Inactive Windows 7 BSOD and Internet connection timeouts

Status
Not open for further replies.
G

gott1rott

Posts: 37   +0
Hello all, I'll just start from the beginning. I'm using wireless internet. A few days ago, my internet started randomly timing out and losing connection according to the Network and sharing center. My separate wireless software however would still show I was connected. My ps3 (internet browser) and other computer have no problems like this.

A few hours after, I later looked at my task manager and had almost double the processes running than usual, about 107. Some had duplicate names and others had what looked like a random sequence of letters for names. When trying to end them, it would say my computer will shut down.

So, I ran the 8 steps and the problem went away for a day. I tried running the steps again, but removal attempts with malwarebytes and TFC resulted in multiple crashes to BSOD memory dump screen. Now when I login to windows, I keep getting this same crash a few minutes after. The only way I could run the steps again and avoid crashes is safe mode which I'm using now. Internet has also been flawless in safe mode.
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6515

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

5/5/2011 11:05:34 PM
mbam-log-2011-05-05 (23-05-34).txt

Scan type: Quick scan
Objects scanned: 159763
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 16
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{BCE3EFEF-DEBA-BAC1-0FBE-FA4F3DC127EC} (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCE3EFEF-DEBA-BAC1-0FBE-FA4F3DC127EC} (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCE3EFEF-DEBA-BAC1-0FBE-FA4F3DC127EC} (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D4J6D07X-46N7-7177-107X-0V8667UKT48G} (Trojan.VBCrypt) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4J6D07X-46N7-7177-107X-0V8667UKT48G} (Trojan.VBCrypt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Core Services (Heuristics.Shuriken) -> Value: Core Services -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Core Services (Heuristics.Shuriken) -> Value: Core Services -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDefender (Heuristics.Shuriken) -> Value: WinDefender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\WinDefender (Heuristics.Shuriken) -> Value: WinDefender -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDefender (Heuristics.Shuriken) -> Value: WinDefender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdiagmon.exe (Trojan.Agent.Gen) -> Value: sysdiagmon.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdiagmon.exe (Trojan.Agent.Gen) -> Value: sysdiagmon.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.VBCrypt) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.VBCrypt) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Firewall (Heuristics.Shuriken) -> Value: Windows Firewall -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Startup (Heuristics.Shuriken) -> Value: Startup -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BBProtect (Backdoor.Agent) -> Value: BBProtect -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ProcessDefender (Heuristics.Shuriken) -> Value: ProcessDefender -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\crr.dll (Malware.Trace) -> Value: crr.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Desktop (Trojan.Agent) -> Value: Windows Desktop -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Desktop (Trojan.Agent) -> Value: Windows Desktop -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\gott1rott\AppData\Roaming\windefender (Rogue.WinDefender) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\gott1rott\AppData\Roaming\winlogon.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\bots.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\sysdiagmon.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\install\server.exe (Trojan.VBCrypt) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\microsoft\svchost.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\218134784.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\469369864.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\cn.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\lqpgp.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\nrlpb.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\microsoft\Run.exe (Trojan.VBCrypt) -> Quarantined and deleted successfully.
c:\Windows\kmsemulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\windefender\FileName.exe (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\install\server.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\gott1rott\AppData\Roaming\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
 
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-05 23:30:53
Windows 6.1.7600
Running: 91pg2plt.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAD 0xB9 0x63 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x65 0xB8 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x56 0x7C 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF8 0xFA 0x39 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAD 0xB9 0x63 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x65 0xB8 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x56 0x7C 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF8 0xFA 0x39 0xB3 ...

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by gott1rott at 23:33:00.75 on Thu 05/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.5315 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\gott1rott\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - e:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - C:\Program Files (x86)\PayPal\PayPal Plug-In\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - C:\Program Files (x86)\PayPal\PayPal Plug-In\OToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [armakicker] C:\Users\gott1rott\AppData\Roaming\login.exe
uRun: [PRjDElIKmm] "C:\Users\gott1rott\AppData\Local\Temp\tempfile.exe"
mRun: [armakicker] C:\Users\gott1rott\AppData\Roaming\login.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [{{mStartup}}] C:\Users\GOTT1R~1\AppData\Local\Temp\Newfile.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
mExplorerRun: [armakicker] C:\Users\gott1rott\AppData\Roaming\login.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - E:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {3DEAACEE-1CB6-FD5B-EFCC-B2C0DDDCAEBF} - C:\Users\gott1rott\AppData\Roaming\login.exe
uASetup: {3DEAACEE-1CB6-FD5B-EFCC-B2C0DDDCAEBF} - C:\Users\gott1rott\AppData\Roaming\login.exe
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [mylbx] e:\Program Files\My Lockbox\mylbx.exe /a
mRun-x64: [BCSSync] "E:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GOTT1R~1\AppData\Roaming\Mozilla\Firefox\Profiles\jqxxnw85.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: C:\Program Files (x86)\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - component: C:\Users\gott1rott\AppData\Roaming\Mozilla\Firefox\Profiles\jqxxnw85.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\gott1rott\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\gott1rott\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\gott1rott\AppData\Roaming\Mozilla\Firefox\Profiles\jqxxnw85.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: PayPal Plug-In for Firefox: paypalfirefoxplugin@orbiscom - C:\Program Files (x86)\PayPal\PayPal Plug-In
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\gott1rott\AppData\Roaming\Move Networks
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: CHM Reader: {6e098d65-7d2d-46d4-ada0-2f882a29f795} - %profile%\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2010-9-29 55440]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-14 55280]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-4-26 25312]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-30 46136]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-30 203776]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-5 365568]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-1-16 136360]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-1-16 269480]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-1-16 83120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 fsproflt;FSPro Filter Service;C:\Windows\SysWOW64\fsproflt.exe [2010-9-29 142648]
S2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.;C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;E:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
S2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2010-4-26 180224]
S2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-1-9 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-1-9 487280]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-4-30 9323520]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-4-30 304128]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-4-30 115216]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-11-25 21480]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2010-1-16 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-14 230424]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-14 230424]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-14 1445912]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-14 1445912]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-14 95256]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-14 95256]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-2 1436424]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-5-14 128928]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2009-7-14 1613336]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2010-4-26 340992]
S3 SaiH053C;SaiH053C;C:\Windows\System32\drivers\SaiH053C.sys [2007-5-1 171144]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-4-17 1250816]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-1-9 18288]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2010-3-13 29288]
.
=============== Created Last 30 ================
.
2011-05-06 03:09:03 78848 ----a-w- C:\Windows\KMSEmulator.exe
2011-05-05 23:07:34 63488 ---ha-w- C:\Users\GOTT1R~1\AppData\Roaming\qofpy.exe
2011-05-05 23:04:05 64000 ---ha-w- C:\Users\GOTT1R~1\AppData\Roaming\ywmlh.exe
2011-05-05 23:02:55 64000 ---ha-w- C:\Users\GOTT1R~1\AppData\Roaming\dbwkm.exe
2011-05-04 19:43:28 222 ----a-w- C:\Users\GOTT1R~1\AppData\Roaming\Microsoft\svchost.exe~cache.bat
2011-05-04 07:57:56 0 ----a-w- C:\Users\GOTT1R~1\AppData\Roaming\bs.exe
2011-05-03 04:59:03 733184 ----a-w- C:\Users\GOTT1R~1\AppData\Roaming\clcjql.exe
2011-05-03 02:09:51 724992 ----a-w- C:\Users\GOTT1R~1\AppData\Roaming\ixbwui.exe
2011-05-03 01:00:51 602112 ----a-w- C:\Users\GOTT1R~1\AppData\Roaming\ypjduh.exe
2011-05-02 23:55:57 16384 ----a-w- C:\Users\GOTT1R~1\AppData\Roaming\login.exe
2011-05-02 23:55:53 724992 ----a-w- C:\Users\GOTT1R~1\AppData\Roaming\cxstbs.exe
2011-04-30 17:19:41 -------- d-----w- C:\Users\GOTT1R~1\AppData\Local\AMD
2011-04-30 17:16:18 -------- d-----w- C:\PROGRA~3\AMD
2011-04-30 16:31:42 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-04-30 16:31:06 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-04-14 01:59:14 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-04-14 01:59:02 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-04-14 01:58:46 12385280 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-04-14 01:45:32 -------- d-----w- C:\Users\GOTT1R~1\AppData\Local\Arktos
2011-04-09 20:43:14 56732 ----a-w- C:\Windows\RFMaxPluginUninstall.exe
.
==================== Find3M ====================
.
2011-04-14 09:07:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-06 04:11:44 9323520 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-04-06 02:29:18 22623232 ----a-w- C:\Windows\System32\atio6axx.dll
2011-04-06 02:25:56 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-04-06 02:09:50 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-04-06 02:09:34 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-04-06 02:09:22 16116224 ----a-w- C:\Windows\System32\amdocl64.dll
2011-04-06 02:07:18 17469952 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-04-06 02:03:24 147456 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-04-06 02:03:14 671744 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-04-06 02:02:00 788480 ----a-w- C:\Windows\System32\aticfx64.dll
2011-04-06 02:00:39 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-04-06 01:59:32 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-04-06 01:59:24 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-04-06 01:58:48 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-04-06 01:57:36 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-04-06 01:57:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-04-06 01:57:14 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-04-06 01:57:02 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-04-06 01:56:56 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-04-06 01:56:52 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-04-06 01:56:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-04-06 01:53:34 4307968 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-04-06 01:44:52 5086208 ----a-w- C:\Windows\System32\atidxx64.dll
2011-04-06 01:42:14 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-04-06 01:42:12 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-04-06 01:42:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-04-06 01:42:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-04-06 01:41:50 7467008 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-04-06 01:38:50 6098432 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-04-06 01:35:00 4256768 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-04-06 01:34:38 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-04-06 01:34:16 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-04-06 01:34:04 3421184 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-04-06 01:29:00 5408256 ----a-w- C:\Windows\System32\atiumd64.dll
2011-04-06 01:28:02 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-04-06 01:26:40 3631616 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-04-06 01:22:20 361984 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-04-06 01:22:12 258048 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-04-06 01:22:04 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-04-06 01:22:00 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-04-06 01:22:00 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-04-06 01:21:56 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-04-06 01:21:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-04-06 01:21:42 304128 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-04-06 01:20:58 40448 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-04-06 01:20:52 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-04-06 01:20:46 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-04-06 01:20:38 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-04-06 01:20:04 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-04-06 01:13:22 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-04-06 01:13:22 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-04-06 01:13:16 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-04-06 01:13:16 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-04-05 23:19:53 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-04-02 21:07:04 8192 ----a-w- C:\Windows\SysWow64\gsimrxnp.dll
2011-04-02 21:07:04 49024 ----a-w- C:\Windows\inf\gsiata.sys
2011-04-02 21:07:03 92160 ----a-w- C:\Windows\SysWow64\enhkey.dll
2011-03-31 21:48:38 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-03-31 21:48:36 84992 ----a-w- C:\Windows\System32\frapsv64.dll
2011-03-24 12:02:22 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2011-02-24 17:20:53 647168 ----a-w- C:\Windows\AutoKMS.exe
2003-11-03 21:07:06 499712 ----a-w- C:\Program Files (x86)\msvcp71.dll
2003-11-03 21:07:06 348160 ----a-w- C:\Program Files (x86)\msvcr71.dll
2003-05-30 13:22:06 344064 ----a-r- C:\Program Files (x86)\msvcr70.dll
2002-01-05 07:40:18 487424 ----a-w- C:\Program Files (x86)\msvcp70.dll
.
============= FINISH: 23:33:24.14 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume6
Install Date: 11/16/2009 7:01:29 PM
System Uptime: 5/5/2011 11:10:52 PM (0 hours ago)
.
Motherboard: ASRock | | A780GXH/128M
Processor: AMD Phenom(tm) II X6 1055T Processor | CPUSocket | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 2.229 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 127.357 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 5.627 GiB free.
H: is CDROM (UDF)
U: is FIXED (NTFS) - 1397 GiB total, 937.067 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
4.0.0.529
Add or Remove Adobe Premiere Pro CS5
Adobe After Effects CS5
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Advertising Center
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Autodesk Backburner 2008.1
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Avira AntiVir Personal - Free Antivirus
Battlefield Play4Free
BattlEye Uninstall
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Conduit Engine
DolbyFiles
DVD Decrypter (Remove Only)
Fraps (remove only)
FumeFX 2.1 R2011 64-bit
Futuremark SystemInfo
GiPo@MoveOnBoot 1.9.5
headus UVLayout v2 Demo
HydraVision
ImagXpress
IP-Clamp Service
Java Auto Updater
Java(TM) 6 Update 25
JDownloader
K-Lite Codec Pack 6.0.4 (Full)
KeyHoleTV
Malwarebytes' Anti-Malware
Mega Manager
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Media Player
Movie Templates - Starter Kit
Mozilla Firefox (3.6.17)
MSXML 4.0 SP2 Parser and SDK
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Recode
Nero StartSmart
Nero Vision
NeroBurningROM
NeroExpress
neroxml
NETGEAR WG111v2 wireless USB 2.0 adapter
NVIDIA PhysX
Oblivion
OpenAL
PayPal Plug-In
PC Wizard 2010.1.96
PDF Settings CS5
Platform
PokerStars
Portal 2
PunkBuster Services
PxMergeModule
Quick Screen Capture 3.0
QuickTime
Rapture3D 2.3.22 Game
redist
Solidrocks 0.85b (remove only)
Sound Blaster X-Fi
SoundFont Bank Manager
Steam
Ulead GIF Animator 5
uTorrentBar Toolbar
VC 9.0 Runtime
VIA Platform Device Manager
VLC media player 1.0.5
Warcraft II Battle.NET Edition 2.02
WebTablet IE Plugin
WebTablet Netscape Plugin
WinPcap 3.0
YouTube Downloader 2.5.6
.
==== Event Viewer Messages From Past Week ========
.
5/5/2011 7:19:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8006aed630, 0xfffffa8006aed910, 0xfffff800033e2240). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050511-45109-01.
5/5/2011 7:15:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008265060, 0xfffffa8008265340, 0xfffff8000338b240). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050511-62812-01.
5/5/2011 7:11:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80084e8b30, 0xfffffa80084e8e10, 0xfffff8000337a240). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050511-82625-01.
5/5/2011 7:04:22 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SHERRIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B642AACF-FC91-4F71-902D-59E864533EFD}. The master browser is stopping or an election is being forced.
5/5/2011 11:12:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/5/2011 11:12:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/5/2011 11:11:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/5/2011 11:11:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/5/2011 11:11:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache SASDIFSV SASKUTIL SCDEmu spldr sptd truecrypt Wanarpv6
5/5/2011 11:10:56 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
5/5/2011 11:08:13 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\enport.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/5/2011 11:06:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/5/2011 11:06:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/5/2011 11:00:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/5/2011 11:00:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/5/2011 1:49:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8005515b30, 0xfffffa8005515e10, 0xfffff80003396240). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050511-63906-01.
5/5/2011 1:44:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800826eb30, 0xfffffa800826ee10, 0xfffff8000337c240). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050511-80609-01.
5/5/2011 1:39:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80058ab060, 0xfffffa80058ab340, 0xfffff800033ca240). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050511-115015-01.
5/4/2011 1:22:56 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort3.
5/3/2011 8:28:36 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
5/3/2011 3:54:54 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/3/2011 3:31:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/3/2011 3:31:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/3/2011 3:30:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8005407060, 0xfffffa8005407340, 0xfffff800033dd240). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050311-52406-01.
5/3/2011 3:30:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr sptd tdx truecrypt Wanarpv6 WfpLwf
5/3/2011 3:30:42 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/3/2011 3:30:42 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/3/2011 3:30:42 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/3/2011 3:30:42 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/3/2011 3:30:42 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/3/2011 3:30:40 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/3/2011 3:30:40 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/3/2011 3:30:40 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/3/2011 3:30:40 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/3/2011 3:30:40 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/3/2011 3:24:56 AM, Error: Microsoft-Windows-Subsys-SMSS [12] - The crash dump file could not be created due to a lack of free space on the destination drive. Increasing the amount of free space on the destination drive may help prevent this error.
5/2/2011 1:18:41 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 
Welcome to the Virus and Malware forum! I see Mbam has removed a significant ammount ot malware. And I see processes in your system that will bring more.

Your use of the KMSEmulator is one of them. Another is the uTorrent Toolbar.

Please run the following:
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.

Aside from any legal/moral issues about using keygens - Keygens and cracks are always high risk as they frequently come with uninvited guests. Should your system get infected as a result of downloading a keygen who are you going to complain to.
Click to expand...

Follow with this online virus scan:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Paste the 2 logs into you next reply. We'll go from there.
 
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_221602_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\gott1rott\documents\battlefield play4free\mods\main\cache\{d7b71ee2-d700-11cf-e770-5b28bec2c535}_222577_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\gott1rott\documents\xilisoft corporation\video converter ultimate\crack.js
c:\users\public\documents\cebas\sample scenes shared\thinkingparticles 3\cracks.max
c:\users\public\documents\cebas\sample scenes shared\thinkingparticles 3\cracks_linear.max
c:\users\public\documents\cebas\sample scenes shared\thinkingparticles 3\crack_spread.max
scanner sequence 3.ZZ.11
----- EOF -----
 
C:\Documents and Settings\gott1rott\AppData\Roaming\clcjql.exe a variant of MSIL/Injector.FZ trojan
C:\Documents and Settings\gott1rott\AppData\Roaming\cxstbs.exe a variant of MSIL/Injector.FZ trojan
C:\Documents and Settings\gott1rott\AppData\Roaming\ixbwui.exe a variant of MSIL/Injector.FZ trojan
C:\Documents and Settings\gott1rott\Application Data\clcjql.exe a variant of MSIL/Injector.FZ trojan
C:\Documents and Settings\gott1rott\Application Data\cxstbs.exe a variant of MSIL/Injector.FZ trojan
C:\Documents and Settings\gott1rott\Application Data\ixbwui.exe a variant of MSIL/Injector.FZ trojan
C:\Users\gott1rott\AppData\Roaming\clcjql.exe a variant of MSIL/Injector.FZ trojan
C:\Users\gott1rott\AppData\Roaming\cxstbs.exe a variant of MSIL/Injector.FZ trojan
C:\Users\gott1rott\AppData\Roaming\ixbwui.exe a variant of MSIL/Injector.FZ trojan
C:\Users\gott1rott\Application Data\clcjql.exe a variant of MSIL/Injector.FZ trojan
C:\Users\gott1rott\Application Data\cxstbs.exe a variant of MSIL/Injector.FZ trojan
C:\Users\gott1rott\Application Data\ixbwui.exe a variant of MSIL/Injector.FZ trojan
C:\Windows\AutoKMS.exe probably a variant of Win32/Agent.BBYXCWL trojan
 
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    :Files  
C:\Documents and Settings\gott1rott\AppData\Roaming\clcjql.exe 
C:\Documents and Settings\gott1rott\AppData\Roaming\cxstbs.exe 
C:\Documents and Settings\gott1rott\AppData\Roaming\ixbwui.exe
C:\Documents and Settings\gott1rott\Application Data\clcjql.exe 
C:\Documents and Settings\gott1rott\Application Data\cxstbs.exe
C:\Documents and Settings\gott1rott\Application Data\ixbwui.exe
C:\Users\gott1rott\AppData\Roaming\clcjql.exe 
C:\Users\gott1rott\AppData\Roaming\cxstbs.exe
C:\Users\gott1rott\AppData\Roaming\ixbwui.exe
C\Users\gott1rott\Application Data\clcjql.exe 
C:\Users\gott1rott\Application Data\cxstbs.exe
C:\Users\gott1rott\Application Data\ixbwui.exe
C:\Windows\AutoKMS.exe 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================================
Looking for information on the new MSIL/Injector.FZ trojan suggests it might be coming through BitFrost. Did you use that for any of the pirated entries?

Regarding these:
c:\users\public\documents\cebas\sample scenes shared\thinkingparticles 3\cracks.max
c:\users\public\documents\cebas\sample scenes shared\thinkingparticles 3\cracks_linear.max
c:\users\public\documents\cebas\sample scenes shared\thinkingparticles 3\crack_spread.max
Click to expand...
As far as I can tell, thinkingParticles is software from Cebas. This looks to be very costly. Samples do come with the trial. We tend to associate the words 'crack', 'serial' and 'keygen' with pirated saoftware. But I also understand that visual rendering can be used to literally show 'cracks' as in a wall or road.

Can you clarify this for me please?

Additionally this program itself is costly: Xilisoft Video Converter Ultimate I don't see this program installed, but have concern about this javascrit crack:
c:\users\gott1rott\documents\xilisoft corporation\video converter ultimate\crack.js

The bottom line is that we don't support piracy. I am giving you the benefit of the doubt to tell me about 'crack'.
=======================================
You should also consider the payload of the Trojan removed in Mbam: MSIL/Injector.G is a trojan that steals sensitive information. The trojan can send the information to a remote machine.
=======================================
 
I've actually never heard of Bitfrost. By the name, I would assume it's a torrent client, but I haven't used it. You are correct about the thinkingparticles. I am using the trial version The .max is the primary file format used by 3ds for saving scenes. "Crack" is in the filename because there are visual cracks in the scene. The Xilisoft Converter was pirated software, but I thought I got rid of that a while ago.

As for the OTM, it asked me to reboot and I clicked yes, so I have the log from after the reboot. I just wasn't sure if I was supposed to save a log before rebooting.

Thanks for the heads up on that trojan. Where do we go from here?
 
All processes killed
========== FILES ==========
C:\Documents and Settings\gott1rott\AppData\Roaming\clcjql.exe moved successfully.
C:\Documents and Settings\gott1rott\AppData\Roaming\cxstbs.exe moved successfully.
C:\Documents and Settings\gott1rott\AppData\Roaming\ixbwui.exe moved successfully.
File/Folder C:\Documents and Settings\gott1rott\Application Data\clcjql.exe not found.
File/Folder C:\Documents and Settings\gott1rott\Application Data\cxstbs.exe not found.
File/Folder C:\Documents and Settings\gott1rott\Application Data\ixbwui.exe not found.
File/Folder C:\Users\gott1rott\AppData\Roaming\clcjql.exe not found.
File/Folder C:\Users\gott1rott\AppData\Roaming\cxstbs.exe not found.
File/Folder C:\Users\gott1rott\AppData\Roaming\ixbwui.exe not found.
File/Folder C\Users\gott1rott\Application Data\clcjql.exe not found.
File/Folder C:\Users\gott1rott\Application Data\cxstbs.exe not found.
File/Folder C:\Users\gott1rott\Application Data\ixbwui.exe not found.
C:\Windows\AutoKMS.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: gott1rott
->Temp folder emptied: 1008585 bytes
->Temporary Internet Files folder emptied: 144585 bytes
->Java cache emptied: 2978 bytes
->FireFox cache emptied: 67884732 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6416 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6914 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 66.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 05092011_155507

Files moved on Reboot...
C:\Users\gott1rott\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
We have a lot of work to do. The system is badly infected: Please uninstall the KMS Emulator
==================================
Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions if needed:
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
ComboFix 11-05-09.02 - gott1rott 05/10/2011 3:07.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4656 [GMT -4:00]
Running from: c:\users\gott1rott\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Temp
c:\program files (x86)\Common Files\Temp\Bridge.exe
c:\program files (x86)\Common Files\Temp\unins000.dat
c:\program files (x86)\Common Files\Temp\unins000.exe
c:\users\gott1rott\AppData\Roaming\chrtmp
c:\users\gott1rott\AppData\Roaming\dbwkm.exe
c:\users\gott1rott\AppData\Roaming\gott1rottlog.dat
c:\users\gott1rott\AppData\Roaming\login.exe
c:\users\gott1rott\AppData\Roaming\qofpy.exe
c:\users\gott1rott\AppData\Roaming\ypjduh.exe
c:\users\gott1rott\AppData\Roaming\ywmlh.exe
c:\windows\SysWow64\install
c:\windows\SysWow64\winservice.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SCM_Service
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-09 19:55 . 2011-05-09 19:55 -------- d-----w- C:\_OTM
2011-05-09 19:16 . 2011-05-09 19:16 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-09 19:16 . 2011-05-09 19:16 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-09 19:16 . 2011-05-09 19:16 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-09 19:16 . 2011-05-09 19:16 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-09 19:16 . 2011-05-09 19:16 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-09 19:16 . 2011-05-09 19:16 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-09 19:16 . 2011-05-09 19:16 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-09 19:16 . 2011-05-09 19:16 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-07 07:26 . 2011-05-08 06:39 -------- d-----w- c:\users\gott1rott\.dvdcss
2011-05-06 20:22 . 2011-05-06 20:22 -------- d-----w- c:\program files (x86)\ESET
2011-05-04 19:43 . 2011-05-04 19:43 222 ----a-w- c:\users\gott1rott\AppData\Roaming\Microsoft\svchost.exe~cache.bat
2011-05-04 07:57 . 2011-05-04 07:57 0 ----a-w- c:\users\gott1rott\AppData\Roaming\bs.exe
2011-05-03 14:12 . 2011-05-03 14:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-30 17:19 . 2011-04-30 17:19 -------- d-----w- c:\users\gott1rott\AppData\Local\AMD
2011-04-30 17:16 . 2011-04-30 17:16 -------- d-----w- c:\programdata\AMD
2011-04-30 16:31 . 2011-04-30 16:31 -------- d-----w- c:\programdata\ATI
2011-04-30 16:31 . 2011-04-30 16:31 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-30 16:31 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-04-14 01:59 . 2011-04-14 01:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-14 01:59 . 2011-04-14 01:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-14 01:58 . 2011-04-14 01:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-14 01:45 . 2011-04-14 01:45 -------- d-----w- c:\users\gott1rott\AppData\Local\Arktos
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 09:07 . 2010-04-21 23:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 20:43 . 2011-04-09 20:43 56732 ----a-w- c:\windows\RFMaxPluginUninstall.exe
2011-04-06 02:25 . 2010-10-09 19:14 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-06 02:09 . 2011-04-06 02:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-06 02:09 . 2011-04-06 02:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-04-06 02:02 . 2010-02-19 20:28 788480 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-06 02:00 . 2011-03-10 14:54 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-06 01:44 . 2010-02-19 20:26 5086208 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-06 01:28 . 2010-02-19 20:15 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-06 01:22 . 2010-10-27 02:14 361984 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-06 01:20 . 2010-02-19 19:45 40448 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-06 01:20 . 2010-10-27 02:13 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-06 01:20 . 2010-10-27 02:13 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-05 23:19 . 2011-03-10 14:54 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-02 21:07 . 2011-04-02 21:07 8192 ----a-w- c:\windows\SysWow64\gsimrxnp.dll
2011-04-02 21:07 . 2011-04-02 21:07 4992 ----a-w- c:\windows\SysWow64\drivers\enport.sys
2011-04-02 21:07 . 2011-04-02 21:07 49024 ----a-w- c:\windows\inf\gsiata.sys
2011-04-02 21:07 . 2011-04-02 21:07 293888 ----a-w- c:\windows\SysWow64\drivers\gsimrx.sys
2011-04-02 21:07 . 2011-04-02 21:07 92160 ----a-w- c:\windows\SysWow64\enhkey.dll
2011-03-31 21:48 . 2011-03-31 21:48 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-03-31 21:48 . 2011-03-31 21:48 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-03-24 12:02 . 2011-03-24 12:02 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2003-11-03 21:07 . 2004-04-23 21:06 499712 ----a-w- c:\program files (x86)\msvcp71.dll
2003-11-03 21:07 . 2004-04-23 21:06 348160 ----a-w- c:\program files (x86)\msvcr71.dll
2003-05-30 13:22 . 2003-09-08 13:09 344064 ----a-r- c:\program files (x86)\msvcr70.dll
2002-01-05 07:40 . 2003-09-08 13:09 487424 ----a-w- c:\program files (x86)\msvcp70.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2009-07-14 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v2\WG111v2.exe [2010-4-26 1261568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATICDSDr;ATICDSDr;c:\users\GOTT1R~1\AppData\Local\Temp\ATICDSDr.sys [x]
R3 cpuz130;cpuz130;c:\users\GOTT1R~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2010-01-16 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-02 1436424]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x]
R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-06 365568]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2010-01-06 142648]
S2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.;c:\program files (x86)\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;e:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF7521.cfxxe" [X]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"mylbx"="e:\program files\My Lockbox\mylbx.exe" [2010-07-14 1804000]
"BCSSync"="e:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\gott1rott\AppData\Roaming\Mozilla\Firefox\Profiles\jqxxnw85.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-armakicker - c:\users\gott1rott\AppData\Roaming\login.exe
Wow6432Node-HKLM-Run-armakicker - c:\users\gott1rott\AppData\Roaming\login.exe
HKLM_Wow6432Node-ActiveSetup-{3DEAACEE-1CB6-FD5B-EFCC-B2C0DDDCAEBF} - c:\users\gott1rott\AppData\Roaming\login.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-Adobe Bridge CS5_is1 - c:\program files (x86)\Common Files\Temp\unins000.exe
AddRemove-BattlEye - e:\program files (x86)\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-Solidrocks 0.85b - e:\program files\Autodesk\3ds Max 2011\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1569982102-2375594022-2670966679-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c9,52,8c,b4,41,ae,6e,35,45,cb,61,80,5b,e4,84,71,f1,a7,23,10,36,15,05,
00,60,ad,3c,4c,47,6b,56,55,47,ea,f1,e5,6a,08,1b,8e,c1,f1,19,2e,2b,17,bd,7c,\
"??"=hex:b2,8c,90,ba,cd,4f,49,cf,0f,49,60,b9,fd,b5,b5,2e
.
[HKEY_USERS\S-1-5-21-1569982102-2375594022-2670966679-1000\Software\SecuROM\License information*]
"datasecu"=hex:21,38,20,4a,b7,53,d3,f6,e1,30,05,08,f3,71,a0,b9,e8,af,b9,6d,1f,
37,13,d8,38,49,2d,19,94,b0,40,8a,0b,80,d5,aa,a9,c9,e2,a5,32,1a,c1,8f,1e,3d,\
"rkeysecu"=hex:95,11,2f,12,e3,74,61,aa,cd,db,fd,a7,a7,1d,0a,40
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\DCPFLICS\DCPFLICS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-05-10 03:21:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-10 07:21
.
Pre-Run: 1,703,137,280 bytes free
Post-Run: 1,370,562,560 bytes free
.
- - End Of File - - F1BB8EE5705F0AF04C966AF21EE1DCC8
 
Sorry- got a bit behind.
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
FileLook::
c:\users\gott1rott\AppData\Roaming\Microsoft\svchost.exe~cache.bat
c:\users\gott1rott\AppData\Roaming\bs.exe
DDS::
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [armakicker] C:\Users\gott1rott\AppData\Roaming\login.exe
uRun: [PRjDElIKmm] "C:\Users\gott1rott\AppData\Local\Temp\tempfile.exe"
mRun: [armakicker] C:\Users\gott1rott\AppData\Roaming\login.exe
mRun: [{{mStartup}}] C:\Users\GOTT1R~1\AppData\Local\Temp\Newfile.exe
mExplorerRun: [armakicker] C:\Users\gott1rott\AppData\Roaming\login.exe
mASetup: {3DEAACEE-1CB6-FD5B-EFCC-B2C0DDDCAEBF} - C:\Users\gott1rott\AppData\Roaming\login.exe
uASetup: {3DEAACEE-1CB6-FD5B-EFCC-B2C0DDDCAEBF} - C:\Users\gott1rott\AppData\Roaming\login.exe
BHO-X64: URLRedirectionBHO - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

RegNull::
[HKEY_USERS\S-1-5-21-1569982102-2375594022-2670966679-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1569982102-2375594022-2670966679-1000\Software\SecuROM\License information*]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please consider removing these from the Trusted Zone. Security is lower in that zone and nothing needs to be there:
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
===============================
How is the system doing now?
 
ComboFix 11-05-11.04 - gott1rott 05/12/2011 22:32:21.3.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4429 [GMT -4:00]
Running from: c:\users\gott1rott\Desktop\ComboFix.exe
Command switches used :: c:\users\gott1rott\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 02:35 . 2011-05-13 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 19:55 . 2011-05-09 19:55 -------- d-----w- C:\_OTM
2011-05-09 19:16 . 2011-05-09 19:16 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-09 19:16 . 2011-05-09 19:16 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-09 19:16 . 2011-05-09 19:16 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-09 19:16 . 2011-05-09 19:16 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-09 19:16 . 2011-05-09 19:16 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-09 19:16 . 2011-05-09 19:16 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-09 19:16 . 2011-05-09 19:16 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-09 19:16 . 2011-05-09 19:16 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-07 07:26 . 2011-05-08 06:39 -------- d-----w- c:\users\gott1rott\.dvdcss
2011-05-06 20:22 . 2011-05-06 20:22 -------- d-----w- c:\program files (x86)\ESET
2011-05-04 19:43 . 2011-05-04 19:43 222 ----a-w- c:\users\gott1rott\AppData\Roaming\Microsoft\svchost.exe~cache.bat
2011-05-04 07:57 . 2011-05-04 07:57 0 ----a-w- c:\users\gott1rott\AppData\Roaming\bs.exe
2011-05-03 14:12 . 2011-05-03 14:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-30 17:19 . 2011-04-30 17:19 -------- d-----w- c:\users\gott1rott\AppData\Local\AMD
2011-04-30 17:16 . 2011-04-30 17:16 -------- d-----w- c:\programdata\AMD
2011-04-30 16:31 . 2011-04-30 16:31 -------- d-----w- c:\programdata\ATI
2011-04-30 16:31 . 2011-04-30 16:31 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-30 16:31 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-04-14 01:59 . 2011-04-14 01:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-14 01:59 . 2011-04-14 01:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-14 01:58 . 2011-04-14 01:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-14 01:45 . 2011-04-14 01:45 -------- d-----w- c:\users\gott1rott\AppData\Local\Arktos
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 09:07 . 2010-04-21 23:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 20:43 . 2011-04-09 20:43 56732 ----a-w- c:\windows\RFMaxPluginUninstall.exe
2011-04-06 02:25 . 2010-10-09 19:14 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-06 02:09 . 2011-04-06 02:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-06 02:09 . 2011-04-06 02:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-04-06 02:02 . 2010-02-19 20:28 788480 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-06 02:00 . 2011-03-10 14:54 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-06 01:44 . 2010-02-19 20:26 5086208 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-06 01:28 . 2010-02-19 20:15 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-06 01:22 . 2010-10-27 02:14 361984 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-06 01:20 . 2010-02-19 19:45 40448 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-06 01:20 . 2010-10-27 02:13 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-06 01:20 . 2010-10-27 02:13 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-05 23:19 . 2011-03-10 14:54 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-02 21:07 . 2011-04-02 21:07 8192 ----a-w- c:\windows\SysWow64\gsimrxnp.dll
2011-04-02 21:07 . 2011-04-02 21:07 4992 ----a-w- c:\windows\SysWow64\drivers\enport.sys
2011-04-02 21:07 . 2011-04-02 21:07 49024 ----a-w- c:\windows\inf\gsiata.sys
2011-04-02 21:07 . 2011-04-02 21:07 293888 ----a-w- c:\windows\SysWow64\drivers\gsimrx.sys
2011-04-02 21:07 . 2011-04-02 21:07 92160 ----a-w- c:\windows\SysWow64\enhkey.dll
2011-03-31 21:48 . 2011-03-31 21:48 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-03-31 21:48 . 2011-03-31 21:48 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-03-24 12:02 . 2011-03-24 12:02 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2003-11-03 21:07 . 2004-04-23 21:06 499712 ----a-w- c:\program files (x86)\msvcp71.dll
2003-11-03 21:07 . 2004-04-23 21:06 348160 ----a-w- c:\program files (x86)\msvcr71.dll
2003-05-30 13:22 . 2003-09-08 13:09 344064 ----a-r- c:\program files (x86)\msvcr70.dll
2002-01-05 07:40 . 2003-09-08 13:09 487424 ----a-w- c:\program files (x86)\msvcp70.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\users\gott1rott\AppData\Roaming\bs.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 0
Created time: 2011-05-04 07:57
Modified time: 2011-05-04 07:57
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
.
.
--- c:\users\gott1rott\AppData\Roaming\Microsoft\svchost.exe~cache.bat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 222
Created time: 2011-05-04 19:43
Modified time: 2011-05-04 19:43
MD5: 21F254E105C8A6EF2613F7F25BAAE147
SHA1: A8524741CF25C26E8B2413B1C30A0998703B3C0A
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-13_02.07.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-11-17 00:31 . 2011-05-13 01:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-17 00:31 . 2011-05-13 02:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-17 00:31 . 2011-05-13 02:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-17 00:31 . 2011-05-13 01:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2009-07-14 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v2\WG111v2.exe [2010-4-26 1261568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.;c:\program files (x86)\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;e:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R3 ATICDSDr;ATICDSDr;c:\users\GOTT1R~1\AppData\Local\Temp\ATICDSDr.sys [x]
R3 cpuz130;cpuz130;c:\users\GOTT1R~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2010-01-16 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-02 1436424]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x]
R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-06 365568]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2010-01-06 142648]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"mylbx"="e:\program files\My Lockbox\mylbx.exe" [2010-07-14 1804000]
"BCSSync"="e:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\gott1rott\AppData\Roaming\Mozilla\Firefox\Profiles\jqxxnw85.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-12 22:37:06
ComboFix-quarantined-files.txt 2011-05-13 02:37
ComboFix2.txt 2011-05-10 07:21
.
Pre-Run: 1,277,403,136 bytes free
Post-Run: 1,220,431,872 bytes free
.
- - End Of File - - B5FF19CD8AFBC9F431A58FB5D4456AC4
 
The computer has been running great all week actually. I haven't noticed any problems. Thanks, I really appreciate all the help.
 
You're welcome! Glad to hear system is working well. I tried to get information about 2 files- but I didn't get much. No company name, no program or app name. But I'd like you to search for both of them> you can use Windows explorer (Windows key+E) and navigate to each file>> Do a right click> Properties:
c:\users\gott1rott\AppData\Roaming\bs.exe
This looks 'empty.' Go ahead and do a right click> Delete unless you recognize something
c:\users\gott1rott\AppData\Roaming\Microsoft\svchost.exe~cache.bat
This one has 'stuff' in it. Follow same path as above,
================================================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Click on Start> right click on Computer> Properties
  • Select System Protection
  • Click on the Create button (near bottom)
  • Type a name for the Restore Point
  • Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
  • Click Start> Computer> right click the C Drive and choose Properties> enter.
  • Click Disk Cleanup from there.
    image2.png
  • Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
  • Click the More Options tab
    w7-srp2.png
  • Click the Clean up under System Restore and Shadow Copies.
  • Click OK.
  • You will get a confirmation screen> Just click Delete.
  • Click OK on the Disk Cleanup Screen.
  • Click Delete Files on the Confirmation screen.
image6.png

It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin

Let me know if you have any more questions.
======================================
Stay away from file sharing and torrent sites! It is not worth the trip unless you want to stop by this forum weekly! Very important: Use a Site Advisor when you choose a site from a search and when you go to download anything!

The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

Every time you do a search and the screen comes up with the sites, they will have the rating light. Green (2 shades), Amber/Yellow Caution, Red> not advised. A few sites haven't been rated and show as a blue flashlight.

If you want to link to another site from the page you're on o another, WOT will give you an Alert that the site is known for fraudulent entries, unreliable or other and the site won't load. Don't worry- those Alerts don't happen if you still to the green rating.

Many time when I try to identify a process, many to most sites may have the 'red light.' That means that whatever I'm looking for, I cannot trust that site to be safe or accurate. So I am only in the green light business!
 
You're welcome. Here are a few more you might want to look into- all may not work on Win 7 64bit:
Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o] [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    [o] Temporary File Cleaner
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.
 
Status
Not open for further replies.

Similar threads

J
Why does my internet connection consistently go offline at the same time every night?
Replies
2
Views
822
Mark Fuller
M
midian182
Study appears to debunk link between internet use and mental health
Replies
9
Views
383
axiomatic13
axiomatic13
S
Dell Latitude E5470 Video Issues
Replies
1
Views
716
Mark Fuller
M

Latest posts

Back