Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor:Win32/Cycbot.B


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tina&Chuck

Tina&Chuck

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 28 November 2010 - 11:05 AM

The problem started this morning when I started my computer and instead of Windows appearing as usual it was a black screen telling me something about checking my disk and I just clicked enter so it could scan. After it scanned Windows came up as usual but my virus protection kept notifying me of attacks to my computer. The virus protection quarantined this and when I asked it to clean it as requested it did so but then I could not connect to the internet. In order to connect to the internet I have to shut my computer down and start it up again but then the computer receives new attacks and thus the cycle continuously repeats itself. I have followed your instructions for the OTL log pasted the information below. When the OTL log was generated it also created an "EXTRAS" log which is pasted below the OTL log. I also ran the GMER but there were no changes detected. I hope you can help. Thank you in advance. Tina


OTL logfile created on: 11/28/2010 10:09:07 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Williams\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.42 Gb Total Space | 419.10 Gb Free Space | 92.43% Space Free | Partition Type: NTFS

Computer Name: WILLIAMS-PC | User Name: Williams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 09:56:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Williams\Downloads\OTL.exe
PRC - [2010/11/28 00:02:39 | 000,130,048 | ---- | M] () -- C:\Users\Williams\AppData\Local\Temp\dwm.exe
PRC - [2010/11/28 00:02:27 | 000,139,776 | ---- | M] () -- C:\Users\Williams\AppData\Roaming\Microsoft\Windows\shell.exe
PRC - [2010/11/28 00:02:17 | 000,122,880 | ---- | M] () -- C:\Users\Williams\AppData\Roaming\Microsoft\svchost.exe
PRC - [2010/11/28 00:02:17 | 000,122,880 | ---- | M] () -- C:\Users\Williams\AppData\Roaming\Microsoft\svchost.exe
PRC - [2010/11/28 00:02:17 | 000,122,880 | ---- | M] () -- C:\Users\Williams\AppData\Roaming\Microsoft\svchost.exe
PRC - [2010/11/14 14:55:21 | 001,286,960 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/11/14 14:55:19 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/11/14 14:55:10 | 000,827,272 | ---- | M] (Webroot Software Inc) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRFrame.exe
PRC - [2010/11/01 16:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/09/22 13:41:30 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/07/22 19:58:05 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/24 03:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/12/25 17:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/04/25 19:31:40 | 000,524,288 | ---- | M] (Radica) -- C:\Program Files (x86)\Radica\Stylin' Studio\SS_MW.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 09:56:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Williams\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/06 16:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 11:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/14 14:55:19 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/17 14:49:12 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/06/17 14:49:10 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/04/28 13:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/15 12:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 11:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/12 16:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 11:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/02 17:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSND&bmod=TSND
IE - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSND&bmod=TSND
IE - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370



O1 HOSTS File: ([2010/11/23 11:48:33 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SS_MW] C:\Program Files (x86)\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001..\Run: [svchost] C:\Users\Williams\AppData\Roaming\Microsoft\svchost.exe ()
O4 - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
F3:64bit: - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001 WinNT: Load - (C:\Users\Williams\AppData\Local\Temp\dwm.exe) - C:\Users\Williams\AppData\Local\Temp\dwm.exe ()
F3 - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001 WinNT: Load - (C:\Users\Williams\AppData\Local\Temp\dwm.exe) - C:\Users\Williams\AppData\Local\Temp\dwm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001 Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1854826079-2378539275-1985821389-1001 Winlogon: Shell - (C:\Users\Williams\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Williams\AppData\Roaming\Microsoft\Windows\shell.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 22:41:24 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Diagnostics
[2010/11/26 08:53:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/26 08:16:40 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\Windows Live Writer
[2010/11/26 08:16:40 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Windows Live Writer
[2010/11/24 08:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/11/20 15:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Radica
[2010/11/19 15:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/11/19 14:43:29 | 000,000,000 | ---D | C] -- C:\windows\en
[2010/11/19 14:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/19 14:07:27 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/11/19 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\Williams\Documents\Chuck
[2010/11/19 08:30:55 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2010/11/19 08:30:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2010/11/18 19:46:42 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Windows Live
[2010/11/18 09:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/11/17 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Williams\Documents\Recipes
[2010/11/17 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\SoftGrid Client
[2010/11/17 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\SoftGrid Client
[2010/11/17 20:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/11/17 20:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/17 20:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2010/11/17 20:06:03 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\TP
[2010/11/17 08:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/11/14 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\TOSHIBA_Corporation
[2010/11/14 21:34:41 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Best Buy pc app
[2010/11/14 21:17:01 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Adobe
[2010/11/14 15:10:22 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\Google
[2010/11/14 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\Toshiba
[2010/11/14 14:56:45 | 000,136,224 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\windows\SysNative\drivers\ssidrv.sys
[2010/11/14 14:56:45 | 000,055,360 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\windows\SysNative\drivers\ssfmonm.sys
[2010/11/14 14:55:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E15A1CA7-D908-4C28-ADCF-C23723A9D28D}
[2010/11/14 14:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/11/14 14:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/11/14 14:53:24 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\PackageAware
[2010/11/14 14:51:08 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\Macromedia
[2010/11/14 14:51:08 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\Adobe
[2010/11/14 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Google
[2010/11/14 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\ATI
[2010/11/14 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\ATI
[2010/11/14 14:50:03 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Apps
[2010/11/14 14:50:02 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Deployment
[2010/11/14 14:49:23 | 000,000,000 | R--D | C] -- C:\Users\Williams\Searches
[2010/11/14 14:49:23 | 000,000,000 | -H-D | C] -- C:\Users\Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/14 14:49:12 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\Identities
[2010/11/14 14:49:09 | 000,000,000 | R--D | C] -- C:\Users\Williams\Contacts
[2010/11/14 14:49:08 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\VirtualStore
[2010/11/14 14:48:13 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\WinBatch
[2010/11/14 14:47:42 | 000,000,000 | --SD | C] -- C:\Users\Williams\AppData\Roaming\Microsoft
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\Videos
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\Saved Games
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\Pictures
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\Music
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\Links
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\Favorites
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\Downloads
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\My Documents
[2010/11/14 14:47:42 | 000,000,000 | R--D | C] -- C:\Users\Williams\Desktop
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\AppData\Local\Temporary Internet Files
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Templates
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Start Menu
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\SendTo
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Recent
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\PrintHood
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\NetHood
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Documents\My Videos
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Documents\My Pictures
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Documents\My Music
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\My Documents
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Local Settings
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\AppData\Local\History
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Cookies
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\Application Data
[2010/11/14 14:47:42 | 000,000,000 | -HSD | C] -- C:\Users\Williams\AppData\Local\Application Data
[2010/11/14 14:47:42 | 000,000,000 | -H-D | C] -- C:\Users\Williams\AppData
[2010/11/14 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Temp
[2010/11/14 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Local\Microsoft
[2010/11/14 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Williams\AppData\Roaming\Media Center Programs
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/28 10:03:07 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/28 09:53:12 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 09:53:12 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 09:45:37 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/28 09:45:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/28 09:45:20 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/28 08:28:42 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010/11/27 20:06:34 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/11/27 20:06:34 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/11/27 20:06:34 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/11/27 19:55:27 | 000,007,814 | ---- | M] () -- C:\Users\Williams\Desktop\155482_1523827931946_1122034214_31217344_5874532_s.jpg
[2010/11/26 08:12:43 | 000,274,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/11/18 19:43:20 | 000,731,106 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/14 15:10:20 | 000,001,452 | ---- | M] () -- C:\Users\Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/14 14:55:28 | 000,002,298 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/11/14 14:50:28 | 000,000,398 | ---- | M] () -- C:\Users\Williams\Desktop\pc app.appref-ms
[2010/11/14 14:48:45 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2010/11/14 13:43:09 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2010/11/14 13:43:09 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 08:28:42 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010/11/27 19:55:34 | 000,007,814 | ---- | C] () -- C:\Users\Williams\Desktop\155482_1523827931946_1122034214_31217344_5874532_s.jpg
[2010/11/17 20:07:05 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/14 15:10:20 | 000,001,452 | ---- | C] () -- C:\Users\Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/14 14:56:47 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2010/11/14 14:56:47 | 000,019,576 | ---- | C] () -- C:\windows\SysNative\SsiEfr.exe
[2010/11/14 14:55:28 | 000,002,298 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/11/14 14:50:29 | 000,000,398 | ---- | C] () -- C:\Users\Williams\Desktop\pc app.appref-ms
[2010/11/14 14:48:45 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2010/11/14 14:47:42 | 000,000,290 | ---- | C] () -- C:\Users\Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/14 14:47:42 | 000,000,272 | ---- | C] () -- C:\Users\Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2010/11/28 00:07:54 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\SoftGrid Client
[2010/11/14 20:15:56 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Toshiba
[2010/11/17 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\TP
[2010/11/14 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\WinBatch
[2010/11/26 08:16:40 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Windows Live Writer
[2009/07/14 00:08:49 | 000,007,396 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/22 13:41:42 | 000,030,424 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\wrLZMA.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/07/23 11:45:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/11/28 08:28:42 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010/11/28 09:45:20 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/28 09:45:20 | 4022,005,760 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >


OTL Extras logfile created on: 11/28/2010 10:09:07 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Williams\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.42 Gb Total Space | 419.10 Gb Free Space | 92.43% Space Free | Partition Type: NTFS

Computer Name: WILLIAMS-PC | User Name: Williams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1854826079-2378539275-1985821389-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE3DFCA2-6F42-509D-555C-68A923314062}" = ATI Catalyst Install Manager
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Stylin' Studio_is1" = Stylin' Studio v1.0
"Webroot Software" = Webroot Software
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1854826079-2378539275-1985821389-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2010 3:47:29 PM | Computer Name = Williams-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1533
Description = Windows cannot delete the profile directory C:\Users\Administrator.
This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.

Error - 11/14/2010 10:35:37 PM | Computer Name = Williams-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 11/15/2010 9:56:34 PM | Computer Name = Williams-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 11/16/2010 10:48:47 PM | Computer Name = Williams-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/17/2010 10:49:44 PM | Computer Name = Williams-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/18/2010 8:39:16 PM | Computer Name = Williams-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 11/18/2010 10:20:51 PM | Computer Name = Williams-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/19/2010 2:07:50 PM | Computer Name = Williams-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 11/25/2010 11:58:30 PM | Computer Name = Williams-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/26/2010 9:54:12 AM | Computer Name = Williams-PC | Source = MsiInstaller | ID = 11406
Description =

[ System Events ]
Error - 11/18/2010 9:48:47 AM | Computer Name = Williams-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 11/18/2010 7:53:27 PM | Computer Name = Williams-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 11/18/2010 8:39:27 PM | Computer Name = Williams-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2005 Service Pack
1 Redistributable Package (KB973923).

Error - 11/25/2010 9:48:38 AM | Computer Name = Williams-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Schedule service.


< End of report >

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:45 AM

Posted 05 December 2010 - 05:29 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

cXfZ4wS.png


#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 AM

Posted 15 December 2010 - 02:12 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users