.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ZoNaN at 9:11:50.57 on Tue 05/17/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2039.1339 [GMT 8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Connectify\Connectifyd.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\ZoNaN\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Tensons.Application.DownloadAcceleratorManager.BHO: {00000003-1118-11da-8cd6-0800200c9888} - mscoree.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [{CEC46F47-EA21-7926-53A7-E75E647AC452}] c:\users\zonan\appdata\roaming\utorront\uTorrent.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with DAM - c:\program files\tensons\download accelerator manager\\addUrl.htm
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download &All with DAM - c:\program files\tensons\download accelerator manager\\addAllUrls.htm
IE: Download FLV &Video with DAM - c:\program files\tensons\download accelerator manager\\addDocUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Run DAM Media&Grabber - c:\program files\tensons\download accelerator manager\\runMg.htm
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {09E90109-A9AA-4980-BCEF-76F8D924E902}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {18CD65E9-8A37-4543-B9A1-32B74A110DA3} = 203.92.128.151 203.92.128.189
TCP: {6880FD49-E4EE-4594-B950-A669C095194E} = 156.154.70.22,156.154.71.22
TCP: {9B129031-1042-4E53-95E8-CBC9BD662B99} = 156.154.70.22,156.154.71.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\zonan\appdata\roaming\mozilla\firefox\profiles\fwtk4n4n.default\
FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\zonan\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\zonan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\zonan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 35768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-9 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-9 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-9 61960]
R2 Connectify;Connectify;c:\program files\connectify\Connectifyd.exe [2010-9-28 892992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-31 363344]
R3 connctfyMP;connctfyMP;c:\windows\system32\drivers\connctfy.sys [2010-8-11 29248]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-3-14 101248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-31 20952]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2007-3-7 2595840]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-13 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 connctfy;Connectify Service;c:\windows\system32\drivers\connctfy.sys [2010-8-11 29248]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-14 180736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-13 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-13 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-26 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-13 52224]
.
=============== Created Last 30 ================
.
2011-05-13 13:43:01 -------- d-----w- c:\users\zonan\appdata\local\Canon Easy-PhotoPrint EX
2011-05-12 16:59:10 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2d73ccfb-32b1-4d8c-861e-6ecde334a06d}\mpengine.dll
2011-05-11 10:12:30 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 10:12:30 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 10:12:25 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 09:52:47 -------- d-----w- c:\users\zonan\appdata\local\QuickPar
2011-05-11 09:50:33 -------- d-----w- c:\program files\QuickPar
2011-05-11 07:40:07 -------- d-----w- c:\program files\Tensons
2011-05-11 07:35:39 -------- d-----w- c:\users\zonan\appdata\roaming\GetRightToGo
2011-05-10 04:33:33 -------- d-----w- c:\users\zonan\appdata\roaming\DMCache
2011-05-09 14:30:05 -------- d-----w- c:\users\zonan\appdata\roaming\POWKEY
2011-05-09 14:30:05 -------- d-----w- c:\progra~2\IMEAM
2011-05-09 14:29:46 720896 ----a-w- c:\windows\system32\drivers\imon\pkservice.exe
2011-05-09 14:29:46 6823936 ----a-w- c:\windows\system32\drivers\imon\ToolkitPro1321vc60.dll
2011-05-09 14:29:46 61440 ----a-w- c:\windows\system32\drivers\imon\install_lsp.exe
2011-05-09 14:29:46 1806336 ----a-w- c:\windows\system32\drivers\imon\logviewer.exe
2011-05-09 14:29:46 147456 ----a-w- c:\windows\system32\drivers\imon\uninstall.exe
2011-05-09 14:29:46 110592 ----a-w- c:\windows\system32\drivers\imon\netconfig.dll
2011-05-09 14:29:46 -------- d--h--w- c:\windows\system32\drivers\imon
2011-05-09 14:29:42 -------- d--h--w- c:\progra~2\IMPKL
2011-05-09 13:08:57 -------- d-----w- c:\users\zonan\appdata\local\{F9ED1151-6AA7-470A-8622-8417703B8552}
2011-05-09 13:06:54 -------- d-----w- c:\users\zonan\appdata\local\{E71C2CFA-7B84-43A7-95C1-81F7FA157169}
2011-05-09 12:46:46 15712 ----a-w- c:\program files\common files\windows live\.cache\27b6626c1cc0e4701\MeshBetaRemover.exe
2011-05-09 12:45:59 -------- d-----w- c:\users\zonan\appdata\local\Windows Live
2011-05-09 12:45:55 -------- d-----w- c:\program files\common files\Windows Live
2011-05-09 02:08:58 -------- d-----w- c:\users\zonan\appdata\roaming\Avira
2011-05-09 02:00:31 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-09 02:00:26 -------- d-----w- c:\program files\Avira
2011-05-09 02:00:26 -------- d-----w- c:\progra~2\Avira
2011-05-07 00:44:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2011-05-07 00:44:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2011-05-07 00:44:29 -------- d-----w- c:\program files\Cheat Engine
2011-05-05 21:46:03 -------- d-----w- c:\users\zonan\appdata\local\ElevatedDiagnostics
2011-04-30 12:15:21 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-30 12:15:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-30 12:15:20 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-30 12:15:20 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-30 12:15:20 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-30 12:15:20 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-30 12:15:20 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-30 12:15:20 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-30 12:12:52 -------- d-----w- c:\program files\Orbitdownloader
2011-04-30 06:58:04 61440 ----a-w- c:\windows\system32\CleanMem.exe
2011-04-30 06:57:57 -------- d-----w- c:\windows\CleanMem
2011-04-30 06:57:57 -------- d-----w- c:\program files\CleanMem
2011-04-26 05:02:19 -------- d-sh--w- C:\found.000
2011-04-25 22:04:25 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-04-25 22:04:22 -------- d-----w- c:\program files\VS Revo Group
2011-04-25 21:28:05 -------- d-----r- C:\Sandbox
2011-04-25 21:05:46 -------- d-----w- c:\program files\Sandboxie
2011-04-23 20:01:18 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
==================== Find3M ====================
.
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-02 11:24:32 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-04-02 11:24:32 13824 ----a-w- c:\windows\system32\slwga.dll
2011-03-13 01:03:28 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 9:14:01.14 ===============