kurato

Members
  • Content count

    15
  • Joined

  • Last visited

About kurato

  • Rank
    New Member
  1. there isn't much can be done about the other issue. thanks you for helping me cleaning up my pc MrC
  2. that would be great, hopefully it just the virus damaged it, not still here. thanks you MrC
  3. here a screenshot, the main icon for the extension been hiden, the option via tools been cleared and none of the button work except cancel. http://i.imgur.com/4c5nH.png
  4. I reinstalled it again and the extension still not working.
  5. the full scan show up nothing
  6. MB did not pick up anything. my computer seem clean, but what ever virus/malware was installed have damaged my firefox and it orbit downloader extension. Something similar like this happened once to one of my old computer where a virus tool bar damaged my orbit extension. But unlike my old computer, reinstalling both firefox and orbit did not fix it. I used the same installers and put it on a laptop and the application work fine. The virus hid the extension primary button, clear and disable any ability to edit the extension application option. So I believed that what ever cause it is still there, or did some damages that I can not fix by myself. Also, sorry for bumping the thread, I know you volunteer to help me but I was a bit anxious while waiting for the next step. mbam-log-2012-07-19 (23-28-22).txt
  7. here ComboFix.txt
  8. here ComboFix.txt
  9. All processes killed ========== OTL ========== C:\Users\Kurato\AppData\Local\Dxtory Software\Dxtory2.0\Profiles folder moved successfully. C:\Users\Kurato\AppData\Local\Dxtory Software\Dxtory2.0 folder moved successfully. C:\Users\Kurato\AppData\Local\Dxtory Software folder moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DXtory2 folder moved successfully. C:\Windows\SysNative\DxtoryCodec64.dll moved successfully. C:\Windows\SysWOW64\DxtoryCodec.dll moved successfully. ========== FILES ========== File\Folder C:\Users\Kurato\AppData\Local\Dxtory Software not found. File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DXtory2 not found. File\Folder C:\Windows\SysNative\DxtoryCodec64.dll not found. File\Folder C:\Windows\SysWow64\DxtoryCodec.dll not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Kurato ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kurato ->Temp folder emptied: 239267845 bytes ->Temporary Internet Files folder emptied: 31578629 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 75024488 bytes ->Google Chrome cache emptied: 357874707 bytes ->Flash cache emptied: 8961 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 119958534 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36093732 bytes RecycleBin emptied: 1900474100 bytes Total Files Cleaned = 2,632.00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07192012_080741 Files\Folders moved on Reboot... C:\Users\Kurato\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Kurato\AppData\Local\Temp\~DF601E77FC07F8F018.TMP moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. C:\Windows\temp\ZLT01422.TMP moved successfully. PendingFileRenameOperations files... File C:\Users\Kurato\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Kurato\AppData\Local\Temp\~DF601E77FC07F8F018.TMP not found! [2012/07/19 08:12:35 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5 File C:\Windows\temp\ZLT01422.TMP not found! Registry entries deleted on Reboot...
  10. here OTL.Txt Extras.Txt
  11. I have attempt to remove dxtory, but it the fake files that I worry about, apparently I downloaded bogus version of dxtory licence file, after searching it again, apparently it a crack license and someone rename it. it install some tools bar that I removed (I cant remember what it call) and it damaged my orbit downloader extension on firefox. no amount of reinstalling both application fix it so I believe my computer might be infected still. Although like I mention, MB, avast, and microsoft essential did not pick up anything but on virus total other AV pick it up. I have netmeter, nothing seem out of place, about 1Gb per day. except yesterday, 2 Gb because I constantly reinstalling firefox and orbit downloader to make it work together.
  12. dds . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Kurato at 12:12:59 on 2012-07-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16323.11565 [GMT 10:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\system32\atieclxx.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Windows\system32\viakaraokesrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Windows\system32\taskhost.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Users\Kurato\Downloads\NoSleepHDv2.0.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Users\Kurato\Downloads\NetMeter.exe C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll uRun: [Google Update] "C:\Users\Kurato\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup uRun: [NetMeter] C:\Users\Kurato\Downloads\NetMeter.exe uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Kurato\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\Users\Kurato\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORTEM~1.LNK - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 61.9.133.193 61.9.134.49 TCP: Interfaces\{1CEB4C62-8D9D-4311-8CE1-3F6BEBEF2E4B} : DhcpNameServer = 61.9.133.193 61.9.134.49 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll BHO-X64: btorbit.com - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO-X64: ZoneAlarm Security Engine Registrar - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kurato\AppData\Roaming\Mozilla\Firefox\Profiles\9ejt6izh.default\ FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll FF - plugin: C:\Users\Kurato\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Kurato\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-11 44808] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-7 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-4 33672] R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-4 827520] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-7 161560] R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-6-26 7329648] R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-6-26 719216] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-7 363800] R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2012-6-24 14336] S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2012-6-24 17408] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-18 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-18 00:16:05 -------- d-----w- C:\Program Files (x86)\Orbitdownloader 2012-07-17 21:04:07 -------- d-----w- C:\Windows\SysWow64\directx 2012-07-17 20:57:23 696832 ----a-w- C:\Windows\System32\xvidcore.dll 2012-07-17 20:57:23 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2012-07-17 20:57:23 255488 ----a-w- C:\Windows\System32\xvidvfw.dll 2012-07-17 20:57:23 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2012-07-17 20:57:23 173568 ----a-w- C:\Windows\System32\xvid.ax 2012-07-17 20:57:23 153088 ----a-w- C:\Windows\SysWow64\xvid.ax 2012-07-17 20:47:22 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Babylon 2012-07-17 20:47:22 -------- d-----w- C:\ProgramData\Babylon 2012-07-17 20:34:16 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{631C9269-C4F6-429B-AE51-8D8EB5EF94E3}\mpengine.dll 2012-07-17 19:51:48 -------- d-----w- C:\Users\Kurato\AppData\Roaming\ProgSense 2012-07-17 19:40:07 -------- d-----w- C:\Windows\IswTmp 2012-07-17 19:36:18 -------- d-----w- C:\Users\Kurato\AppData\Roaming\OpenCandy 2012-07-17 08:42:11 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2.3 2012-07-17 08:40:27 -------- d-----w- C:\Program Files (x86)\MSI Afterburner 2012-07-17 08:09:19 -------- d-----w- C:\ProgramData\Tarma Installer 2012-07-17 05:21:19 -------- d-----w- C:\Users\Kurato\AppData\Local\Dxtory Software 2012-07-17 05:21:16 3673600 ----a-w- C:\Windows\System32\DxtoryCodec64.dll 2012-07-17 05:21:16 3166720 ----a-w- C:\Windows\SysWow64\DxtoryCodec.dll 2012-07-17 04:57:07 -------- d-----w- C:\Program Files (x86)\Xvid 2012-07-16 20:40:01 -------- d-----w- C:\Users\Kurato\AppData\Local\{1594C066-068D-4811-92E4-2496F94DAF42} 2012-07-16 20:39:50 -------- d-----w- C:\Users\Kurato\AppData\Local\{9E2B5AFD-08C8-4C71-B64A-CADC4C5FC48A} 2012-07-14 05:06:31 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair 2012-07-12 06:57:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-07-12 06:57:07 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-07-11 20:13:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-07-11 20:13:31 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-07-11 20:13:30 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-07-10 18:16:15 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-07-10 13:55:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-10 13:55:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-09 18:15:15 -------- d-----w- C:\Users\Kurato\AppData\Local\Microsoft Games 2012-07-09 17:41:47 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Clickteam 2012-07-06 17:37:26 -------- d-----w- C:\Program Files (x86)\Common Files\Enterbrain 2012-07-06 17:33:47 -------- d-----w- C:\Program Files (x86)\Enterbrain 2012-07-06 17:33:42 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2012-07-06 17:33:42 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2012-07-06 17:33:42 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll 2012-07-06 17:33:42 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll 2012-07-06 17:33:42 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2012-07-02 10:04:34 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-07-02 09:59:20 544008 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-07-02 09:59:20 525576 ----a-w- C:\Windows\System32\deployJava1.dll 2012-07-02 09:27:19 -------- d-----w- C:\Users\Kurato\AppData\Local\Sun 2012-07-01 17:42:31 -------- d-----w- C:\Users\Kurato\AppData\Local\NoSleepHD 2012-06-30 08:06:43 -------- d-----w- C:\Windows\PCHEALTH 2012-06-30 08:04:14 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2012-06-30 08:03:59 -------- d-----w- C:\Users\Kurato\AppData\Local\Microsoft Help 2012-06-29 19:34:32 -------- d-----w- C:\Users\Kurato\AppData\Local\{4CB83D14-CB75-4BCC-AEC7-5E7BD70A1065} 2012-06-29 19:34:21 -------- d-----w- C:\Users\Kurato\AppData\Local\{90676FAA-3E5F-4131-A9DF-C60C4A0BEF6D} 2012-06-29 14:48:43 -------- d-----w- C:\ProgramData\Virtualized Applications 2012-06-28 22:32:19 -------- d-----w- C:\Users\Kurato\AppData\Local\{A455DB40-11E2-49F2-81DB-FD9C9A58FAFC} 2012-06-28 22:32:08 -------- d-----w- C:\Users\Kurato\AppData\Local\{9CD6AA8A-6E21-4E6B-B94D-F9DB7BBAABDA} 2012-06-28 22:32:08 -------- d-----w- C:\Users\Kurato\AppData\Local\{08AD3E63-89C6-4B92-B6AE-9E268E612230} 2012-06-28 15:06:22 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-06-28 12:49:33 -------- d-----w- C:\Users\Kurato\AppData\Local\SoftGrid Client 2012-06-28 12:49:32 -------- d-----w- C:\Users\Kurato\AppData\Roaming\SoftGrid Client 2012-06-28 12:47:12 -------- d-----w- C:\Users\Kurato\AppData\Roaming\TP 2012-06-28 12:24:08 -------- d-----w- C:\Users\Kurato\AppData\Local\ElevatedDiagnostics 2012-06-28 11:15:40 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2012-06-28 11:15:35 336208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-27 09:32:08 -------- d-----w- C:\Windows\.jagex_cache_32 2012-06-27 09:15:24 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-27 00:50:30 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-06-27 00:50:30 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-06-27 00:50:29 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-06-26 13:33:17 -------- d-----w- C:\Program Files (x86)\Bamboo Dock 2012-06-26 13:31:47 648560 ------w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll 2012-06-26 13:31:47 -------- d-----w- C:\Users\Kurato\AppData\Roaming\WTablet 2012-06-26 13:31:46 755568 ------w- C:\Windows\System32\Pen_Touch_Tablet.dll 2012-06-26 13:31:41 -------- d-----w- C:\Program Files (x86)\TabletPlugins 2012-06-26 13:31:19 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys 2012-06-26 13:31:15 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys 2012-06-26 13:31:14 18288 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys 2012-06-26 13:31:11 495616 ------w- C:\Windows\SysWow64\Wintab32.dll 2012-06-26 13:31:10 588800 ------w- C:\Windows\System32\Wintab32.dll 2012-06-26 13:31:09 762224 ------w- C:\Windows\System32\Pen_Tablet.dll 2012-06-26 13:31:09 656240 ------w- C:\Windows\SysWow64\Pen_Tablet.dll 2012-06-26 13:31:00 -------- d-----w- C:\Program Files\Tablet 2012-06-26 06:05:05 -------- d-----w- C:\Users\Kurato\AppData\Local\{A7ECCC16-8A21-4932-B00C-C32A03E0F64F} 2012-06-26 06:04:42 -------- d-----w- C:\Users\Kurato\AppData\Local\{F3D8D91E-28AC-4481-B292-99107F525376} 2012-06-26 06:04:28 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Windows Live Writer 2012-06-26 06:04:28 -------- d-----w- C:\Users\Kurato\AppData\Local\Windows Live Writer 2012-06-25 19:40:04 -------- d---a-w- C:\Users\Kurato\dung 2012-06-25 19:39:42 -------- d-sha-w- C:\Users\Kurato\$RECYCLE.BIN 2012-06-25 19:28:05 -------- d-----w- C:\ZHDD backup 2012-06-25 04:18:38 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Applian FLV and Media Player 2012-06-25 04:13:25 -------- d-----w- C:\Windows\SysWow64\Wat 2012-06-25 04:13:25 -------- d-----w- C:\Windows\System32\Wat 2012-06-24 20:21:30 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-06-24 20:21:30 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-06-24 20:21:30 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-06-24 20:21:30 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-06-24 20:21:30 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-06-24 20:21:30 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-06-24 20:21:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-06-24 20:08:04 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Unity 2012-06-24 20:07:43 -------- d-----w- C:\Users\Kurato\AppData\Local\Unity 2012-06-24 17:18:57 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2012-06-24 17:17:57 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2012-06-24 17:16:59 77312 ----a-w- C:\Windows\System32\packager.dll 2012-06-24 17:16:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-06-24 17:14:34 9013136 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-06-24 11:46:16 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-24 11:46:12 -------- d-----w- C:\Users\Kurato\AppData\Local\PunkBuster 2012-06-24 11:44:11 -------- d-----w- C:\ProgramData\EA Logs 2012-06-24 11:14:17 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins 2012-06-24 11:10:10 -------- d-----w- C:\ProgramData\EA Core 2012-06-24 11:05:03 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2012-06-24 11:04:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-06-24 11:04:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-06-24 11:04:24 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-06-24 10:34:47 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Origin 2012-06-24 10:34:45 -------- d-----w- C:\Users\Kurato\AppData\Local\Origin 2012-06-24 10:34:38 -------- d-----w- C:\ProgramData\Origin 2012-06-24 10:34:38 -------- d-----w- C:\ProgramData\Electronic Arts 2012-06-24 10:34:38 -------- d-----w- C:\Program Files (x86)\Origin Games 2012-06-24 10:34:31 -------- d-----w- C:\Program Files (x86)\Origin 2012-06-24 10:14:21 -------- d-----w- C:\Windows\SysWow64\Adobe 2012-06-24 09:54:03 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack 2012-06-24 08:36:23 -------- d-----w- C:\Users\Kurato\AppData\Roaming\.minecraft 2012-06-24 08:33:22 -------- d-----w- C:\Users\Kurato\AppData\Local\Apple Computer 2012-06-24 08:33:17 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-06-24 08:33:17 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-06-24 08:33:17 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-06-24 08:33:00 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-06-24 08:33:00 -------- d-----w- C:\Program Files\iTunes 2012-06-24 08:33:00 -------- d-----w- C:\Program Files\iPod 2012-06-24 08:33:00 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-24 08:32:53 -------- d-----w- C:\Users\Kurato\AppData\Local\Apple 2012-06-24 08:32:32 -------- d-----w- C:\Program Files\Bonjour 2012-06-24 08:32:32 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-06-24 08:30:02 -------- d-----w- C:\Users\Kurato\Tracing 2012-06-24 08:27:14 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28c7fbbe1cd51e339\MeshBetaRemover.exe 2012-06-24 08:25:41 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0d61ac51cd51e22c\DSETUP.dll 2012-06-24 08:25:41 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0d61ac51cd51e22c\DXSETUP.exe 2012-06-24 08:25:41 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0d61ac51cd51e22c\dsetup32.dll 2012-06-24 08:25:35 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed59f24f1cd51e22b\DSETUP.dll 2012-06-24 08:25:35 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed59f24f1cd51e22b\DXSETUP.exe 2012-06-24 08:25:35 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed59f24f1cd51e22b\dsetup32.dll 2012-06-24 08:23:08 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\956b638d1cd51e217\Silverlight.4.0.exe 2012-06-24 08:20:30 -------- d-----w- C:\Users\Kurato\AppData\Local\Windows Live 2012-06-24 08:20:30 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-06-24 08:11:48 111960 ----a-w- C:\Windows\dxsdkuninst.exe 2012-06-24 08:11:48 -------- d-----w- C:\Program Files (x86)\Microsoft DirectX SDK (June 2010) 2012-06-24 07:49:34 -------- d-----w- C:\Users\Kurato\jagexcache 2012-06-24 07:49:04 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-24 07:26:26 -------- d-----w- C:\Program Files (x86)\Applian Technologies 2012-06-24 07:24:05 438272 ----a-w- C:\shimgvw.dll 2012-06-24 07:24:05 33280 ----a-w- C:\rundll32.exe 2012-06-24 07:18:50 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared 2012-06-24 07:16:22 -------- d-----w- C:\Users\Kurato\AppData\Local\Macromedia 2012-06-24 07:13:46 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Foxit 2012-06-24 07:13:39 -------- d-----w- C:\Program Files (x86)\Foxit Software 2012-06-24 07:12:26 -------- d-----w- C:\Program Files\Sandboxie 2012-06-24 07:08:17 -------- d-----w- C:\Users\Kurato\AppData\Local\Adobe 2012-06-24 07:08:14 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-06-24 07:07:40 -------- d-----w- C:\Program Files (x86)\PhotoshopCS5 2012-06-24 07:01:21 -------- d-----w- C:\Program Files (x86)\VLC 2012-06-24 07:00:43 -------- d-----w- C:\Users\Kurato\AppData\Roaming\GrabPro 2012-06-24 07:00:43 -------- d-----w- C:\downloads 2012-06-24 06:58:42 -------- d-----w- C:\Users\Kurato\AppData\Roaming\NetMeter 2012-06-24 06:50:43 -------- d-----w- C:\Users\Kurato\AppData\Local\Logitech 2012-06-24 06:46:36 -------- d-----w- C:\Users\Kurato\AppData\Roaming\CheckPoint 2012-06-24 06:46:33 -------- d-----w- C:\Program Files\CheckPoint 2012-06-24 06:46:32 -------- d-----w- C:\ProgramData\CheckPoint 2012-06-24 06:44:12 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Malwarebytes 2012-06-24 06:44:08 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-06-24 06:44:08 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-24 06:44:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-24 06:44:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-24 06:43:55 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-06-24 06:43:55 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-06-24 06:43:46 41224 ----a-w- C:\Windows\avastSS.scr 2012-06-24 06:43:42 -------- d-----w- C:\ProgramData\AVAST Software 2012-06-24 06:43:42 -------- d-----w- C:\Program Files\AVAST Software 2012-06-24 06:42:51 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-06-24 06:37:12 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-06-24 06:37:12 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-06-24 06:37:12 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-06-24 06:35:04 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-24 06:35:02 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-24 06:35:00 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-24 06:35:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-24 06:33:22 -------- d-----w- C:\Users\Kurato\AppData\Local\Google 2012-06-24 06:33:11 -------- d-----w- C:\Users\Kurato\AppData\Local\Deployment 2012-06-24 06:33:11 -------- d-----w- C:\Users\Kurato\AppData\Local\Apps 2012-06-24 06:32:27 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Intel Corporation 2012-06-24 06:32:26 -------- d-----w- C:\Users\Kurato\AppData\Local\ATI 2012-06-24 06:30:54 -------- d-sh--w- C:\Recovery . ==================== Find3M ==================== . 2012-07-04 17:17:00 1174979 ----a-w- C:\Windows\apppatch\unins000.exe 2012-06-07 00:28:31 0 ----a-w- C:\Windows\ativpsrm.bin 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-25 02:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-04-25 02:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 12:13:27.80 =============== attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 24/06/2012 4:31:52 PM System Uptime: 18/07/2012 9:35:25 AM (3 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | P8B75-M Processor: Intel® Core i7-3770 CPU @ 3.40GHz | LGA1155 | 3400/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 316.184 GiB free. D: is CDROM () F: is FIXED (NTFS) - 1863 GiB total, 1101.303 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP19: 12/07/2012 4:56:09 PM - Windows Update RP20: 18/07/2012 5:05:58 AM - Windows Update RP21: 18/07/2012 6:08:58 AM - Restore Operation RP22: 18/07/2012 6:33:18 AM - Windows Update RP23: 18/07/2012 9:43:46 AM - Made by Regsofts RP24: 18/07/2012 10:15:14 AM - Made by Regsofts . ==== Installed Programs ====================== . Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 11 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 Apple Application Support Apple Software Update Applian FLV and Media Player 3.1.1.12 avast! Free Antivirus Battlefield 3™ Battlelog Web Plugins Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Combined Community Codec Pack 2009-09-09 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition ESN Sonar forteManager Foxit Reader Fraps (remove only) Free FLV Converter V 7.4.0 Free Window Registry Repair Google Chrome HF pAppLoc version 1.0 HydraVision Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Java Auto Updater Java 6 Update 33 JavaFX 2.1.1 Junk Mail filter update Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft DirectX SDK (June 2010) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSI Afterburner 2.2.1 MSVCRT MSVCRT_amd64 Orbit Downloader Origin piaip AppLocale Platform PunkBuster Services Realtek Ethernet Controller Driver RGSS-RTP Standard RPG????2003 ???????????? RuneScape Launcher 1.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC 9.0 Runtime VIA Platform Device Manager VoiceOver Kit WebTablet IE Plugin WebTablet Netscape Plugin Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver Xvid Video Codec ZoneAlarm Firewall ZoneAlarm Free ZoneAlarm Security . ==== Event Viewer Messages From Past Week ======== . 18/07/2012 9:32:34 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 18/07/2012 9:32:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 18/07/2012 9:32:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 18/07/2012 9:32:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 18/07/2012 9:32:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 18/07/2012 9:32:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 18/07/2012 9:32:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 18/07/2012 9:32:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 18/07/2012 6:34:09 AM, Error: Microsoft Antimalware [2001] - 18/07/2012 6:33:58 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 18/07/2012 6:21:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 18/07/2012 6:20:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf 18/07/2012 6:06:01 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 14/07/2012 3:02:57 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1CEB4C62-8D9D-4311-8CE1-3F6BEBEF2E4B} because another computer on the network has the same name. The server could not start. 14/07/2012 3:02:57 AM, Error: NetBT [4321] - The name "KURATO-PC :20" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer. 14/07/2012 3:02:56 AM, Error: NetBT [4321] - The name "KURATO-PC :0" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer. . ==== End Of File =========================== rouge killer RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Kurato [Admin rights] Mode: Scan -- Date: 07/19/2012 05:29:45 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010DLE630 +++++ --- User --- [MBR] 90bba73f6877520179a1222c5fc75a5b [bSP] 85d0d21696e048363ee559c05208006c : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt thanks for replying. It been a whole day and I was really getting frustrated.
  13. also, the application is orbit recorder. and when i launch it, it give this error "TypeError: Components.classes[cid] is undefined"
  14. I was looking for a recording program for my gaming, someone suggested to me dxtory and apparently it have a lot of good review on youtube and some gaming forum, I went and download it via google. the first one I download it doesn't seem to do anything. I download another and they instruct me to install it first and run a licence file? I scan all these file before installation with avast and MB and nothing come up and now i believe my computer is infected. I even temporary install microsoft essential to scan but nothing show up as well. first 1: https://www.virustotal.com/file/2b48d1ef55fbb2fb2de9263d51728b34dd1c52a3da855ea30dc645156115640b/analysis/ second 1 (2 files): https://www.virustotal.com/file/cf3fcabf4446a5a8036f4ae4a1890c7b7304639d7d26a17890b65d650c861bd9/analysis/1342571304/ https://www.virustotal.com/file/cc083916b15fd3925069866c16112ced08b611094fa0cb7aaad2ca8854a5db86/analysis/1342571638/ when I run my browser, there was a quick flash of a tool bar saying something about ebay and disappear (I'm skeptical about it, I didn't install any tools bar). Also, now my firefox have this extension that I really need doesn't work anymore. I reinstall both application so many times but it still doesn't work. I install them both with my new laptop and it work fine. please help