appreciate any and all assistance and thank you all in advance!

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.02.06

    Windows Vista x86 NTFS
    Internet Explorer 7.0.6000.17037
    Owner :: OWNER-PC [administrator]

    1/3/2012 12:16:25 PM
    mbam-log-2012-01-03 (12-16-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 168941
    Time elapsed: 9 minute(s), 19 second(s)

    Memory Processes Detected: 1
    C:\Windows\System32\config\systemprofile\AppData\Local\pdj.exe (Trojan.ExeShell.Gen) -> 3744 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "%1" %* -> Delete on reboot.

    Registry Data Items Detected: 4
    HKCR\.exe| (PUM.HijackExefiles) -> Bad: (6f) Good: (exefile) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\config\systemprofile\AppData\Local\pdj.exe (Trojan.ExeShell.Gen) -> Delete on reboot.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-03 12:33:16
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2035GSS rev.DK020M
    Running: Gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwlcapow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_26
    Run by Owner at 15:39:03 on 2012-01-03
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.897 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Toshiba\IVP\ISM\pinger.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.toshibadirect.com/dpdstart
    uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = proxy.zfn.uni-bremen.de:3128
    BHO: MRI_DISABLED - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - c:\program files\crossriderwebapps\Crossrider.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [TOSCDSPD] TOSCDSPD.EXE
    uRun: [njdckcbr] c:\programdata\njdckcbr\nahurkne.exe
    uRun: [MDMpLZwqgX] c:\programdata\jazebuxu\bqnglwrk.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
    uRun: [CrossRiderPlugin] c:\program files\crossriderwebapps\Crossrider.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    dPolicies-explorer: HideSCAHealth = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/30.59/uploader2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{0642EFCB-8E53-40C6-82BB-3788A1190ACD} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\gli3tzql.default\
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\real player alternative\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\real player alternative\browser\plugins\nprpjplug.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-7-4 11608]
    R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Planer;c:\program files\avira\antivir personaledition classic\sched.exe [2008-7-4 68865]
    R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-7-4 151297]
    R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-9-21 93960]
    R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-7-4 52056]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-9-18 252416]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
    .
    =============== File Associations ===============
    .
    .exe=6J
    .
    =============== Created Last 30 ================
    .
    2012-01-03 00:16:24 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2012-01-03 00:16:06 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-03 00:16:05 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-30 14:15:08 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{973fb051-cbc9-403b-bb89-bfd20112ce86}\mpengine.dll
    2011-12-21 16:39:32 -------- d-----w- c:\users\owner\appdata\local\Apps
    .
    ==================== Find3M ====================
    .
    2011-12-06 17:49:25 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-30 14:05:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 15:40:17.87 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/18/2007 7:21:45 PM
    System Uptime: 1/3/2012 1:05:39 PM (2 hours ago)
    .
    Motherboard: ATI | | SB600
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 185 GiB total, 76.413 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP835: 12/13/2011 9:48:56 PM - Scheduled Checkpoint
    RP836: 12/14/2011 10:47:04 PM - Scheduled Checkpoint
    RP837: 12/16/2011 1:14:18 PM - Windows Update
    RP838: 12/17/2011 3:01:15 AM - Windows Update
    RP839: 12/20/2011 11:05:32 AM - Windows Update
    RP840: 12/23/2011 8:00:29 AM - Windows Update
    RP841: 12/28/2011 2:18:59 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    AAC Decoder
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.3.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    ArcSoft Panorama Maker 3
    Ask Toolbar
    ATI Catalyst Install Manager
    AutoUpdate
    Avi2Dvd 0.4.5 beta
    Avira AntiVir Personal - Free Antivirus
    AviSynth 2.5
    BitTorrent
    Bluetooth Monitor 3
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Crossrider Web Apps
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    Drivers Install For Linksys Easylink Advisor
    Dropbox
    DVD MovieFactory for TOSHIBA
    ElsterFormular 2007/2008
    ElsterFormular 2008/2009
    EPSON-Drucker-Software
    Facebook Plug-In
    Google Toolbar for Internet Explorer
    H.264 Decoder
    Hi-Speed USB-USB Network Cable
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 26
    Linksys EasyLink Advisor 1.6 (0032)
    Logitech Vid
    Logitech Webcam Software
    Malwarebytes Anti-Malware version 1.60.0.1800
    ManyCam 2.4 (remove only)
    Medieval II Total War
    Medieval II Total War : Kingdoms : Americas
    Medieval II Total War : Kingdoms : Britannia
    Medieval II Total War : Kingdoms : Crusades
    Medieval II Total War : Kingdoms : Teutonic
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Close Combat III
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Works
    Microsoft XML Parser
    MKV Splitter
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 5.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nikon FotoShare
    Nikon Message Center
    OpenOffice.org 2.3
    PCLinq2 High-Speed USB Bridge Cable
    Picasa 3
    PictureProject
    QuickBooks Financial Center
    QuickTime
    Real Alternative 1.8.0 Lite
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    REALTEK RTL8187B Wireless LAN Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB954156)
    Shockwave
    Shogun - Total War - Gold Edition
    Sid Meier's Civilization 4 Gold
    SimCity 2000® Windows® 95 Interactive Demo
    Skins
    Skype Click to Call
    Skype™ 5.5
    Slingbox Platform SDK 1.2.5.15
    SlingPlayer
    Synaptics Pointing Device Driver
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Hardware Setup
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.762
    VLC media player 1.1.4
    WeFi 3.6.4.4
    Winbond CIR Device Drivers
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinPcap 4.1.2
    WinRAR archiver
    Xfire (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/30/2011 6:48:41 PM, Error: EventLog [6008] - The previous system shutdown at 6:45:43 PM on 12/30/2011 was unexpected.
    12/30/2011 12:48:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
    12/28/2011 11:26:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    12/27/2011 3:47:53 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
    12/27/2011 1:37:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.198 for the Network Card with network address 00164479D4BF has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    1/3/2012 9:51:19 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    1/3/2012 9:48:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    1/2/2012 4:27:44 PM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/FakeSysdef&threatid=155638 Scan ID: {31CBC149-2FC3-476F-8C1E-19E315FE0EAA} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:Win32/FakeSysdef ID: 155638 Severity ID: 5 Category ID: 8 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
    1/2/2012 3:34:37 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 3:31:20 PM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18446744073709551615
    1/2/2012 3:30:54 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
    1/2/2012 3:30:54 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.
    1/2/2012 3:30:52 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Do NOT double post.
    Topic closed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...