Sorry for the delay, I didn't expect your reply so quickly. Will check more frequently from now on.
Still in safe mode with networking.
Here are the results from OTM and OTL
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Sigler\AppData\Roaming\024D0571518543E685983F04E70EBC1D folder moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Sigler\Downloads\cmd.bat deleted successfully.
C:\Users\Sigler\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sigler\Downloads\cmd.bat deleted successfully.
C:\Users\Sigler\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Sigler
->Temp folder emptied: 3984786 bytes
->Temporary Internet Files folder emptied: 12131056 bytes
->Java cache emptied: 497652 bytes
->FireFox cache emptied: 63932963 bytes
->Flash cache emptied: 15866144 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1900437 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36053336 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 18833 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 128.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.
OTM by OldTimer - Version 3.1.17.2 log created on 03302011_091052
OTL logfile created on: 3/30/2011 9:20:12 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sigler\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 123.47 Gb Free Space | 66.80% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 1.31 Gb Free Space | 89.47% Space Free | Partition Type: NTFS
Computer Name: SIGLER-PC | User Name: Sigler | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/03/30 09:19:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sigler\Downloads\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/03/30 09:19:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sigler\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/19 22:39:16 | 000,062,264 | ---- | M] (Duality Software) [Auto | Stopped] -- C:\Program Files\DS Clock\dsetime.exe -- (DSClockSyncTime)
SRV - [2009/02/15 13:49:00 | 002,794,234 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
========== Driver Services (SafeList) ==========
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 09:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 18:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://my.yahoo.com/?_bc=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {C2C21D52-34A0-4525-AA2E-8855308D98F1}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 09:33:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/03/24 08:22:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C2C21D52-34A0-4525-AA2E-8855308D98F1}: C:\Windows\system32\config\systemprofile\AppData\Local\{C2C21D52-34A0-4525-AA2E-8855308D98F1}\ [2011/03/27 11:50:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 11:32:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 11:32:19 | 000,000,000 | ---D | M]
[2008/08/26 09:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sigler\AppData\Roaming\Mozilla\Extensions
[2011/03/29 16:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sigler\AppData\Roaming\Mozilla\Firefox\Profiles\tyvy4m5s.default\extensions
[2011/03/12 08:46:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Sigler\AppData\Roaming\Mozilla\Firefox\Profiles\tyvy4m5s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/27 11:23:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sigler\AppData\Roaming\Mozilla\Firefox\Profiles\tyvy4m5s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/29 16:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 14:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/28 09:33:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/03/24 08:22:18 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/03/27 11:50:13 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{C2C21D52-34A0-4525-AA2E-8855308D98F1}
[2010/12/20 14:16:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: ([2011/03/30 09:11:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764}
http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.202 213.109.73.173 1.1.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/30 09:10:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/29 16:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/27 11:50:32 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2011/03/26 07:41:49 | 000,000,000 | ---D | C] -- C:\Users\Sigler\AppData\Roaming\OfferBox
[2011/03/23 11:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/23 08:11:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 08:11:31 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/09 14:09:21 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 14:09:21 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 14:09:21 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 14:09:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2010/11/19 15:31:38 | 000,331,776 | ---- | C] ( ) -- C:\Windows\System32\Interop.WMPLib.DLL
[2010/11/19 15:31:38 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2010/11/19 15:31:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\Interop.QTOLibrary.dll
[2010/11/19 15:31:38 | 000,032,768 | ---- | C] ( ) -- C:\Windows\System32\Interop.ShockwaveFlashObjects.dll
[2010/11/19 15:31:38 | 000,032,768 | ---- | C] ( ) -- C:\Windows\System32\Interop.QTOControlLib.dll
========== Files - Modified Within 30 Days ==========
[2011/03/30 09:18:28 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/30 09:18:28 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/30 09:14:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/30 09:13:58 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/03/30 09:12:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 09:11:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/29 16:28:59 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\dcmdm.sys
[2011/03/27 19:51:24 | 000,000,680 | ---- | M] () -- C:\Users\Sigler\AppData\Local\d3d9caps.dat
[2011/03/27 19:33:10 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38D996EC-733E-4E0E-9F5C-490D93A144AB}.job
[2011/03/27 19:32:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/27 19:32:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/27 19:31:53 | 110,105,053 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/27 19:28:32 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/27 11:56:38 | 000,000,885 | ---- | M] () -- C:\Users\Sigler\Desktop\Windows Media Player.lnk
[2011/03/27 11:49:12 | 000,007,223 | ---- | M] () -- C:\Windows\Sigler8.xlb
[2011/03/27 09:56:57 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2011/03/26 16:34:46 | 000,001,516 | -HS- | M] () -- C:\ProgramData\yrrcy352tp0qhx4l04375347
[2011/03/05 11:16:13 | 000,000,715 | ---- | M] () -- C:\Users\Sigler\Desktop\CCleaner.lnk
[2011/03/01 14:48:31 | 000,430,185 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110325-111042.backup
========== Files Created - No Company Name ==========
[2011/03/29 16:28:59 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\dcmdm.sys
[2011/03/27 19:46:38 | 000,000,680 | ---- | C] () -- C:\Users\Sigler\AppData\Local\d3d9caps.dat
[2011/03/27 19:33:01 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/03/27 11:56:38 | 000,000,885 | ---- | C] () -- C:\Users\Sigler\Desktop\Windows Media Player.lnk
[2011/03/27 09:56:06 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{38D996EC-733E-4E0E-9F5C-490D93A144AB}.job
[2011/03/26 16:34:46 | 000,001,516 | -HS- | C] () -- C:\ProgramData\yrrcy352tp0qhx4l04375347
[2011/03/05 11:16:13 | 000,000,715 | ---- | C] () -- C:\Users\Sigler\Desktop\CCleaner.lnk
[2010/12/22 16:40:24 | 000,009,528 | ---- | C] () -- C:\Windows\System32\OxigenServiceContracts.dll
[2010/11/29 23:30:56 | 000,007,168 | ---- | C] () -- C:\Windows\System32\OxigenCompiledRegexes.dll
[2010/11/19 15:31:38 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AxInterop.WMPLib.dll
[2010/11/19 15:31:38 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AxInterop.ShockwaveFlashObjects.dll
[2010/11/19 15:31:38 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AxInterop.QTOControlLib.dll
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/06/21 10:04:36 | 000,024,227 | ---- | C] () -- C:\Users\Sigler\AppData\Roaming\UserTile.png
[2009/05/27 12:58:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/27 12:58:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/04 15:03:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/04 14:53:28 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2009/05/04 14:53:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2009/04/24 08:24:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/07/23 07:42:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/08 12:53:51 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/07/08 12:53:51 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/30 11:55:32 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2008/05/03 08:26:31 | 000,001,708 | ---- | C] () -- C:\Windows\mozver.dat
[2008/05/01 16:05:18 | 000,030,720 | ---- | C] () -- C:\Users\Sigler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/30 10:33:26 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/04/30 09:31:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/29 05:56:34 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/04/29 05:56:34 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/04/12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/12 07:30:20 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/03/28 19:41:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/03/11 05:37:06 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/03/11 05:37:05 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/03/11 05:37:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/03/11 05:37:05 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/03/05 01:18:02 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.EXE
[2008/02/14 14:28:07 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/13 18:16:15 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/10/08 17:21:46 | 000,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/09/13 17:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 17:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 17:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 17:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,411,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 3/30/2011 9:20:12 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sigler\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 123.47 Gb Free Space | 66.80% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 1.31 Gb Free Space | 89.47% Space Free | Partition Type: NTFS
Computer Name: SIGLER-PC | User Name: Sigler | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2732826977-1390623016-2335831479-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B4BDF7-7BA3-445F-96A1-EEED24A3FE45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17147F03-A454-4802-A2B1-9E5FD3934898}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A6BDC8F-7990-477F-A648-41C50C5F44CC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3441873A-DD29-4FB5-8FBA-132B5838BBDF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{36A0D187-A60E-4F23-9A06-013139230ACD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4ED12807-EB5A-499F-840F-47B07F63F08A}" = lport=139 | protocol=6 | dir=in | app=system |
"{4EE42C8C-272F-4221-B36D-9357356D757E}" = rport=445 | protocol=6 | dir=out | app=system |
"{4FDA1A39-D5AB-40B5-B486-326F28B335F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5F4BF441-3F54-44FC-B5D5-A16B2901024F}" = rport=138 | protocol=17 | dir=out | app=system |
"{7BD7251F-170B-44A7-BB76-E15E1A3F33B3}" = lport=445 | protocol=6 | dir=in | app=system |
"{7BE1C090-A7A1-4BBE-9721-7179239F8265}" = rport=139 | protocol=6 | dir=out | app=system |
"{84689B61-FBEF-4F7E-99FD-789D1BEC9E43}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C0B2F5B-9229-4B71-A71D-001BFE9126DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{A2749FCF-14B6-4BC4-94C0-8302579A883B}" = lport=137 | protocol=17 | dir=in | app=system |
"{A707933A-D511-4FBF-A801-38805AEFDC4D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E7236ED8-0FB4-4611-B550-DB11D0CB3190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EAE546D7-0836-419B-A785-B4BD48E46C47}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EB497035-F80C-4C58-9156-55113BE1F1D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0529E176-3EB5-482C-A0BA-9F1F73E8AC75}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{0CCA9015-CD00-46FA-AAAA-00A6A920C84A}" = protocol=6 | dir=in | app=c:\program files\celeris\virtual pool 3 dl\vp3.exe |
"{23CFF59D-1807-4B55-8341-6339822438B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{38585355-3C13-4674-A991-BE905FA5510F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{41B41384-08E1-4485-A984-F88BF57E4647}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50C636E9-3CD5-46E6-94BE-00F04A796E6A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5C420753-640D-4112-843C-EE0FB59D6C7F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A6608E3C-D88F-4EAC-9681-65FDB5D789C1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{BF632AA4-BBA4-4057-808D-96BA191C3929}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DC7A9DD5-A6FB-4317-AF8F-8C2D2C8DFBFE}" = protocol=17 | dir=in | app=c:\program files\celeris\virtual pool 3 dl\vp3.exe |
"{E3CE989D-B2A7-4473-BAE0-76768C2A58D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E42C3C3B-AF85-4B24-BA2D-0CBBBD1BE9BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EFAB284C-7A4A-40F2-A968-A2848DDB67F5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{F023B19A-70ED-4E8E-87DA-8E07C024F116}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2736D97-D72A-432C-BDDE-0B2F57CBE53B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F746A888-0D3A-472E-9F33-1C970ADA408D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F94E7E88-504A-459A-97C6-4613E9702DBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FCE6D84B-8ABF-4D7B-B26C-ECC89C1C7227}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{21973093-607E-4D87-825F-8EC3E1A121D5}C:\program files\microsoft games\links 2001\linksmmi.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\links 2001\linksmmi.exe |
"TCP Query User{3DA7C9B5-44EB-434E-A916-ACA1B5E14EDA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4574E6AF-F4D0-4020-9FF2-2E21E10CEBFC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{53195138-049F-4B44-8AAF-1AAB1CD90974}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7F0B6014-3A54-45E3-BF90-1819C178C9B8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{821EBC7B-18C1-49CD-840C-CA3C40F64F75}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{833D70F8-DB90-4387-9F63-831800228194}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8753ED85-9371-4128-B9B4-4A9B5EFC1D6E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{958989A1-760A-4DFD-9B05-BA6924D2F08E}C:\program files\microsoft games\links 2001\linksmmi.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\links 2001\linksmmi.exe |
"TCP Query User{95A7EF4E-43C4-414D-AE5D-88F8AE254837}C:\users\sigler\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sigler\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{A98428D8-A360-45FC-BE03-32E9B9309F13}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BEF4E5B4-6132-45F3-9584-4B40715E083D}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe |
"TCP Query User{BFC79F7B-3B1D-4CC0-A9FB-928C1042C62B}C:\users\sigler\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\sigler\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{0FA43648-5FC8-435A-BD87-5282B7F099AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1DF2E6F5-C328-40BC-88B7-35901D3177CC}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe |
"UDP Query User{277B6E4B-F9D7-4827-B87C-420D76FD077D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4DB4ADD6-E3A8-4E8C-8E32-5838E8D8F8D6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{72B5FE42-6422-48A6-BED2-C09206303C5B}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{82A98ACB-3116-484D-BC79-2BBA7636112A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8EFC8AF2-1436-416C-A3E8-DE6F6A63F204}C:\users\sigler\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sigler\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{9622A0A7-84FE-45ED-800C-CDA83AE75950}C:\program files\microsoft games\links 2001\linksmmi.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\links 2001\linksmmi.exe |
"UDP Query User{B82EC779-8DB4-4916-BA70-D843ADA7B2E6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C8AB3B57-19B4-41C6-82ED-302CBB013AF4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E4A4DD59-87F0-42D6-98AE-8E66547345BB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F3FA20EE-9869-491E-9962-F4BFB0443580}C:\users\sigler\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\sigler\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{FA91523C-87C2-47BD-A993-4795CBFEDA91}C:\program files\microsoft games\links 2001\linksmmi.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\links 2001\linksmmi.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05AB04BD-B62E-4A98-9DA0-9650699CAF8E}" = Oxigen
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9413C04B-F66A-48F6-8276-0D0ACF0E41B7}" = MSA20XX Device Manager
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2011
"CCleaner" = CCleaner
"ChampSpades" = Championship Spades All-Stars 7.40
"DS Clock_is1" = DS Clock
"EditPad Lite" = Just Great Software EditPad Lite 6.4.1
"FileHippo.com" = FileHippo.com Update Checker
"Filzip 3.0.6.93_is1" = Filzip 3.06
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Links 2001 2.0" = Microsoft Links 2001
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Office8.0" = Microsoft Office 97, Professional Edition
"PopMan-CH-Software_is1" = PopMan 1.3
"ProInst" = Intel® PROSet/Wireless Software
"Quake2UninstallKey" = Quake II
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
Back to top
One or more of the identified infections is a backdoor trojan and password stealer.
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as
button.
icon on your desktop.
area. Do not include the word "Code".
button.
line here in your next reply.
icon on your desktop.
button.
textbox.
.
