Scan saved at 11:11:22 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
C:\Program Files\AT&T\Communication Manager\bmctl.exe
C:\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\AT&T\Communication Manager\bmop.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\ross\LOCALS~1\Temp\x8gs7138mh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ross\Desktop\tools.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {48f79447-a085-4468-a099-fb2fe5e42437} - c:\windows\system32\nazmtta.dll
O2 - BHO: C:\WINDOWS\system32\hs3i7jdgfd.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ross\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ross\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ross\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [thjinc0xns3q] C:\DOCUME~1\ross\LOCALS~1\Temp\oc7gvlk3n2x.exe
O4 - HKCU\..\Run: [qxc6oqax6eu9q57yivgo8xi0otrlkr0bcpax6dvq] C:\DOCUME~1\ross\LOCALS~1\Temp\psf5s4u.exe
O4 - HKCU\..\Run: [y2ddmjzaikixacvk] C:\DOCUME~1\ross\LOCALS~1\Temp\boo8pqetwiq.exe
O4 - HKCU\..\Run: [fx30ny01u4yeaaj0k2yizos0rxfy4ptrsdu2hrl3ytqb8fdm] C:\DOCUME~1\ross\LOCALS~1\Temp\dqys7xob2jot.exe
O4 - HKCU\..\Run: [fgi99nsuk1oq357an43f4yzg2] C:\DOCUME~1\ross\LOCALS~1\Temp\kyy7bsca8.exe
O4 - HKCU\..\Run: [silg88udc5dvmo4gaom8uw97u3x9fu99] C:\DOCUME~1\ross\LOCALS~1\Temp\x00f25aw.exe
O4 - HKCU\..\Run: [x86k07n5ao3uj] C:\DOCUME~1\ross\LOCALS~1\Temp\q1un7f2llodl.exe
O4 - HKCU\..\Run: [sd16g61tdeirt2pb5] C:\DOCUME~1\ross\LOCALS~1\Temp\v1bau1.exe
O4 - HKCU\..\Run: [n1nh0uhj8fsp7tsziuo712gomf8z8q0] C:\DOCUME~1\ross\LOCALS~1\Temp\cvzs4wd4tdzib.exe
O4 - HKCU\..\Run: [sejqol53n] C:\DOCUME~1\ross\LOCALS~1\Temp\v8n9bl.exe
O4 - HKCU\..\Run: [l96w0yoka84hoadbfg7en9oaf09c254] C:\DOCUME~1\ross\LOCALS~1\Temp\rt6b4mr4.exe
O4 - HKCU\..\Run: [n137lqtihbz1c1itsx7ck14yzel5rn8xdrre0nk3] C:\DOCUME~1\ross\LOCALS~1\Temp\qe6d1wuopg.exe
O4 - HKCU\..\Run: [tfso4u0s2at1rhjmyr] C:\DOCUME~1\ross\LOCALS~1\Temp\v26ad31ou7l.exe
O4 - HKCU\..\Run: [nnev6tn5qd4ygfvrf2tbap6t5n2u6h4dq] C:\DOCUME~1\ross\LOCALS~1\Temp\flpex28ptd.exe
O4 - HKCU\..\Run: [bax8aelsta5diuyzkb5sc23b7mi4wzbuz1g01pvq] C:\DOCUME~1\ross\LOCALS~1\Temp\x5b8wr.exe
O4 - HKCU\..\Run: [q4191no7tbpezrdig1tgaf3nab8bz3wqsgwbmce] C:\DOCUME~1\ross\LOCALS~1\Temp\ink1o4czwvd.exe
O4 - HKCU\..\Run: [aup5l0xn9p9a5xvelwdhss] C:\DOCUME~1\ross\LOCALS~1\Temp\e5dyzam.exe
O4 - HKCU\..\Run: [saaw33g15yo8lijjhospj5] C:\DOCUME~1\ross\LOCALS~1\Temp\j337ps.exe
O4 - HKCU\..\Run: [whu2xquxo1] C:\DOCUME~1\ross\LOCALS~1\Temp\boljbe5vyyg.exe
O4 - HKCU\..\Run: [af6467zh8ic4s1q08rwae9npkwqmuztt4ri0] C:\DOCUME~1\ross\LOCALS~1\Temp\x9ll4f9h8oddh.exe
O4 - HKCU\..\Run: [ygw18y99owr3ueuv0a] C:\DOCUME~1\ross\LOCALS~1\Temp\e8b6namt3af.exe
O4 - HKCU\..\Run: [aq4ga5s74wl6hp5iu18jx4rr345g3g8drla0uzvcy] C:\DOCUME~1\ross\LOCALS~1\Temp\h6iqspfdpmr2.exe
O4 - HKCU\..\Run: [khb4j2x1vzg8yoyjxf3wnmth25jxip0zohz39] C:\DOCUME~1\ross\LOCALS~1\Temp\jckn5z5z.exe
O4 - HKCU\..\Run: [l2oxtshreqi87as3iz2hld5awc2n9lh] C:\DOCUME~1\ross\LOCALS~1\Temp\qg384abe62j.exe
O4 - HKCU\..\Run: [ddfxqxri9cw56qsidido7n0klg2o3koojvk6obc7] C:\DOCUME~1\ross\LOCALS~1\Temp\qbr8ob.exe
O4 - HKCU\..\Run: [jh6b8s3baunpivsn6wo6d0xl3th9dc80qctt0rlq0wxeesn7] C:\DOCUME~1\ross\LOCALS~1\Temp\wyzgut95qclw7.exe
O4 - HKCU\..\Run: [qodbvr5pwtaa8ntkioet] C:\DOCUME~1\ross\LOCALS~1\Temp\sjp2grzoe.exe
O4 - HKCU\..\Run: [xx3o5op7vqgy9gqa5yashsodwy8] C:\DOCUME~1\ross\LOCALS~1\Temp\a6bh74w.exe
O4 - HKCU\..\Run: [yhtva26xszn694] C:\DOCUME~1\ross\LOCALS~1\Temp\v7yj9qt.exe
O4 - HKCU\..\Run: [b2oxwi2ore6ke9] C:\DOCUME~1\ross\LOCALS~1\Temp\l02smjzlqe9.exe
O4 - HKCU\..\Run: [hz9pevghjfxblzwaquofdn9rojuq1rzncxc0h] C:\DOCUME~1\ross\LOCALS~1\Temp\sz9dovcx6.exe
O4 - HKCU\..\Run: [k5dknkvizcar3s8vqedz30resayw2doyj3twy5f76mn] C:\DOCUME~1\ross\LOCALS~1\Temp\diswb5eq98.exe
O4 - HKCU\..\Run: [imxazdnjhagwbymwixhbesiywahvstmcnej29x6f3hdj4ov3t] C:\DOCUME~1\ross\LOCALS~1\Temp\esxu2my1a23.exe
O4 - HKCU\..\Run: [ove3tobnm2j2i196u5] C:\DOCUME~1\ross\LOCALS~1\Temp\kmnk2091zc1.exe
O4 - HKCU\..\Run: [kmsg9reym6bnzs5hrrt8tju2dvfr1e7q1z9dp363s5x] C:\DOCUME~1\ross\LOCALS~1\Temp\qbp7dc22.exe
O4 - HKCU\..\Run: [oazfs33do9c0qtr5cf6ibf2jk1q2rodd9p0ke8lk99] C:\DOCUME~1\ross\LOCALS~1\Temp\yfi6e7sb.exe
O4 - HKCU\..\Run: [fqeyltnual67] C:\DOCUME~1\ross\LOCALS~1\Temp\u5oiug5jh.exe
O4 - HKCU\..\Run: [kovsf822kap5prpx] C:\DOCUME~1\ross\LOCALS~1\Temp\w03ebbbq.exe
O4 - HKCU\..\Run: [k7r4bzwrrme8xoyextwfs3jpopo] C:\DOCUME~1\ross\LOCALS~1\Temp\sq50dck9b.exe
O4 - HKCU\..\Run: [uz2geyc0qmj9p8vf7p6seavmok2297b4ir19p46] C:\DOCUME~1\ross\LOCALS~1\Temp\rg025c0y.exe
O4 - HKCU\..\Run: [zamw4868k55v7vuhwk3vgfyl2d9fz] C:\DOCUME~1\ross\LOCALS~1\Temp\rljmvt5.exe
O4 - HKCU\..\Run: [bsuzl57of89d9dy86wos2nlx] C:\DOCUME~1\ross\LOCALS~1\Temp\br61nhbaqfd.exe
O4 - HKCU\..\Run: [pugvmvzhhbivlhcfv8nrb6wb6p0zk7mengd8ktq4] C:\DOCUME~1\ross\LOCALS~1\Temp\bhavfj3yli8.exe
O4 - HKCU\..\Run: [q08zy9yyuysfwefk6mz458qhe9cy46s2krcnsnorw] C:\DOCUME~1\ross\LOCALS~1\Temp\x8gs7138mh.exe
O4 - HKCU\..\Run: [y9h7y5ugj6oo0v4ylo8efggnz1x3520rjygh23j67bxoprrzei] C:\DOCUME~1\ross\LOCALS~1\Temp\kai0yv1ut.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\ross\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3487108013
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{208DB1EC-780C-468B-A1BC-EE669B9F7335}: NameServer = 209.183.50.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{208DB1EC-780C-468B-A1BC-EE669B9F7335}: NameServer = 209.183.50.151
O17 - HKLM\System\CS2\Services\Tcpip\..\{208DB1EC-780C-468B-A1BC-EE669B9F7335}: NameServer = 209.183.50.151
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ochmvxuf - C:\WINDOWS\SYSTEM32\nazmtta.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 16107 bytes