kurato Posted July 18, 2012 ID:572183 Share Posted July 18, 2012 I was looking for a recording program for my gaming, someone suggested to me dxtory and apparently it have a lot of good review on youtube and some gaming forum, I went and download it via google. the first one I download it doesn't seem to do anything. I download another and they instruct me to install it first and run a licence file? I scan all these file before installation with avast and MB and nothing come up and now i believe my computer is infected. I even temporary install microsoft essential to scan but nothing show up as well.first 1: https://www.virustotal.com/file/2b48d1ef55fbb2fb2de9263d51728b34dd1c52a3da855ea30dc645156115640b/analysis/second 1 (2 files): https://www.virustotal.com/file/cf3fcabf4446a5a8036f4ae4a1890c7b7304639d7d26a17890b65d650c861bd9/analysis/1342571304/https://www.virustotal.com/file/cc083916b15fd3925069866c16112ced08b611094fa0cb7aaad2ca8854a5db86/analysis/1342571638/when I run my browser, there was a quick flash of a tool bar saying something about ebay and disappear (I'm skeptical about it, I didn't install any tools bar). Also, now my firefox have this extension that I really need doesn't work anymore. I reinstall both application so many times but it still doesn't work. I install them both with my new laptop and it work fine. please help Link to post Share on other sites More sharing options...
kurato Posted July 18, 2012 Author ID:572191 Share Posted July 18, 2012 also, the application is orbit recorder. and when i launch it, it give this error "TypeError: Components.classes[cid] is undefined" Link to post Share on other sites More sharing options...
MrCharlie Posted July 18, 2012 ID:572354 Share Posted July 18, 2012 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs.....DDS.txt and Attach.txt<====><====><====><====><====><====><====><====>Next.......Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
kurato Posted July 18, 2012 Author ID:572562 Share Posted July 18, 2012 dds.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Kurato at 12:12:59 on 2012-07-18Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16323.11565 [GMT 10:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Sandboxie\SbieSvc.exeC:\Program Files\Tablet\Pen\Pen_TouchService.exeC:\Windows\system32\atieclxx.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Windows\system32\viakaraokesrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\CheckPoint\ZAForceField\ForceField.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Tablet\Pen\Pen_TouchUser.exeC:\Windows\system32\taskhost.exeC:\Program Files\Tablet\Pen\Pen_TabletUser.exeC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Logitech\GamePanel Software\LGDevAgt.exeC:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exeC:\Users\Kurato\Downloads\NoSleepHDv2.0.exeC:\Program Files\Sandboxie\SbieCtrl.exeC:\Users\Kurato\Downloads\NetMeter.exeC:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exeC:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exeC:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\rundll32.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Kurato\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localmWinlogon: Userinit=userinit.exeBHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dllTB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dlluRun: [Google Update] "C:\Users\Kurato\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupuRun: [NetMeter] C:\Users\Kurato\Downloads\NetMeter.exeuRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" amlmRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -startmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Kurato\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeStartupFolder: C:\Users\Kurato\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORTEM~1.LNK - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabTCP: DhcpNameServer = 61.9.133.193 61.9.134.49TCP: Interfaces\{1CEB4C62-8D9D-4311-8CE1-3F6BEBEF2E4B} : DhcpNameServer = 61.9.133.193 61.9.134.49Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLLBHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dllBHO-X64: btorbit.com - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dllBHO-X64: ZoneAlarm Security Engine Registrar - No FileBHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dllTB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dllmRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" amlmRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -startmRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe".================= FIREFOX ===================.FF - ProfilePath - C:\Users\Kurato\AppData\Roaming\Mozilla\Firefox\Profiles\9ejt6izh.default\FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dllFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dllFF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dllFF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dllFF - plugin: C:\Users\Kurato\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Users\Kurato\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-11 44808]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-7 13592]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-4 33672]R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-4 827520]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-7 161560]R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-6-26 7329648]R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-6-26 719216]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-7 363800]R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2012-6-24 14336]S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2012-6-24 17408]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-18 113120]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2012-07-18 00:16:05 -------- d-----w- C:\Program Files (x86)\Orbitdownloader2012-07-17 21:04:07 -------- d-----w- C:\Windows\SysWow64\directx2012-07-17 20:57:23 696832 ----a-w- C:\Windows\System32\xvidcore.dll2012-07-17 20:57:23 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll2012-07-17 20:57:23 255488 ----a-w- C:\Windows\System32\xvidvfw.dll2012-07-17 20:57:23 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll2012-07-17 20:57:23 173568 ----a-w- C:\Windows\System32\xvid.ax2012-07-17 20:57:23 153088 ----a-w- C:\Windows\SysWow64\xvid.ax2012-07-17 20:47:22 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Babylon2012-07-17 20:47:22 -------- d-----w- C:\ProgramData\Babylon2012-07-17 20:34:16 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{631C9269-C4F6-429B-AE51-8D8EB5EF94E3}\mpengine.dll2012-07-17 19:51:48 -------- d-----w- C:\Users\Kurato\AppData\Roaming\ProgSense2012-07-17 19:40:07 -------- d-----w- C:\Windows\IswTmp2012-07-17 19:36:18 -------- d-----w- C:\Users\Kurato\AppData\Roaming\OpenCandy2012-07-17 08:42:11 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2.32012-07-17 08:40:27 -------- d-----w- C:\Program Files (x86)\MSI Afterburner2012-07-17 08:09:19 -------- d-----w- C:\ProgramData\Tarma Installer2012-07-17 05:21:19 -------- d-----w- C:\Users\Kurato\AppData\Local\Dxtory Software2012-07-17 05:21:16 3673600 ----a-w- C:\Windows\System32\DxtoryCodec64.dll2012-07-17 05:21:16 3166720 ----a-w- C:\Windows\SysWow64\DxtoryCodec.dll2012-07-17 04:57:07 -------- d-----w- C:\Program Files (x86)\Xvid2012-07-16 20:40:01 -------- d-----w- C:\Users\Kurato\AppData\Local\{1594C066-068D-4811-92E4-2496F94DAF42}2012-07-16 20:39:50 -------- d-----w- C:\Users\Kurato\AppData\Local\{9E2B5AFD-08C8-4C71-B64A-CADC4C5FC48A}2012-07-14 05:06:31 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair2012-07-12 06:57:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-07-12 06:57:07 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-07-11 20:13:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-07-11 20:13:31 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-07-11 20:13:30 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-07-10 18:16:15 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2012-07-10 13:55:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-10 13:55:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-07-09 18:15:15 -------- d-----w- C:\Users\Kurato\AppData\Local\Microsoft Games2012-07-09 17:41:47 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Clickteam2012-07-06 17:37:26 -------- d-----w- C:\Program Files (x86)\Common Files\Enterbrain2012-07-06 17:33:47 -------- d-----w- C:\Program Files (x86)\Enterbrain2012-07-06 17:33:42 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll2012-07-06 17:33:42 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll2012-07-06 17:33:42 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll2012-07-06 17:33:42 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll2012-07-06 17:33:42 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll2012-07-02 10:04:34 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2012-07-02 09:59:20 544008 ----a-w- C:\Windows\System32\npdeployJava1.dll2012-07-02 09:59:20 525576 ----a-w- C:\Windows\System32\deployJava1.dll2012-07-02 09:27:19 -------- d-----w- C:\Users\Kurato\AppData\Local\Sun2012-07-01 17:42:31 -------- d-----w- C:\Users\Kurato\AppData\Local\NoSleepHD2012-06-30 08:06:43 -------- d-----w- C:\Windows\PCHEALTH2012-06-30 08:04:14 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services2012-06-30 08:03:59 -------- d-----w- C:\Users\Kurato\AppData\Local\Microsoft Help2012-06-29 19:34:32 -------- d-----w- C:\Users\Kurato\AppData\Local\{4CB83D14-CB75-4BCC-AEC7-5E7BD70A1065}2012-06-29 19:34:21 -------- d-----w- C:\Users\Kurato\AppData\Local\{90676FAA-3E5F-4131-A9DF-C60C4A0BEF6D}2012-06-29 14:48:43 -------- d-----w- C:\ProgramData\Virtualized Applications2012-06-28 22:32:19 -------- d-----w- C:\Users\Kurato\AppData\Local\{A455DB40-11E2-49F2-81DB-FD9C9A58FAFC}2012-06-28 22:32:08 -------- d-----w- C:\Users\Kurato\AppData\Local\{9CD6AA8A-6E21-4E6B-B94D-F9DB7BBAABDA}2012-06-28 22:32:08 -------- d-----w- C:\Users\Kurato\AppData\Local\{08AD3E63-89C6-4B92-B6AE-9E268E612230}2012-06-28 15:06:22 -------- d-----w- C:\ProgramData\VirtualizedApplications2012-06-28 12:49:33 -------- d-----w- C:\Users\Kurato\AppData\Local\SoftGrid Client2012-06-28 12:49:32 -------- d-----w- C:\Users\Kurato\AppData\Roaming\SoftGrid Client2012-06-28 12:47:12 -------- d-----w- C:\Users\Kurato\AppData\Roaming\TP2012-06-28 12:24:08 -------- d-----w- C:\Users\Kurato\AppData\Local\ElevatedDiagnostics2012-06-28 11:15:40 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll2012-06-28 11:15:35 336208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2012-06-27 09:32:08 -------- d-----w- C:\Windows\.jagex_cache_322012-06-27 09:15:24 -------- d-----w- C:\Program Files (x86)\Oracle2012-06-27 00:50:30 902656 ----a-w- C:\Windows\System32\d2d1.dll2012-06-27 00:50:30 1139200 ----a-w- C:\Windows\System32\FntCache.dll2012-06-27 00:50:29 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll2012-06-26 13:33:17 -------- d-----w- C:\Program Files (x86)\Bamboo Dock2012-06-26 13:31:47 648560 ------w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll2012-06-26 13:31:47 -------- d-----w- C:\Users\Kurato\AppData\Roaming\WTablet2012-06-26 13:31:46 755568 ------w- C:\Windows\System32\Pen_Touch_Tablet.dll2012-06-26 13:31:41 -------- d-----w- C:\Program Files (x86)\TabletPlugins2012-06-26 13:31:19 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys2012-06-26 13:31:15 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys2012-06-26 13:31:14 18288 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys2012-06-26 13:31:11 495616 ------w- C:\Windows\SysWow64\Wintab32.dll2012-06-26 13:31:10 588800 ------w- C:\Windows\System32\Wintab32.dll2012-06-26 13:31:09 762224 ------w- C:\Windows\System32\Pen_Tablet.dll2012-06-26 13:31:09 656240 ------w- C:\Windows\SysWow64\Pen_Tablet.dll2012-06-26 13:31:00 -------- d-----w- C:\Program Files\Tablet2012-06-26 06:05:05 -------- d-----w- C:\Users\Kurato\AppData\Local\{A7ECCC16-8A21-4932-B00C-C32A03E0F64F}2012-06-26 06:04:42 -------- d-----w- C:\Users\Kurato\AppData\Local\{F3D8D91E-28AC-4481-B292-99107F525376}2012-06-26 06:04:28 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Windows Live Writer2012-06-26 06:04:28 -------- d-----w- C:\Users\Kurato\AppData\Local\Windows Live Writer2012-06-25 19:40:04 -------- d---a-w- C:\Users\Kurato\dung2012-06-25 19:39:42 -------- d-sha-w- C:\Users\Kurato\$RECYCLE.BIN2012-06-25 19:28:05 -------- d-----w- C:\ZHDD backup2012-06-25 04:18:38 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Applian FLV and Media Player2012-06-25 04:13:25 -------- d-----w- C:\Windows\SysWow64\Wat2012-06-25 04:13:25 -------- d-----w- C:\Windows\System32\Wat2012-06-24 20:21:30 81408 ----a-w- C:\Windows\System32\imagehlp.dll2012-06-24 20:21:30 5120 ----a-w- C:\Windows\System32\wmi.dll2012-06-24 20:21:30 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys2012-06-24 20:21:30 220672 ----a-w- C:\Windows\System32\wintrust.dll2012-06-24 20:21:30 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-06-24 20:21:30 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2012-06-24 20:21:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll2012-06-24 20:08:04 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Unity2012-06-24 20:07:43 -------- d-----w- C:\Users\Kurato\AppData\Local\Unity2012-06-24 17:18:57 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2012-06-24 17:17:57 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax2012-06-24 17:16:59 77312 ----a-w- C:\Windows\System32\packager.dll2012-06-24 17:16:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll2012-06-24 17:14:34 9013136 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2012-06-24 11:46:16 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2012-06-24 11:46:12 -------- d-----w- C:\Users\Kurato\AppData\Local\PunkBuster2012-06-24 11:44:11 -------- d-----w- C:\ProgramData\EA Logs2012-06-24 11:14:17 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins2012-06-24 11:10:10 -------- d-----w- C:\ProgramData\EA Core2012-06-24 11:05:03 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller2012-06-24 11:04:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2012-06-24 11:04:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02012-06-24 11:04:24 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2012-06-24 10:34:47 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Origin2012-06-24 10:34:45 -------- d-----w- C:\Users\Kurato\AppData\Local\Origin2012-06-24 10:34:38 -------- d-----w- C:\ProgramData\Origin2012-06-24 10:34:38 -------- d-----w- C:\ProgramData\Electronic Arts2012-06-24 10:34:38 -------- d-----w- C:\Program Files (x86)\Origin Games2012-06-24 10:34:31 -------- d-----w- C:\Program Files (x86)\Origin2012-06-24 10:14:21 -------- d-----w- C:\Windows\SysWow64\Adobe2012-06-24 09:54:03 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack2012-06-24 08:36:23 -------- d-----w- C:\Users\Kurato\AppData\Roaming\.minecraft2012-06-24 08:33:22 -------- d-----w- C:\Users\Kurato\AppData\Local\Apple Computer2012-06-24 08:33:17 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2012-06-24 08:33:17 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll2012-06-24 08:33:17 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll2012-06-24 08:33:00 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2012-06-24 08:33:00 -------- d-----w- C:\Program Files\iTunes2012-06-24 08:33:00 -------- d-----w- C:\Program Files\iPod2012-06-24 08:33:00 -------- d-----w- C:\Program Files (x86)\iTunes2012-06-24 08:32:53 -------- d-----w- C:\Users\Kurato\AppData\Local\Apple2012-06-24 08:32:32 -------- d-----w- C:\Program Files\Bonjour2012-06-24 08:32:32 -------- d-----w- C:\Program Files (x86)\Bonjour2012-06-24 08:30:02 -------- d-----w- C:\Users\Kurato\Tracing2012-06-24 08:27:14 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28c7fbbe1cd51e339\MeshBetaRemover.exe2012-06-24 08:25:41 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0d61ac51cd51e22c\DSETUP.dll2012-06-24 08:25:41 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0d61ac51cd51e22c\DXSETUP.exe2012-06-24 08:25:41 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0d61ac51cd51e22c\dsetup32.dll2012-06-24 08:25:35 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed59f24f1cd51e22b\DSETUP.dll2012-06-24 08:25:35 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed59f24f1cd51e22b\DXSETUP.exe2012-06-24 08:25:35 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ed59f24f1cd51e22b\dsetup32.dll2012-06-24 08:23:08 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\956b638d1cd51e217\Silverlight.4.0.exe2012-06-24 08:20:30 -------- d-----w- C:\Users\Kurato\AppData\Local\Windows Live2012-06-24 08:20:30 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live2012-06-24 08:11:48 111960 ----a-w- C:\Windows\dxsdkuninst.exe2012-06-24 08:11:48 -------- d-----w- C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)2012-06-24 07:49:34 -------- d-----w- C:\Users\Kurato\jagexcache2012-06-24 07:49:04 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-06-24 07:26:26 -------- d-----w- C:\Program Files (x86)\Applian Technologies2012-06-24 07:24:05 438272 ----a-w- C:\shimgvw.dll2012-06-24 07:24:05 33280 ----a-w- C:\rundll32.exe2012-06-24 07:18:50 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared2012-06-24 07:16:22 -------- d-----w- C:\Users\Kurato\AppData\Local\Macromedia2012-06-24 07:13:46 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Foxit2012-06-24 07:13:39 -------- d-----w- C:\Program Files (x86)\Foxit Software2012-06-24 07:12:26 -------- d-----w- C:\Program Files\Sandboxie2012-06-24 07:08:17 -------- d-----w- C:\Users\Kurato\AppData\Local\Adobe2012-06-24 07:08:14 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe2012-06-24 07:07:40 -------- d-----w- C:\Program Files (x86)\PhotoshopCS52012-06-24 07:01:21 -------- d-----w- C:\Program Files (x86)\VLC2012-06-24 07:00:43 -------- d-----w- C:\Users\Kurato\AppData\Roaming\GrabPro2012-06-24 07:00:43 -------- d-----w- C:\downloads2012-06-24 06:58:42 -------- d-----w- C:\Users\Kurato\AppData\Roaming\NetMeter2012-06-24 06:50:43 -------- d-----w- C:\Users\Kurato\AppData\Local\Logitech2012-06-24 06:46:36 -------- d-----w- C:\Users\Kurato\AppData\Roaming\CheckPoint2012-06-24 06:46:33 -------- d-----w- C:\Program Files\CheckPoint2012-06-24 06:46:32 -------- d-----w- C:\ProgramData\CheckPoint2012-06-24 06:44:12 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Malwarebytes2012-06-24 06:44:08 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys2012-06-24 06:44:08 -------- d-----w- C:\ProgramData\Malwarebytes2012-06-24 06:44:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-06-24 06:44:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-06-24 06:43:55 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2012-06-24 06:43:55 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2012-06-24 06:43:46 41224 ----a-w- C:\Windows\avastSS.scr2012-06-24 06:43:42 -------- d-----w- C:\ProgramData\AVAST Software2012-06-24 06:43:42 -------- d-----w- C:\Program Files\AVAST Software2012-06-24 06:42:51 -------- d-----w- C:\Program Files (x86)\CheckPoint2012-06-24 06:37:12 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll2012-06-24 06:37:12 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys2012-06-24 06:37:12 1031680 ----a-w- C:\Windows\System32\rdpcore.dll2012-06-24 06:35:04 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-24 06:35:02 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-24 06:35:00 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-24 06:35:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-24 06:33:22 -------- d-----w- C:\Users\Kurato\AppData\Local\Google2012-06-24 06:33:11 -------- d-----w- C:\Users\Kurato\AppData\Local\Deployment2012-06-24 06:33:11 -------- d-----w- C:\Users\Kurato\AppData\Local\Apps2012-06-24 06:32:27 -------- d-----w- C:\Users\Kurato\AppData\Roaming\Intel Corporation2012-06-24 06:32:26 -------- d-----w- C:\Users\Kurato\AppData\Local\ATI2012-06-24 06:30:54 -------- d-sh--w- C:\Recovery.==================== Find3M ====================.2012-07-04 17:17:00 1174979 ----a-w- C:\Windows\apppatch\unins000.exe2012-06-07 00:28:31 0 ----a-w- C:\Windows\ativpsrm.bin2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe2012-04-25 02:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys2012-04-25 02:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll.============= FINISH: 12:13:27.80 ===============attach.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 24/06/2012 4:31:52 PMSystem Uptime: 18/07/2012 9:35:25 AM (3 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | P8B75-MProcessor: Intel® Core i7-3770 CPU @ 3.40GHz | LGA1155 | 3400/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 931 GiB total, 316.184 GiB free.D: is CDROM ()F: is FIXED (NTFS) - 1863 GiB total, 1101.303 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP19: 12/07/2012 4:56:09 PM - Windows UpdateRP20: 18/07/2012 5:05:58 AM - Windows UpdateRP21: 18/07/2012 6:08:58 AM - Restore OperationRP22: 18/07/2012 6:33:18 AM - Windows UpdateRP23: 18/07/2012 9:43:46 AM - Made by RegsoftsRP24: 18/07/2012 10:15:14 AM - Made by Regsofts.==== Installed Programs ======================.Adobe Bridge 1.0Adobe Common File InstallerAdobe Flash Player 11 PluginAdobe Help Center 1.0Adobe Photoshop CS2Adobe Shockwave Player 11.5Adobe Stock Photos 1.0Apple Application SupportApple Software UpdateApplian FLV and Media Player 3.1.1.12avast! Free AntivirusBattlefield 3™Battlelog Web PluginsCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCombined Community Codec Pack 2009-09-09D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionESN SonarforteManagerFoxit ReaderFraps (remove only)Free FLV Converter V 7.4.0Free Window Registry RepairGoogle ChromeHF pAppLoc version 1.0HydraVisionIntel® Control CenterIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® USB 3.0 eXtensible Host Controller DriverJava Auto UpdaterJava 6 Update 33JavaFX 2.1.1Junk Mail filter updateMacromedia Extension ManagerMacromedia Flash 8Macromedia Flash 8 Video EncoderMacromedia Flash Player 8Malwarebytes Anti-Malware version 1.61.0.1400Microsoft DirectX SDK (June 2010)Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Mozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMSI Afterburner 2.2.1MSVCRTMSVCRT_amd64Orbit DownloaderOriginpiaip AppLocalePlatformPunkBuster ServicesRealtek Ethernet Controller DriverRGSS-RTP StandardRPG????2003 ????????????RuneScape Launcher 1.2Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598039) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit EditionUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553385) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597091) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionVC 9.0 RuntimeVIA Platform Device ManagerVoiceOver KitWebTablet IE PluginWebTablet Netscape PluginWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR archiverXvid Video CodecZoneAlarm FirewallZoneAlarm FreeZoneAlarm Security.==== Event Viewer Messages From Past Week ========.18/07/2012 9:32:34 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.18/07/2012 9:32:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}18/07/2012 9:32:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}18/07/2012 9:32:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}18/07/2012 9:32:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}18/07/2012 9:32:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}18/07/2012 9:32:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}18/07/2012 9:32:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.18/07/2012 9:32:16 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.18/07/2012 6:34:09 AM, Error: Microsoft Antimalware [2001] - 18/07/2012 6:33:58 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.18/07/2012 6:21:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}18/07/2012 6:20:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf18/07/2012 6:06:01 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.14/07/2012 3:02:57 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1CEB4C62-8D9D-4311-8CE1-3F6BEBEF2E4B} because another computer on the network has the same name. The server could not start.14/07/2012 3:02:57 AM, Error: NetBT [4321] - The name "KURATO-PC :20" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.14/07/2012 3:02:56 AM, Error: NetBT [4321] - The name "KURATO-PC :0" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer..==== End Of File ===========================rouge killerRogueKiller V7.6.4 [07/17/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Kurato [Admin rights]Mode: Scan -- Date: 07/19/2012 05:29:45¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 5 ¤¤¤[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HDS721010DLE630 +++++--- User ---[MBR] 90bba73f6877520179a1222c5fc75a5b[bSP] 85d0d21696e048363ee559c05208006c : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txtthanks for replying. It been a whole day and I was really getting frustrated. Link to post Share on other sites More sharing options...
MrCharlie Posted July 18, 2012 ID:572596 Share Posted July 18, 2012 thanks for replying. It been a whole day and I was really getting frustrated. We're volunteers so you have to be patient.Do you want to get rid of Dxtory from the computer??Did you install NetMeter??Let me know, MrC Link to post Share on other sites More sharing options...
kurato Posted July 18, 2012 Author ID:572627 Share Posted July 18, 2012 I have attempt to remove dxtory, but it the fake files that I worry about, apparently I downloaded bogus version of dxtory licence file, after searching it again, apparently it a crack license and someone rename it. it install some tools bar that I removed (I cant remember what it call) and it damaged my orbit downloader extension on firefox. no amount of reinstalling both application fix it so I believe my computer might be infected still. Although like I mention, MB, avast, and microsoft essential did not pick up anything but on virus total other AV pick it up.I have netmeter, nothing seem out of place, about 1Gb per day. except yesterday, 2 Gb because I constantly reinstalling firefox and orbit downloader to make it work together. Link to post Share on other sites More sharing options...
MrCharlie Posted July 18, 2012 ID:572633 Share Posted July 18, 2012 OK, please do this.....Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.The scan will take about 10 minutes...depends on your hard drive size.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
kurato Posted July 18, 2012 Author ID:572648 Share Posted July 18, 2012 hereOTL.TxtExtras.Txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 18, 2012 ID:572689 Share Posted July 18, 2012 Please do this:Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTL[2012/07/17 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Kurato\AppData\Local\Dxtory Software[2012/07/17 15:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DXtory2[2012/07/17 15:21:16 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll[2012/07/17 15:21:16 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll:FilesC:\Users\Kurato\AppData\Local\Dxtory SoftwareC:\ProgramData\Microsoft\Windows\Start Menu\Programs\DXtory2C:\Windows\SysNative\DxtoryCodec64.dllC:\Windows\SysWow64\DxtoryCodec.dll:Commands[EMPTYJAVA][emptytemp]Then click the Run Fix button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.MrC Link to post Share on other sites More sharing options...
kurato Posted July 18, 2012 Author ID:572704 Share Posted July 18, 2012 All processes killed========== OTL ==========C:\Users\Kurato\AppData\Local\Dxtory Software\Dxtory2.0\Profiles folder moved successfully.C:\Users\Kurato\AppData\Local\Dxtory Software\Dxtory2.0 folder moved successfully.C:\Users\Kurato\AppData\Local\Dxtory Software folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DXtory2 folder moved successfully.C:\Windows\SysNative\DxtoryCodec64.dll moved successfully.C:\Windows\SysWOW64\DxtoryCodec.dll moved successfully.========== FILES ==========File\Folder C:\Users\Kurato\AppData\Local\Dxtory Software not found.File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DXtory2 not found.File\Folder C:\Windows\SysNative\DxtoryCodec64.dll not found.File\Folder C:\Windows\SysWow64\DxtoryCodec.dll not found.========== COMMANDS ==========[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: Kurato->Java cache emptied: 0 bytesUser: PublicTotal Java Files Cleaned = 0.00 mb[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Kurato->Temp folder emptied: 239267845 bytes->Temporary Internet Files folder emptied: 31578629 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 75024488 bytes->Google Chrome cache emptied: 357874707 bytes->Flash cache emptied: 8961 bytesUser: Public%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 119958534 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36093732 bytesRecycleBin emptied: 1900474100 bytesTotal Files Cleaned = 2,632.00 mbOTL by OldTimer - Version 3.2.54.0 log created on 07192012_080741Files\Folders moved on Reboot...C:\Users\Kurato\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Kurato\AppData\Local\Temp\~DF601E77FC07F8F018.TMP moved successfully.File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.C:\Windows\temp\ZLT01422.TMP moved successfully.PendingFileRenameOperations files...File C:\Users\Kurato\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!File C:\Users\Kurato\AppData\Local\Temp\~DF601E77FC07F8F018.TMP not found![2012/07/19 08:12:35 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5File C:\Windows\temp\ZLT01422.TMP not found!Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
MrCharlie Posted July 18, 2012 ID:572716 Share Posted July 18, 2012 OK, next............Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
kurato Posted July 18, 2012 Author ID:572721 Share Posted July 18, 2012 hereComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 18, 2012 ID:572731 Share Posted July 18, 2012 I suggest you uninstall this:Free Window Registry RepairRegistry cleaners are snake oil and useless, cause more problems and do no good!Please don't use them!!!!!!!!!!-------------------------------------------------Please do this....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the quotebox below into it:4. If ComboFix wants to update.....please allow it to.Driver::omvwjhhktrgnqxgyFile::c:\windows\system32\drivers\omvwjhhk.sysc:\windows\system32\drivers\trgnqxgy.sysFolder::c:\programdata\BabylonRegistry::ClearJavaCache::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeCAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.After reboot, (in case it asks to reboot)......Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.MrC Link to post Share on other sites More sharing options...
kurato Posted July 18, 2012 Author ID:572746 Share Posted July 18, 2012 hereComboFix.txt Link to post Share on other sites More sharing options...
kurato Posted July 19, 2012 Author ID:572888 Share Posted July 19, 2012 bump Link to post Share on other sites More sharing options...
MrCharlie Posted July 19, 2012 ID:572930 Share Posted July 19, 2012 There's no need to bump your post:I volunteer my free time to help you,Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
kurato Posted July 19, 2012 Author ID:572991 Share Posted July 19, 2012 MB did not pick up anything. my computer seem clean, but what ever virus/malware was installed have damaged my firefox and it orbit downloader extension. Something similar like this happened once to one of my old computer where a virus tool bar damaged my orbit extension. But unlike my old computer, reinstalling both firefox and orbit did not fix it. I used the same installers and put it on a laptop and the application work fine. The virus hid the extension primary button, clear and disable any ability to edit the extension application option. So I believed that what ever cause it is still there, or did some damages that I can not fix by myself. Also, sorry for bumping the thread, I know you volunteer to help me but I was a bit anxious while waiting for the next step.mbam-log-2012-07-19 (23-28-22).txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 19, 2012 ID:572996 Share Posted July 19, 2012 Update your avast anti-virus and run a full scan, let me know what it finds, MrC Link to post Share on other sites More sharing options...
kurato Posted July 19, 2012 Author ID:573165 Share Posted July 19, 2012 the full scan show up nothing Link to post Share on other sites More sharing options...
MrCharlie Posted July 19, 2012 ID:573169 Share Posted July 19, 2012 So how is it running??? MrC Link to post Share on other sites More sharing options...
kurato Posted July 19, 2012 Author ID:573177 Share Posted July 19, 2012 I reinstalled it again and the extension still not working. Link to post Share on other sites More sharing options...
kurato Posted July 19, 2012 Author ID:573181 Share Posted July 19, 2012 here a screenshot, the main icon for the extension been hiden, the option via tools been cleared and none of the button work except cancel. http://i.imgur.com/4c5nH.png Link to post Share on other sites More sharing options...
MrCharlie Posted July 19, 2012 ID:573226 Share Posted July 19, 2012 OK, I don't use FF nor am I familiar with it, what I can do is refer you to a FF support site and I'm sure that they'll be able to help you with the problem.Does that sound OK to you?MrC Link to post Share on other sites More sharing options...
kurato Posted July 19, 2012 Author ID:573242 Share Posted July 19, 2012 that would be great, hopefully it just the virus damaged it, not still here. thanks you MrC Link to post Share on other sites More sharing options...
MrCharlie Posted July 19, 2012 ID:573264 Share Posted July 19, 2012 Here's a couple:http://support.mozilla.org/en-US/questions/newhttp://www.computerhope.com/forum/index.php?board=3.0I'll keep the post open until you get it resolved, so let me know, MrC Link to post Share on other sites More sharing options...
Recommended Posts