Inactive AVG detecting Trojan Horse Crypt.AQLW and Win32/Sirefef.ER

OTL logfile created on: 4/3/2012 6:03:01 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = E:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 645.47 Mb Available Physical Memory | 67.39% Memory free
2.12 Gb Paging File | 1.95 Gb Available in Paging File | 91.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 40.78 Gb Free Space | 18.31% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.45 Gb Free Space | 64.53% Space Free | Partition Type: NTFS
Drive E: | 477.50 Mb Total Space | 362.68 Mb Free Space | 75.95% Space Free | Partition Type: FAT

Computer Name: SETH-PC | User Name: Seth | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/25 23:19:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psadd.dll -- (zpjobq)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dvd_2K.dll -- (YahooAUService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVXBAR.dll -- (WUSB54GPV4SRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdsrv.dll -- (wudfpf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tdimsys.dll -- (WNCPKT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gameenum.dll -- (websensecamreportserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\v124.dll -- (wdica)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rfcomm.dll -- (wampmysqld)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfmodnt.dll -- (WacomVKHid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ibmfilter.dll -- (w800obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amdk7.dll -- (w550mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HabuFltr.dll -- (vzfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JRAID.dll -- (VRFIL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SNMP.dll -- (viairda)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wg4n.dll -- (vc5secs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mfeavfk.dll -- (vaiomediaplatform-integratedserver-appserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVVI500A.dll -- (usbvm321)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pgpserv.dll -- (USB28xxOEM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217bus.dll -- (ups)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avp.dll -- (UMPass)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sandboxu.dll -- (UDFReadr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DNE.dll -- (tpkd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AppnApi.dll -- (tapvpn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websenseusagemonitor.dll -- (tappsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WINIO.dll -- (symidsco)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vulfnths.dll -- (stylexphelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nfmservice.dll -- (stunnel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthmodem.dll -- (StreamDispatcher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pptchpad.dll -- (StarOpen)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vwkernel.dll -- (stacsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tpsrv.dll -- (ssisvr32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w39n51.dll -- (sp_rssrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rapapp.dll -- (smservaz)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IOSLINK.dll -- (sfvfs02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ip6fw.dll -- (sfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA_CMIDI.dll -- (ser2pl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125obex.dll -- (se59obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agpcpq.dll -- (SE2Emdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrsii1s.dll -- (SE2Cobex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wampmysqld.dll -- (sdhelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmkbd.dll -- (scsiaccess)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\unrealircd.dll -- (s716mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netdde.dll -- (s217unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vds.dll -- (rwbackupsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaagp.dll -- (rtl8023)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\screadspool.dll -- (roxwatch)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mqdmserd.dll -- (RDID1027)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MREMP50a64.dll -- (rchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DS1410D.dll -- (qbposdbextservices)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RESMGR.dll -- (Pnp680r)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800mgmt.dll -- (pmshellsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Dunic.dll -- (pml)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotshim.dll -- (pdlndldl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mup.dll -- (pcx1nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sgectl.dll -- (p3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rtport.dll -- (ovepstatusengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scsiaccess.dll -- (oraclewebassistant)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdfsfltr.dll -- (oracle_load_balancer_60_client-forms6ip9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\swmsflt.dll -- (opcenum)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\autocomplete.dll -- (ooclevercacheagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Jukebox.dll -- (NWDHCP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emu10k.dll -- (nv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmap.dll -- (NSNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mctaskmanager.dll -- (nsm1bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\networkx.dll -- (nocashio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlndsdl.dll -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217mdfl.dll -- (nlsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dot4ufd.dll -- (netrcacm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvtpktfilter.dll -- (netcfgsvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cam5603C.dll -- (naveng)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iSMBIOS.dll -- (mxssvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotagent.dll -- (mwsejcap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SNMP.dll -- (ms_mpu401)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p3.dll -- (mnmsrvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pcatip.dll -- (mgabg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tomcatcws3.dll -- (Memctl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\61883.dll -- (meiudf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_pat_f.dll -- (mcupdmgr.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wusb54gv2svc.dll -- (mcdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\elbycdfl.dll -- (lxrsge10s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpcache.dll -- (LRMINIPORT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USA49W2KP.dll -- (LMouKE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sgectl.dll -- (kmixer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaudfam.dll -- (jsdaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_prt_f.dll -- (ithsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\phnxvcdservice.dll -- (ipsecmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smartwiservice.dll -- (IOSLINK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVPrcMon.dll -- (imapiservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SilverLink.dll -- (ihcservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SNTIE.dll -- (ialm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Hotkey.dll -- (hsxhwazl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tdtcp.dll -- (hf30service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dhcp.dll -- (HECI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CXAVXBAR.dll -- (GVCplDrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbsermptxp.dll -- (GTWModem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxce_device.dll -- (govsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservaz.dll -- (freepops)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\genregistrar.dll -- (fetnd5bv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVerBDA.dll -- (fcdabus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fax.dll -- (dot4scan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvslock.dll -- (DivisCTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USR1806V.dll -- (defragfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IJPLMSVC.dll -- (DC21x4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvidesm.dll -- (CTMFLT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mbr.dll -- (CTHWIUT.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmactmon.dll -- (clientservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mail2ec.dll -- (clcapsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aclient.dll -- (Cam5607)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XilinxPC4Driver.dll -- (beatjamupnpmusicserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LC7981.dll -- (backuplauncher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tnidriver.dll -- (avsvcmonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMSvc.dll -- (ativraxx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SaiH040B.dll -- (atalk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pimsgss.dll -- (arp1394)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vulfnths.dll -- (ahcix86s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LMS.dll -- (actser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvcap.dll -- (acermemusagecheckservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTEDSPIO.DLL.dll -- (aamqdispatcher)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVBulk.sys -- (LVBulk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Seth\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/01/12 15:54:10 | 000,004,096 | -H-- | M] () [Kernel | On_Demand | Unknown] -- * -- (.avgmfx86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/21 09:58:27 | 000,273,408 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006/12/08 00:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2002/06/10 14:24:38 | 000,220,079 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV551AV.sys -- (PID_0900_V) Logitech ClickSmart 310(PID_0900_V)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google Powered Search"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {D59DCDAC-71D9-463E-B380-641D9AFB835D}:1.9.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Seth\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 13:17:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 15:12:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Seth\AppData\Roaming\Move Networks [2010/02/05 19:40:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D59DCDAC-71D9-463E-B380-641D9AFB835D}: C:\Users\Seth\AppData\Local\{D59DCDAC-71D9-463E-B380-641D9AFB835D} [2011/03/21 11:54:27 | 000,000,000 | ---D | M]

[2009/01/03 15:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seth\AppData\Roaming\Mozilla\Extensions
[2012/02/24 15:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\dj5cfblo.default\extensions
[2010/03/09 23:44:52 | 000,000,903 | ---- | M] () -- C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\dj5cfblo.default\searchplugins\conduit.xml
[2012/02/24 15:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 13:17:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/24 15:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 15:12:46 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/03 17:58:43 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QCDriverInstaller] C:\Program Files\Common Files\Logitech\QCDriver2\Lqdsw.exe (Logitech Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Seth\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 18:10:36 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/20 00:10:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/19 22:55:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/19 22:55:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/19 22:55:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/19 22:55:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/19 22:55:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/19 01:15:32 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Seth\Desktop\boot_cleaner.exe
[2012/03/16 22:40:44 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Seth\Desktop\TDSSKiller.exe
[2012/03/15 23:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/15 23:21:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2012/04/03 17:59:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/03 17:58:43 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/03 02:45:33 | 000,008,160 | ---- | M] () -- C:\Users\Seth\AppData\Local\d3d9caps.dat
[2012/03/21 18:06:26 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 18:06:26 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 18:05:30 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/21 18:05:30 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/19 01:09:55 | 000,000,512 | ---- | M] () -- C:\Users\Seth\Desktop\MBR.dat
[2012/03/16 23:19:28 | 000,110,592 | ---- | M] () -- C:\Users\Seth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/15 23:21:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 03:27:58 | 000,458,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Seth\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2012/03/19 22:55:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/19 22:55:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/19 22:55:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/19 22:55:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/19 22:55:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/19 01:09:55 | 000,000,512 | ---- | C] () -- C:\Users\Seth\Desktop\MBR.dat
[2012/03/15 23:21:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/06/15 16:29:36 | 000,273,408 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2010/04/20 16:30:09 | 000,000,073 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2010/04/10 19:38:03 | 000,000,036 | ---- | C] () -- C:\Users\Seth\AppData\Local\housecall.guid.cache

========== LOP Check ==========

[2007/03/04 22:19:24 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\acccore
[2007/05/05 17:00:58 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\Aim
[2012/01/26 09:38:04 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\AVG
[2012/01/12 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\Azureus
[2007/11/03 02:29:20 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\LimeWire
[2009/03/05 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\Template
[2011/08/29 22:15:14 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\uTorrent
[2010/03/25 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\WeatherBug
[2012/03/19 22:16:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Seth\Desktop\05 **** the sex pistols.mp3:Roxio EMC Stream

< End of report >
 
��All processes killed

========== OTL ==========

Service rbwf stopped successfully!

Service rbwf deleted successfully!

File System32\drivers\bvrxw.sys not found.

HKU\S-1-5-21-3546607895-3969959173-1281184750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3546607895-3969959173-1281184750-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AIM deleted successfully.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\Windows\Downloaded Program Files\erma.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_USERS\S-1-5-21-3546607895-3969959173-1281184750-1001_Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-3546607895-3969959173-1281184750-1001_Classes\exefile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

C:\Windows\System32\dds_trash_log.cmd moved successfully.

C:\Users\Seth\AppData\Local\r8537qm0460jm6l5j877535gxvvwd0mis6im15 moved successfully.

C:\ProgramData\r8537qm0460jm6l5j877535gxvvwd0mis6im15 moved successfully.

C:\Users\Seth\AppData\Local\lm65ublp7en3114qy8742yp3jj0ca6e4 moved successfully.

C:\ProgramData\lm65ublp7en3114qy8742yp3jj0ca6e4 moved successfully.

C:\Users\Seth\AppData\Local\pibvaa1n8vql8uvj0yaj6x170d0a moved successfully.

C:\ProgramData\pibvaa1n8vql8uvj0yaj6x170d0a moved successfully.

C:\Users\Seth\AppData\Local\i6jf67y2pq2kbw moved successfully.

C:\ProgramData\i6jf67y2pq2kbw moved successfully.

C:\Users\Seth\AppData\Local\s46818j8p3gi8c5tpls8164006cc2f3ohoum moved successfully.

C:\ProgramData\s46818j8p3gi8c5tpls8164006cc2f3ohoum moved successfully.

C:\Users\Seth\AppData\Local\Lnoluruwokuq.dat moved successfully.

C:\Users\Seth\AppData\Local\Lkufubas.bin moved successfully.

C:\ProgramData\~35184392r moved successfully.

C:\ProgramData\~35184392 moved successfully.

C:\ProgramData\35184392 moved successfully.

C:\Users\Seth\AppData\Local\Xe8v moved successfully.

C:\ProgramData\Xe8v moved successfully.

ADS C:\Users\Seth\Documents\My Google Gadgets:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Documents\filelib:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Documents\Downloads:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Documents\download:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Documents\AIMLogger:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\You're Living All Over Me:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\We Were Dead Before The Ship Even Sank:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Tonight We're Gonna Give It 35%.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\The Misfits - Horror Hotel.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\The Disco Before The Breakdown.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\The Blueprint Sessions:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\suckage.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\sewers1.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\seths docs:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Seth and Brant:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\screamsdemo2k8 songwithbeat.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\satanic cats making the dogs bark.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\postmarked.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\pe song one.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\outline.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\nostalgia's got me thinking (long) without keys.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\nostalgia.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\None More Black:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\NoFx - 7 Inch of the Month Club.up by zeroboy[Pho��nixboard]:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Night of the wolf brant vox 2222.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\MOV03228.mpg:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Misfits - Horror hotel.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Merchandise (Originally By Fugazi).mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\meh braskis.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\meandseth=)))).jpg:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\meandseth.jpg:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Mastered Black hearted girl.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\madonna - like a virgin.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Mad Caddies - Drinking For 11.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Live - Japanese Radio 6_21_01:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Leviathan:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Kid Dynamite:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\hardcore!2.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\hardcore!.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Four Cornered Night:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Fallow:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\DSCF0245.JPG:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\DSCF0235.JPG:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\DSCF0216.JPG:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Death From Above 1979:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\danzig.m3u:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Danzig - Sistinas [Live].mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Danzig - Mother [Live].mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Danzig - Going Down to Die.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Clipboard01.jpg:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Cipher:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Capsule - Blue:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\canislupus-jtp-front-r02.gif:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\canislupus-jtp-front-r01.gif:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\bvsidea.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Beginning In An Ending.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Apathy And Exhaustion:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\Age Of Winters:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\64 OnGuard - It's Like Blaming Cupcakes.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\14 The Right Side.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\13 Dogs in Handbags and the People Who Put Them There.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\123abc.jpg:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\1-21 Circa 1762 (Peel Session 1).m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\11 Do You Want To Know A Secret.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\09 Drum Solo.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\08-joey_cape_and_tony_sly-violins-fnt.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\08 Good Day Sunshine.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\07 Want.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\07 Please Don't Die In The Ice!.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\06 Je Me Consumme.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\05 Mr. Misery Demo.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\05 IScrapbook.mp3:Roxio EMC Stream deleted successfully.

Unable to delete ADS C:\Users\Seth\Desktop\05 **** the sex pistols.mp3:Roxio EMC Stream .

ADS C:\Users\Seth\Desktop\05 Everything In Moderation (Especia.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\04 Singin' In The Rain.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\04 Genuine Malaise and Misery.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\04 Burning Up the Headphones.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\03 Traffic Is A Global Word.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\03 Track 03.wav:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\03 Stout-Hearted Man.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\03 Benders.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\03 A Hand To Take Hold Of The Scene.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\02 Uptight.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\02 The Reds.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\02 The Metro.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\02 Peace on Mars Cause You Ain't Gon.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\02 Everything I Ever Wanted To Know About Genocide I Learned In The Third Grade.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\02 Dear Catastrope Waitress.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\02 A Little Luxury.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\01 True Blue.wav:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\01 Translocation.wav:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\01 The World May Never Know.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\01 Step Into My Office, Baby.m4a:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\01 Lupe's Fault.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\01 Dance On.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\01 Blood Is Thin.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\01 - None More Black - Nothing To Do When Youre Locked In A Vacancy - Rock Against Bush.mp3:Roxio EMC Stream deleted successfully.

ADS C:\Users\Seth\Desktop\MOV03228.mpg:TOC.WMV deleted successfully.

ADS C:\Users\Seth\Desktop\HPIM5158.AVI:TOC.WMV deleted successfully.

ADS C:\Users\Seth\Desktop\2008_1121chameleon0069.MP4:TOC.WMV deleted successfully.

ADS C:\Users\Seth\Desktop\052.AVI:TOC.WMV deleted successfully.

ADS C:\Users\Seth\Desktop\051.AVI:TOC.WMV deleted successfully.

ADS C:\Users\Seth\Desktop\050.AVI:TOC.WMV deleted successfully.

ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.

ADS C:\ProgramData\TEMP:4B7BEAFF deleted successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Users\Seth\AppData\Roaming\Adobe\Flash Player\NativeCache\FF34A1457D1982B20EB169EC48C1A78B\5b590794\adobecp-200489-1.dll moved successfully.

Unable to replace file: C:\Windows\System32\drivers\afd.sys with C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys without a reboot.

========== COMMANDS ==========



[EMPTYTEMP]



User: All Users



User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes



User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes



User: Public



User: Seth

->Temp folder emptied: 137283936 bytes

->Temporary Internet Files folder emptied: 3938261499 bytes

->Java cache emptied: 28770 bytes

->FireFox cache emptied: 53895899 bytes

->Apple Safari cache emptied: 183537664 bytes

->Flash cache emptied: 70466 bytes



%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 183808 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 27035773 bytes

RecycleBin emptied: 0 bytes



Total Files Cleaned = 4,139.00 mb





[EMPTYJAVA]



User: All Users



User: Default



User: Default User



User: Public



User: Seth

->Java cache emptied: 0 bytes



Total Java Files Cleaned = 0.00 mb





[EMPTYFLASH]



User: All Users



User: Default



User: Default User



User: Public



User: Seth

->Flash cache emptied: 0 bytes



Total Flash Files Cleaned = 0.00 mb



HOSTS file reset successfully



OTL by OldTimer - Version 3.2.39.2 log created on 04032012_175329



Files\Folders moved on Reboot...



Registry entries deleted on Reboot...
 
How is computer doing?

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Computer still crashes upon normal startup. I'm stilling putting these programs on a flash drive from another computer and running in safe mode.
 
At this point I suspect your Windows installation may be corrupted.

Do you have/can borrow Vista DVD?
 
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Java(TM) SE Runtime Environment 6
Adobe Flash Player 11.1.102.63
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Farbar Service Scanner Version: 01-03-2012
Ran by Seth (administrator) on 11-04-2012 at 13:32:01
Running from "E:\"
MicrosoftÆ Windows Vistaô Home Basic Service Pack 2 (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
Checking LEGACY_Nsi: Attention! Unable to open LEGACY_Nsi\0000 registry key. The key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 16:29] - [2011-04-21 09:58] - 0273408 ____A () 59A70B80F704C635DC9CFDC73D392777

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Not sure how I can run the ESET online scanner since I can only operate in safe mode and can't access the internet. Is there an alternative program I can put on a flash drive?
 
Leave Eset alone for now.

We have one infected system file and several registry keys missing.

Please run Farbar Service Scanner FSS).
Paste the following in the edit box after "Search:".

afd.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.
 
Farbar Service Scanner Version: 01-03-2012
Ran by Seth (administrator) on 16-04-2012 at 15:17:57
MicrosoftÆ Windows Vistaô Home Basic Service Pack 2 (X86)

************************************************
======== Search: "afd.sys" =========

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2011-06-15 16:29] - [2011-04-21 09:28] - 0273920 ____A (Microsoft Corporation) 70EE0FC7A0F384DBD929A01384AEEB4B

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2009-08-04 15:17] - [2009-04-11 00:47] - 0273920 ____A (Microsoft Corporation) A201207363AA900ABF1A388468688570

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
[2011-06-15 16:29] - [2011-04-21 09:12] - 0273920 ____A (Microsoft Corporation) C8AF25017CECB75906A571AC70D2D306

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011-06-15 16:29] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2008-09-15 19:03] - [2008-01-19 01:57] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2006-11-02 04:58] - [2006-11-02 04:58] - 0270336 ____A (Microsoft Corporation) 5D24CAF8EFD924A875698FF28384DB8B

C:\Windows\System32\drivers\afd.sys
[2011-06-15 16:29] - [2011-04-21 09:58] - 0273408 ____A () 59A70B80F704C635DC9CFDC73D392777

====== End Of Search ======
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys | C:\Windows\System32\drivers\afd.sys

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

Post new FSS search log as well.
 
You must log in or register to reply here.

Similar threads

midian182
Ad for a cheap BMW was used as Trojan horse in Russian cyberattack on Ukrainian diplomats
Replies
1
Views
334
Jaabaaar
Jaabaaar
J
Wrestling with AI and the AIpocalypse we should be worried about
Replies
12
Views
327
poohbear
P
J
Intel sales and new accounting: Choose your own adventure
Replies
0
Views
236
Jay Goldberg
J

Latest posts

Back