DS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Home at 0:47:04 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2212 [GMT -5:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\WINDOWS\System32\svchost.exe -k Akamai
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Symantec AntiVirus\DefWatch.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Active PC Optimizer\ActivePCOptimizerService.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\Program Files\Symantec AntiVirus\Rtvscan.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
H:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\System32\svchost.exe -k HTTPFilter
H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
H:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\PROGRA~1\SYMANT~1\VPTray.exe
H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
H:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
H:\Program Files\Pure Networks\Network Magic\nmapp.exe
H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
H:\Program Files\Microsoft IntelliType Pro\itype.exe
H:\Program Files\Microsoft IntelliPoint\ipoint.exe
H:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
H:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\IE New Window Maximizer\iemaximizer.exe
H:\Program Files\Brother\ControlCenter3\brccMCtl.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Documents and Settings\Home\Local Settings\Application Data\Akamai\netsession_win.exe
H:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
H:\Documents and Settings\Home\Local Settings\Application Data\Akamai\netsession_win.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\62ZFMPR8\HijackThis[1].exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3003489
uURLSearchHooks: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - h:\program files\productivity_3\prxtbPro2.dll
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - h:\program files\coupons.com\prxtbCoup.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - h:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - h:\program files\productivity_3\prxtbPro2.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - h:\program files\coupons.com\prxtbCoup.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - h:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - h:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - h:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - h:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - h:\program files\productivity_3\prxtbPro2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - h:\program files\coupons.com\prxtbCoup.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "h:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [IE New Window Maximizer] h:\program files\ie new window maximizer\iemaximizer.exe
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "h:\program files\messenger\msmsgs.exe" /background
uRun: [Akamai NetSession Interface] h:\documents and settings\home\local settings\application data\akamai\netsession_win.exe
uRunOnce: [FlashPlayerUpdate] h:\windows\system32\macromed\flash\FlashUtil11c_ActiveX.exe -update activex
mRun: [HDAudDeck] h:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [8169Diag] h:\program files\realtek\diagnostics utility\8169Diag.exe /hw
mRun: [ccApp] "h:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] h:\progra~1\symant~1\VPTray.exe
mRun: [PPort11reminder] "h:\program files\scansoft\paperport\ereg\ereg.exe" -r "h:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] h:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [nmctxth] "h:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "h:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [itype] "h:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "h:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Google Quick Search Box] "h:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "h:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ControlCenter3] h:\program files\brother\controlcenter3\brctrcen.exe /autorun
StartupFolder: h:\docume~1\home\startm~1\programs\startup\kuma_t~1.lnk - h:\program files\kuma games\kgsystray\Kuma_tray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/gl ... ad1_10.CAB
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 8597381100
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
TCP: Interfaces\{3AF08BE9-C351-4E03-949F-9283426DB1F2} : DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - h:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: NavLogon - h:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;h:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;h:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 Akamai;Akamai NetSession Interface;h:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 ccEvtMgr;Symantec Event Manager;h:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;h:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 LANPkt;Realtek LANPkt Protocol Driver;h:\windows\system32\drivers\LANPkt.sys [2009-4-1 8960]
R2 RegMumService;ActivePCOptimizer Service;h:\program files\active pc optimizer\ActivePCOptimizerService.exe [2010-9-18 1553344]
R2 Symantec AntiVirus;Symantec AntiVirus;h:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 Diag69xp;Diag69xp;h:\windows\system32\drivers\diag69xp.sys [2009-4-1 11264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;h:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-18 106104]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;h:\windows\system32\drivers\HCW85BDA.sys [2009-4-1 1129344]
R3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [2011-5-13 22216]
R3 NAVENG;NAVENG;h:\progra~1\common~1\symant~1\virusd~1\20111209.003\naveng.sys [2011-12-9 86136]
R3 NAVEX15;NAVEX15;h:\progra~1\common~1\symant~1\virusd~1\20111209.003\navex15.sys [2011-12-9 1576312]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;h:\windows\system32\drivers\viahduaa.sys [2009-4-1 874240]
S2 gupdate;Google Update Service (gupdate);h:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S2 MBAMService;MBAMService;h:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-14 366152]
S3 GamesAppService;GamesAppService;h:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);h:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 HauppaugeTVServer;HauppaugeTVServer;h:\progra~1\wintv\HCWTVS~1.EXE [2009-4-5 823296]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\h:\windows\system32\drivers\mbamswissarmy.sys --> h:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;h:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;h:\windows\system32\drivers\RTLVLAN.SYS [2009-4-1 16640]
S3 SavRoam;SAVRoam;h:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
.
=============== Created Last 30 ================
.
2011-12-10 20:43:34 -------- d-----w- H:\9abc9448b92ca30ef6e1bc
2011-12-10 20:41:42 -------- d-----w- h:\windows\system32\wbem\repository\FS
2011-12-10 20:41:42 -------- d-----w- h:\windows\system32\wbem\Repository
2011-11-19 13:05:08 -------- d-----w- h:\documents and settings\home\local settings\application data\Coupons.com
2011-11-19 13:05:06 -------- d-----w- h:\program files\Coupons.com
2011-11-19 13:04:59 398760 ----a-r- h:\windows\system32\cpnprt2.cid
2011-11-19 13:04:56 -------- d-----w- h:\program files\Coupons
.
==================== Find3M ====================
.
2011-10-06 02:29:53 414368 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 0:47:19.96 ===============