aandasdad

I updated the file as requested. I have not run the eset scanner yet, will do shortly.

Yes, there is a zipped file in the Qoobox\Quarantine folder. Here is the Root Repeal log: ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/05/05 21:13 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ================================================== Hidden/Locked Files ------------------- Path: C:\WINNT\system32\config\software.LOG Status: Size mismatch (API: 16384, Raw: 1024) Path: C:\oracle\products\9.2.0.1\oramts\trace\OracleMTSRecoveryService(1800).trc Status: Size mismatch (API: 1107047, Raw: 1106683) Path: C:\Documents and Settings\cwiakj\Application Data\Adobe\Acrobat\7.0\Preferences\AcrobatColorSettings.csf Status: Could not get file information (Error 0xc0000008)

I was already able to view hidden files and folders and it's not there, but I should have said previously that I did have the qoobox folder. In qoobox, I have the following folders: BackEnv LastRun Quarantine Test TestC And the following files: CFScript_used_2009-05-02_20.56.08.txt CF-Submit.htm CurlIt.cmd LogA Should I try running CF again in safe mode?

Hmmm. No file anywhere called ComboFix-quarantined-files.txt Could it be called anything else?

System seems to be working normally, have not had browser problems and was able to run defrag again. The million dollar question - if it's gone, what the heck was that???

Had some issues with the system locking during/after the ComboFix run. Had to stop some of the start up processes and was able to complete boot up. Here's the ComboFix.txt log: ComboFix 09-05-02.4 - cwiakj 05/02/2009 20:56:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.998.507 [GMT -4:00] Running from: C:\Documents and Settings\cwiakj\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\cwiakj\Desktop\CFScript.txt FILE :: c:\winnt\system32\drivers\pxhelp200.sys C:\WINNT\System32\Drivers\sfc.SYS file zipped: c:\WINNT\Qk1T\Suspect_k4Yn.vbs.vir . And the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:29 PM, on 5/2/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Novell\XTAgent.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\cvpnd.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Novell\ZENworks\nalntsrv.exe c:\oracle\products\9.2.0.1\bin\omtsreco.exe C:\PROGRA~1\PHAROS~1\BLUEPR~1\Bin\CTskMstr.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe c:\winnt\system32\svrsvc\svrsvc.exe C:\WINNT\System32\TPHDEXLG.exe C:\WINNT\system32\TpKmpSVC.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe C:\WINNT\system32\SearchIndexer.exe C:\Program Files\Novell\ZENworks\wm.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\taskmgr.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\igfxsrvc.exe C:\WINNT\system32\igfxpers.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Novell\ZENworks\NalAgent.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINNT\system32\dpmw32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINNT\system32\NWTRAY.EXE C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\eRoom 7\ERClient7.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe C:\WINNT\system32\msiexec.exe C:\WINNT\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onebms.bms.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.bms.com/cs/ie.nsf/thunderbird R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://mcd-server/mcd/proxy.pac O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Naldesk] "C:\Program Files\Novell\ZENworks\NALDESK.EXE" /ns O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [NDPS] C:\WINNT\system32\dpmw32.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINNT\system32\zentray.exe O4 - HKLM\..\Run: [bMS Asset Confirmation] C:\i386\Options\ZAM Languages\AssetConfirmation-01.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe O4 - HKLM\..\Run: [sKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [combofix] C:\WINNT\system32\CF3119.exe /c C:\ComboFix\Combobatch.bat O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BMS-IMSS RemoteAccess VPN Client.lnk = C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\vpngui.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll O12 - Plugin for .cgi: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll O14 - IERESET.INF: START_PAGE_URL=http://onebms.bms.com O16 - DPF: RightSiteApplet - http://rapid.bms.com/RightSiteDir/applet/rs_applet.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STUrlConLoader.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STAutoAwayLoader.cab O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - http://hpwnavp01.net.bms.com/eRoomSetup/client.cab O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STJNILoader.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = one.ads.bms.com O17 - HKLM\Software\..\Telephony: DomainName = one.ads.bms.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = one.ads.bms.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = one.ads.bms.com O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINNT\system32\cusrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\cvpnd.exe O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\oracle\products\9.2.0.1\bin\omtsreco.exe O23 - Service: OracleORAHOME92_DTSClientCache - Unknown owner - c:\oracle\products\9.2.0.1\BIN\ONRSD.EXE O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\BLUEPR~1\Bin\CTskMstr.exe O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: svrsvc - Unknown owner - c:\winnt\system32\svrsvc\svrsvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINNT\System32\Novell\XTAgent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe -- End of file - 16004 bytes

RootRepeal Log: ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/05/01 19:40 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\WINNT\system32\DRIVERS\1394BUS.SYS Address: 0xF7585000 Size: 53248 File Visible: - Status: - Name: ACPI.sys Image Path: ACPI.sys Address: 0xF73E6000 Size: 187776 File Visible: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2142208 File Visible: - Status: - Name: ACPIEC.sys Image Path: ACPIEC.sys Address: 0xF7931000 Size: 11648 File Visible: - Status: - Name: ADIHdAud.sys Image Path: C:\WINNT\system32\drivers\ADIHdAud.sys Address: 0xA82F1000 Size: 323584 File Visible: - Status: - Name: AEAudio.sys Image Path: C:\WINNT\system32\drivers\AEAudio.sys Address: 0xA82B8000 Size: 94080 File Visible: - Status: - Name: afd.sys Image Path: C:\WINNT\System32\drivers\afd.sys Address: 0xA3147000 Size: 138368 File Visible: - Status: - Name: ApsHM86.sys Image Path: ApsHM86.sys Address: 0xF77A5000 Size: 32768 File Visible: - Status: - Name: Apsx86.sys Image Path: Apsx86.sys Address: 0xF7120000 Size: 114688 File Visible: - Status: - Name: arp1394.sys Image Path: C:\WINNT\system32\DRIVERS\arp1394.sys Address: 0xA5A77000 Size: 60800 File Visible: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0xF735A000 Size: 95360 File Visible: - Status: - Name: atmeltpm.sys Image Path: C:\WINNT\system32\DRIVERS\atmeltpm.sys Address: 0xF78DD000 Size: 32768 File Visible: - Status: - Name: audstub.sys Image Path: C:\WINNT\system32\DRIVERS\audstub.sys Address: 0xF7BC5000 Size: 3072 File Visible: - Status: - Name: BATTC.SYS Image Path: C:\WINNT\system32\DRIVERS\BATTC.SYS Address: 0xF792D000 Size: 16384 File Visible: - Status: - Name: Beep.SYS Image Path: C:\WINNT\System32\Drivers\Beep.SYS Address: 0xF7A25000 Size: 4224 File Visible: - Status: - Name: BlankScr.SYS Image Path: C:\WINNT\System32\Drivers\BlankScr.SYS Address: 0x9D70F000 Size: 6432 File Visible: - Status: - Name: BOOTVID.dll Image Path: C:\WINNT\system32\BOOTVID.dll Address: 0xF7925000 Size: 12288 File Visible: - Status: - Name: Cdfs.SYS Image Path: C:\WINNT\System32\Drivers\Cdfs.SYS Address: 0x9DDC0000 Size: 63744 File Visible: - Status: - Name: cdrom.sys Image Path: C:\WINNT\system32\DRIVERS\cdrom.sys Address: 0xF7645000 Size: 49536 File Visible: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINNT\system32\DRIVERS\CLASSPNP.SYS Address: 0xF7555000 Size: 53248 File Visible: - Status: - Name: CmBatt.sys Image Path: C:\WINNT\system32\DRIVERS\CmBatt.sys Address: 0xF702F000 Size: 14080 File Visible: - Status: - Name: compbatt.sys Image Path: compbatt.sys Address: 0xF7929000 Size: 9344 File Visible: - Status: - Name: CVPNDRVA.sys Image Path: C:\WINNT\system32\Drivers\CVPNDRVA.sys Address: 0x9D0EF000 Size: 503808 File Visible: - Status: - Name: Darpan.sys Image Path: C:\WINNT\system32\DRIVERS\Darpan.sys Address: 0xF7B9E000 Size: 2272 File Visible: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xF7545000 Size: 36352 File Visible: - Status: - Name: DLABOIOM.SYS Image Path: C:\WINNT\System32\DLA\DLABOIOM.SYS Address: 0x9D5E5000 Size: 25568 File Visible: - Status: - Name: DLACDBHM.SYS Image Path: C:\WINNT\System32\Drivers\DLACDBHM.SYS Address: 0xF7A63000 Size: 5600 File Visible: - Status: - Name: DLADResN.SYS Image Path: C:\WINNT\System32\DLA\DLADResN.SYS Address: 0xA2FBB000 Size: 2432 File Visible: - Status: - Name: DLAIFS_M.SYS Image Path: C:\WINNT\System32\DLA\DLAIFS_M.SYS Address: 0x9D308000 Size: 86592 File Visible: - Status: - Name: DLAOPIOM.SYS Image Path: C:\WINNT\System32\DLA\DLAOPIOM.SYS Address: 0xF707B000 Size: 14624 File Visible: - Status: - Name: DLAPoolM.SYS Image Path: C:\WINNT\System32\DLA\DLAPoolM.SYS Address: 0x9DCEE000 Size: 6304 File Visible: - Status: - Name: DLARTL_N.SYS Image Path: C:\WINNT\System32\Drivers\DLARTL_N.SYS Address: 0xF7855000 Size: 22624 File Visible: - Status: - Name: DLAUDF_M.SYS Image Path: C:\WINNT\System32\DLA\DLAUDF_M.SYS Address: 0x9D2DA000 Size: 86976 File Visible: - Status: - Name: DLAUDFAM.SYS Image Path: C:\WINNT\System32\DLA\DLAUDFAM.SYS Address: 0x9D2F0000 Size: 94272 File Visible: - Status: - Name: dmio.sys Image Path: dmio.sys Address: 0xF7372000 Size: 153344 File Visible: - Status: - Name: dmload.sys Image Path: dmload.sys Address: 0xF7A19000 Size: 5888 File Visible: - Status: - Name: dne2000.sys Image Path: C:\WINNT\system32\DRIVERS\dne2000.sys Address: 0xF4730000 Size: 106848 File Visible: - Status: - Name: drmk.sys Image Path: C:\WINNT\system32\drivers\drmk.sys Address: 0xA94E2000 Size: 61440 File Visible: - Status: - Name: DRVMCDB.SYS Image Path: DRVMCDB.SYS Address: 0xF724C000 Size: 87296 File Visible: - Status: - Name: DRVNDDM.SYS Image Path: C:\WINNT\System32\Drivers\DRVNDDM.SYS Address: 0xA52F6000 Size: 38304 File Visible: - Status: - Name: dump_iaStor.sys Image Path: C:\WINNT\System32\Drivers\dump_iaStor.sys Address: 0x9D31E000 Size: 815104 File Visible: No Status: - Name: Dxapi.sys Image Path: C:\WINNT\System32\drivers\Dxapi.sys Address: 0x9DCA9000 Size: 12288 File Visible: - Status: - Name: dxg.sys Image Path: C:\WINNT\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 File Visible: - Status: - Name: dxgthk.sys Image Path: C:\WINNT\System32\drivers\dxgthk.sys Address: 0xF7B5F000 Size: 4096 File Visible: - Status: - Name: e1e5132.sys Image Path: C:\WINNT\system32\DRIVERS\e1e5132.sys Address: 0xF4C1C000 Size: 266240 File Visible: - Status: - Name: EntDrv51.sys Image Path: C:\WINNT\system32\drivers\EntDrv51.sys Address: 0x9B937000 Size: 8320 File Visible: - Status: - Name: Fips.SYS Image Path: C:\WINNT\System32\Drivers\Fips.SYS Address: 0xA5A57000 Size: 34944 File Visible: - Status: - Name: fltMgr.sys Image Path: fltMgr.sys Address: 0xF7274000 Size: 124800 File Visible: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINNT\System32\Drivers\Fs_Rec.SYS Address: 0xF7A23000 Size: 7936 File Visible: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xF7398000 Size: 125056 File Visible: - Status: - Name: hal.dll Image Path: C:\WINNT\system32\hal.dll Address: 0x806E2000 Size: 134272 File Visible: - Status: - Name: HDAudBus.sys Image Path: C:\WINNT\system32\DRIVERS\HDAudBus.sys Address: 0xF4BD4000 Size: 151552 File Visible: - Status: - Name: HIDPARSE.SYS Image Path: C:\WINNT\system32\DRIVERS\HIDPARSE.SYS Address: 0xA536C000 Size: 28672 File Visible: - Status: - Name: HSF_CNXT.sys Image Path: C:\WINNT\system32\DRIVERS\HSF_CNXT.sys Address: 0xA80DF000 Size: 730112 File Visible: - Status: - Name: HSF_DPV.sys Image Path: C:\WINNT\system32\DRIVERS\HSF_DPV.sys Address: 0xA8192000 Size: 988800 File Visible: - Status: - Name: HSFHWAZL.sys Image Path: C:\WINNT\system32\DRIVERS\HSFHWAZL.sys Address: 0xA8284000 Size: 209664 File Visible: - Status: - Name: i8042prt.sys Image Path: C:\WINNT\system32\DRIVERS\i8042prt.sys Address: 0xF7625000 Size: 52736 File Visible: - Status: - Name: iaStor.sys Image Path: iaStor.sys Address: 0xF7293000 Size: 815104 File Visible: - Status: - Name: ibmpmdrv.sys Image Path: C:\WINNT\system32\DRIVERS\ibmpmdrv.sys Address: 0xF702B000 Size: 14080 File Visible: - Status: - Name: igxpdv32.DLL Image Path: C:\WINNT\System32\igxpdv32.DLL Address: 0xBF04E000 Size: 1613824 File Visible: - Status: - Name: igxpdx32.DLL Image Path: C:\WINNT\System32\igxpdx32.DLL Address: 0xBF1D8000 Size: 2600960 File Visible: - Status: - Name: igxpgd32.dll Image Path: C:\WINNT\System32\igxpgd32.dll Address: 0xBF024000 Size: 172032 File Visible: - Status: - Name: igxpmp32.sys Image Path: C:\WINNT\system32\DRIVERS\igxpmp32.sys Address: 0xF4C71000 Size: 5700096 File Visible: - Status: - Name: igxprd32.dll Image Path: C:\WINNT\System32\igxprd32.dll Address: 0xBF012000 Size: 73728 File Visible: - Status: - Name: imapi.sys Image Path: C:\WINNT\system32\DRIVERS\imapi.sys Address: 0xF7635000 Size: 41856 File Visible: - Status: - Name: intelppm.sys Image Path: C:\WINNT\system32\DRIVERS\intelppm.sys Address: 0xF7615000 Size: 36096 File Visible: - Status: - Name: ipnat.sys Image Path: C:\WINNT\system32\DRIVERS\ipnat.sys Address: 0xA319B000 Size: 134912 File Visible: - Status: - Name: ipsec.sys Image Path: C:\WINNT\system32\DRIVERS\ipsec.sys Address: 0xA323D000 Size: 74752 File Visible: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xF7515000 Size: 35840 File Visible: - Status: - Name: jnprna.sys Image Path: C:\WINNT\system32\DRIVERS\jnprna.sys Address: 0xF467F000 Size: 398720 File Visible: - Status: - Name: kbdclass.sys Image Path: C:\WINNT\system32\DRIVERS\kbdclass.sys Address: 0xF78CD000 Size: 24576 File Visible: - Status: - Name: KDCOM.DLL Image Path: C:\WINNT\system32\KDCOM.DLL Address: 0xF7A15000 Size: 8192 File Visible: - Status: - Name: kmixer.sys Image Path: C:\WINNT\system32\drivers\kmixer.sys Address: 0x9B7E9000 Size: 171776 File Visible: - Status: - Name: ks.sys Image Path: C:\WINNT\system32\DRIVERS\ks.sys Address: 0xF480D000 Size: 143360 File Visible: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xF7235000 Size: 92032 File Visible: - Status: - Name: mbam.sys Image Path: C:\WINNT\system32\drivers\mbam.sys Address: 0x9D29A000 Size: 11776 File Visible: - Status: - Name: mdc80211.sys Image Path: C:\WINNT\system32\DRIVERS\mdc80211.sys Address: 0xA0BF2000 Size: 14176 File Visible: - Status: - Name: mdmxsdk.sys Image Path: C:\WINNT\system32\DRIVERS\mdmxsdk.sys Address: 0x9D172000 Size: 12672 File Visible: - Status: - Name: mnmdd.SYS Image Path: C:\WINNT\System32\Drivers\mnmdd.SYS Address: 0xF7A27000 Size: 4224 File Visible: - Status: - Name: Modem.SYS Image Path: C:\WINNT\System32\Drivers\Modem.SYS Address: 0xF7915000 Size: 30080 File Visible: - Status: - Name: mouclass.sys Image Path: C:\WINNT\system32\DRIVERS\mouclass.sys Address: 0xF78D5000 Size: 23040 File Visible: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xF7525000 Size: 42240 File Visible: - Status: - Name: mrxdav.sys Image Path: C:\WINNT\system32\DRIVERS\mrxdav.sys Address: 0x9D236000 Size: 179584 File Visible: - Status: - Name: mrxsmb.sys Image Path: C:\WINNT\system32\DRIVERS\mrxsmb.sys Address: 0xA308D000 Size: 453632 File Visible: - Status: - Name: Msfs.SYS Image Path: C:\WINNT\System32\Drivers\Msfs.SYS Address: 0xA535C000 Size: 19072 File Visible: - Status: - Name: msgpc.sys Image Path: C:\WINNT\system32\DRIVERS\msgpc.sys Address: 0xF6342000 Size: 35072 File Visible: - Status: - Name: mssmbios.sys Image Path: C:\WINNT\system32\DRIVERS\mssmbios.sys Address: 0xF70DD000 Size: 15488 File Visible: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xF7105000 Size: 108032 File Visible: - Status: - Name: mvstdi5x.sys Image Path: C:\WINNT\system32\drivers\mvstdi5x.sys Address: 0xA5AA7000 Size: 59904 File Visible: - Status: - Name: naiavf5x.sys Image Path: C:\WINNT\system32\drivers\naiavf5x.sys Address: 0x9B953000 Size: 117024 File Visible: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xF713C000 Size: 182912 File Visible: - Status: - Name: ndistapi.sys Image Path: C:\WINNT\system32\DRIVERS\ndistapi.sys Address: 0xF79F9000 Size: 9600 File Visible: - Status: - Name: ndisuio.sys Image Path: C:\WINNT\system32\DRIVERS\ndisuio.sys Address: 0xA0BEA000 Size: 14592 File Visible: - Status: - Name: ndiswan.sys Image Path: C:\WINNT\system32\DRIVERS\ndiswan.sys Address: 0xF4668000 Size: 91776 File Visible: - Status: - Name: NDProxy.SYS Image Path: C:\WINNT\System32\Drivers\NDProxy.SYS Address: 0xF5231000 Size: 38016 File Visible: - Status: - Name: netbios.sys Image Path: C:\WINNT\system32\DRIVERS\netbios.sys Address: 0xA5A87000 Size: 34560 File Visible: - Status: - Name: netbt.sys Image Path: C:\WINNT\system32\DRIVERS\netbt.sys Address: 0xA3173000 Size: 162816 File Visible: - Status: - Name: NETw5x32.sys Image Path: C:\WINNT\system32\DRIVERS\NETw5x32.sys Address: 0xF485C000 Size: 3636864 File Visible: - Status: - Name: nic1394.sys Image Path: C:\WINNT\system32\DRIVERS\nic1394.sys Address: 0xF7705000 Size: 61824 File Visible: - Status: - Name: nicm.sys Image Path: nicm.sys Address: 0xF7595000 Size: 35328 File Visible: - Status: - Name: Npfs.SYS Image Path: C:\WINNT\System32\Drivers\Npfs.SYS Address: 0xA5354000 Size: 30848 File Visible: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xF7169000 Size: 574592 File Visible: - Status: - Name: ntkrnlpa.exe Image Path: C:\WINNT\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2142208 File Visible: - Status: - Name: Null.SYS Image Path: C:\WINNT\System32\Drivers\Null.SYS Address: 0xA545F000 Size: 2944 File Visible: - Status: - Name: nwdhcp.sys Image Path: C:\WINNT\system32\NetWare\nwdhcp.sys Address: 0xA329F000 Size: 18272 File Visible: - Status: - Name: nwdns.sys Image Path: C:\WINNT\system32\NetWare\nwdns.sys Address: 0xF7675000 Size: 41376 File Visible: - Status: - Name: nwfilter.sys Image Path: nwfilter.sys Address: 0xF7935000 Size: 15808 File Visible: No Status: - Name: nwfs.sys Image Path: C:\WINNT\system32\NetWare\nwfs.sys Address: 0x9D1BA000 Size: 505792 File Visible: - Status: - Name: NWHOST.sys Image Path: C:\WINNT\system32\NetWare\NWHOST.sys Address: 0xF70BD000 Size: 9216 File Visible: - Status: - Name: nwslp.sys Image Path: C:\WINNT\system32\NetWare\nwslp.sys Address: 0xA4114000 Size: 20256 File Visible: - Status: - Name: NWSNS.sys Image Path: C:\WINNT\system32\NetWare\NWSNS.sys Address: 0x9D715000 Size: 6048 File Visible: - Status: - Name: odFips.sys Image Path: odFips.sys Address: 0xF71F6000 Size: 254208 File Visible: - Status: - Name: ohci1394.sys Image Path: ohci1394.sys Address: 0xF7575000 Size: 61056 File Visible: - Status: - Name: OPRGHDLR.SYS Image Path: C:\WINNT\system32\DRIVERS\OPRGHDLR.SYS Address: 0xF7ADE000 Size: 4096 File Visible: - Status: - Name: ovfsthxwowawjns.sys Image Path: C:\WINNT\system32\drivers\ovfsthxwowawjns.sys Address: 0xA3250000 Size: 94208 File Visible: - Status: Hidden from Windows API! Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xF779D000 Size: 18688 File Visible: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xF73D5000 Size: 68224 File Visible: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xF7ADD000 Size: 3328 File Visible: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINNT\system32\DRIVERS\PCIIDEX.SYS Address: 0xF7795000 Size: 28672 File Visible: - Status: - Name: pcmcia.sys Image Path: pcmcia.sys Address: 0xF73B7000 Size: 119936 File Visible: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2142208 File Visible: - Status: - Name: portcls.sys Image Path: C:\WINNT\system32\drivers\portcls.sys Address: 0xA82CF000 Size: 139264 File Visible: - Status: - Name: psched.sys Image Path: C:\WINNT\system32\DRIVERS\psched.sys Address: 0xF462F000 Size: 69120 File Visible: - Status: - Name: ptilink.sys Image Path: C:\WINNT\system32\DRIVERS\ptilink.sys Address: 0xF77CD000 Size: 17792 File Visible: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xF7565000 Size: 35712 File Visible: - Status: - Name: rasacd.sys Image Path: C:\WINNT\system32\DRIVERS\rasacd.sys Address: 0xF7087000 Size: 8832 File Visible: - Status: - Name: rasl2tp.sys Image Path: C:\WINNT\system32\DRIVERS\rasl2tp.sys Address: 0xF6372000 Size: 51328 File Visible: - Status: - Name: raspppoe.sys Image Path: C:\WINNT\system32\DRIVERS\raspppoe.sys Address: 0xF6362000 Size: 41472 File Visible: - Status: - Name: raspptp.sys Image Path: C:\WINNT\system32\DRIVERS\raspptp.sys Address: 0xF6352000 Size: 48384 File Visible: - Status: - Name: raspti.sys Image Path: C:\WINNT\system32\DRIVERS\raspti.sys Address: 0xF77D5000 Size: 16512 File Visible: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2142208 File Visible: - Status: - Name: rdbss.sys Image Path: C:\WINNT\system32\DRIVERS\rdbss.sys Address: 0xA30FC000 Size: 174592 File Visible: - Status: - Name: RDPCDD.sys Image Path: C:\WINNT\System32\DRIVERS\RDPCDD.sys Address: 0xF7A29000 Size: 4224 File Visible: - Status: - Name: rdpdr.sys Image Path: C:\WINNT\system32\DRIVERS\rdpdr.sys Address: 0xF3F80000 Size: 196864 File Visible: - Status: - Name: redbook.sys Image Path: C:\WINNT\system32\DRIVERS\redbook.sys Address: 0xF7655000 Size: 57472 File Visible: - Status: - Name: resmgr.sys Image Path: C:\WINNT\system32\NetWare\resmgr.sys Address: 0x9D5A5000 Size: 27168 File Visible: - Status: - Name: RimSerial.sys Image Path: C:\WINNT\system32\DRIVERS\RimSerial.sys Address: 0xF77DD000 Size: 26496 File Visible: - Status: - Name: RootMdm.sys Image Path: C:\WINNT\System32\Drivers\RootMdm.sys Address: 0xF7A6B000 Size: 5888 File Visible: - Status: - Name: rootrepeal.sys Image Path: C:\WINNT\system32\drivers\rootrepeal.sys Address: 0x9C213000 Size: 45056 File Visible: No Status: - Name: sfc.SYS Image Path: C:\WINNT\System32\Drivers\sfc.SYS Address: 0x9BA8C000 Size: 10560 File Visible: No Status: - Name: sr.sys Image Path: sr.sys Address: 0xF7262000 Size: 73472 File Visible: - Status: - Name: srvloc.sys Image Path: C:\WINNT\system32\NetWare\srvloc.sys Address: 0x9D262000 Size: 159904 File Visible: - Status: - Name: svrsvc_.sys Image Path: c:\winnt\system32\svrsvc\svrsvc_.sys Address: 0xA5334000 Size: 25472 File Visible: - Status: - Name: swenum.sys Image Path: C:\WINNT\system32\DRIVERS\swenum.sys Address: 0xF7A75000 Size: 4352 File Visible: - Status: - Name: SynTP.sys Image Path: C:\WINNT\system32\DRIVERS\SynTP.sys Address: 0xF4830000 Size: 177664 File Visible: - Status: - Name: sysaudio.sys Image Path: C:\WINNT\system32\drivers\sysaudio.sys Address: 0x9CFAF000 Size: 60800 File Visible: - Status: - Name: tcpip.sys Image Path: C:\WINNT\system32\DRIVERS\tcpip.sys Address: 0xA31E4000 Size: 360960 File Visible: - Status: - Name: TDI.SYS Image Path: C:\WINNT\system32\DRIVERS\TDI.SYS Address: 0xF791D000 Size: 20480 File Visible: - Status: - Name: termdd.sys Image Path: C:\WINNT\system32\DRIVERS\termdd.sys Address: 0xF5251000 Size: 40704 File Visible: - Status: - Name: TPHKDRV.sys Image Path: C:\WINNT\system32\DRIVERS\TPHKDRV.sys Address: 0xA533C000 Size: 16480 File Visible: - Status: - Name: Tppwrif.sys Image Path: C:\WINNT\System32\drivers\Tppwrif.sys Address: 0xA5344000 Size: 20480 File Visible: - Status: - Name: TSMAPIP.SYS Image Path: C:\WINNT\System32\drivers\TSMAPIP.SYS Address: 0xA534C000 Size: 24576 File Visible: - Status: - Name: update.sys Image Path: C:\WINNT\system32\DRIVERS\update.sys Address: 0xF3F4C000 Size: 209408 File Visible: - Status: - Name: USBD.SYS Image Path: C:\WINNT\system32\DRIVERS\USBD.SYS Address: 0xF7A61000 Size: 8192 File Visible: - Status: - Name: usbehci.sys Image Path: C:\WINNT\system32\DRIVERS\usbehci.sys Address: 0xF78C5000 Size: 26624 File Visible: - Status: - Name: usbhub.sys Image Path: C:\WINNT\system32\DRIVERS\usbhub.sys Address: 0xA94F2000 Size: 57856 File Visible: - Status: - Name: USBPORT.SYS Image Path: C:\WINNT\system32\DRIVERS\USBPORT.SYS Address: 0xF4BF9000 Size: 143360 File Visible: - Status: - Name: usbuhci.sys Image Path: C:\WINNT\system32\DRIVERS\usbuhci.sys Address: 0xF78BD000 Size: 20480 File Visible: - Status: - Name: vga.sys Image Path: C:\WINNT\System32\drivers\vga.sys Address: 0xA5364000 Size: 20992 File Visible: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINNT\system32\DRIVERS\VIDEOPRT.SYS Address: 0xF4C5D000 Size: 81920 File Visible: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xF7535000 Size: 52352 File Visible: - Status: - Name: wanarp.sys Image Path: C:\WINNT\system32\DRIVERS\wanarp.sys Address: 0xA5A97000 Size: 34560 File Visible: - Status: - Name: watchdog.sys Image Path: C:\WINNT\System32\watchdog.sys Address: 0x9DBEF000 Size: 20480 File Visible: - Status: - Name: wdmaud.sys Image Path: C:\WINNT\system32\drivers\wdmaud.sys Address: 0x9CD42000 Size: 82944 File Visible: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1847296 File Visible: - Status: - Name: win32k.sys Image Path: C:\WINNT\System32\win32k.sys Address: 0xBF800000 Size: 1847296 File Visible: - Status: - Name: wmiacpi.sys Image Path: C:\WINNT\system32\DRIVERS\wmiacpi.sys Address: 0xF701F000 Size: 8832 File Visible: - Status: - Name: WMILIB.SYS Image Path: C:\WINNT\system32\DRIVERS\WMILIB.SYS Address: 0xF7A17000 Size: 8192 File Visible: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2142208 File Visible: - Status: - Name: WNTHW.SYS Image Path: C:\WINNT\system32\DRIVERS\WNTHW.SYS Address: 0x9E31A000 Size: 5760 File Visible: - Status: - DDS.txt DDS (Ver_09-03-16.01) - NTFSx86 Run by cwiakj at 20:07:28.01 on Fri 05/01/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.998.224 [GMT -4:00] ============== Running Processes =============== C:\WINNT\System32\Novell\XTAgent.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\svchost -k DcomLaunch svchost.exe C:\WINNT\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\cvpnd.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Novell\ZENworks\nalntsrv.exe c:\oracle\products\9.2.0.1\bin\omtsreco.exe C:\PROGRA~1\PHAROS~1\BLUEPR~1\Bin\CTskMstr.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\WINNT\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Novell\ZENworks\NalAgent.exe C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\igfxsrvc.exe C:\WINNT\system32\igfxpers.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINNT\system32\dpmw32.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINNT\system32\NWTRAY.EXE C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\eRoom 7\ERClient7.exe c:\winnt\system32\svrsvc\svrsvc.exe C:\WINNT\System32\TPHDEXLG.exe C:\WINNT\system32\TpKmpSVC.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe C:\WINNT\system32\SearchIndexer.exe C:\Program Files\Novell\ZENworks\wm.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\SearchProtocolHost.exe C:\Documents and Settings\cwiakj\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://onebms.bms.com/ mDefault_Page_URL = hxxp://onebms.bms.com uInternet Connection Wizard,ShellNext = hxxp://ie.bms.com/cs/ie.nsf/thunderbird uInternet Settings,ProxyOverride = <local> mWinlogon: System=ziswin.exe BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe mRun: [Naldesk] "c:\program files\novell\zenworks\NALDESK.EXE" /ns mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\winnt\system32\igfxtray.exe mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe mRun: [Persistence] c:\winnt\system32\igfxpers.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TpShocks] TpShocks.exe mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DLA] c:\winnt\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [NDPS] c:\winnt\system32\dpmw32.exe mRun: [ZENRC Tray Icon] c:\winnt\system32\zentray.exe mRun: [bMS Asset Confirmation] c:\i386\options\zam languages\AssetConfirmation-01.exe mRun: [shStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey mRun: [NWTRAY] NWTRAY.EXE mRun: [CfgDownload] c:\program files\ixos\bin\CfgDownload.exe mRun: [sKDaemon.exe] c:\program files\lenovo\productivity keyboard\SKDaemon.exe mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [DMXLauncher] "c:\program files\sonic\product\media experience\DMXLauncher.exe" mRun: [OdTray.exe] "c:\program files\juniper networks\odyssey access client\OdTray.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\cwiakj\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe StartupFolder: c:\docume~1\cwiakj\startm~1\programs\startup\monito~1.lnk - c:\program files\eroom 7\ERClient7.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\winnt\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bms-im~1.lnk - c:\program files\bms-imss\remoteaccess vpn client\vpngui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-explorer: DisallowCpl = 1 (0x1) uPolicies-explorer: NoWindowsUpdate = 1 (0x1) uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = iesetup.exe uPolicies-disallowrun: 2 = IE7-WindowsXP-x86-enu.exe mPolicies-explorer: NoViewOnDrive = 4194304 (0x400000) mPolicies-system: CompatibleRUPSecurity = 1 (0x1) IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll DPF: RightSiteApplet - hxxp://rapid.bms.com/RightSiteDir/applet/rs_applet.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} - file://c:\documents and settings\system\local settings\temp\sisd\STUrlConLoader.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} - file://c:\documents and settings\system\local settings\temp\sisd\STAutoAwayLoader.cab DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxp://hpwnavp01.net.bms.com/eRoomSetup/client.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - file://c:\documents and settings\system\local settings\temp\sisd\STJNILoader.cab DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab Notify: igfxcui - igfxdev.dll Notify: NetIdentity Notification - c:\winnt\system32\novell\XtNotify.dll Notify: OdysseyClient - odyEvent.dll Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Authentication Packages = msv1_0 nwv1_0 c:\winnt\system32\mlJYpQgh ============= SERVICES / DRIVERS =============== R0 odFips;odFips;c:\winnt\system32\drivers\odFIPS.sys [2006-1-23 254208] R0 Shockprf;Shockprf;c:\winnt\system32\drivers\ApsX86.sys [2007-3-2 100656] R0 TPDIGIMN;TPDIGIMN;c:\winnt\system32\drivers\ApsHM86.sys [2007-3-2 19760] R1 NaiAvTdi1;NaiAvTdi1;c:\winnt\system32\drivers\mvstdi5x.sys [2008-1-10 59904] R1 svrsvc_;svrsvc_;c:\winnt\system32\svrsvc\svrsvc_.sys [2007-2-1 25472] R1 TPPWRIF;TPPWRIF;c:\winnt\system32\drivers\TPPWRIF.SYS [2008-1-10 4442] R2 BlankScr;HBDevice;c:\winnt\system32\drivers\blankscr.sys [2005-5-23 6899] R2 iPCAgent;iPCAgent;c:\program files\ipass\ipassconnect\iPCAgent.exe [2008-1-10 90112] R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2007-6-14 87664] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-18 179856] R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-1-10 98304] R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2007-11-26 29184] R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\winnt\system32\drivers\mdc80211.sys [2008-1-10 15793] R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2006-5-9 167936] R2 svrsvc;svrsvc;c:\winnt\system32\svrsvc\svrsvc.exe [2007-2-1 737280] R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\novell\zenworks\asset management\bin\CClientSvc.exe [2008-1-10 49152] R2 WNTHW;WNTHW;c:\winnt\system32\drivers\WNTHW.SYS [2008-1-10 9176] R2 XTAgent;Novell XTier Agent Services;c:\winnt\system32\novell\xtagent.exe [2006-5-2 61440] R3 Darpan;Darpan;c:\winnt\system32\drivers\Darpan.sys [2005-5-23 2773] R3 jnprna;Juniper Network Agent Miniport;c:\winnt\system32\drivers\jnprna.sys [2007-6-14 398720] R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [2008-10-18 15504] R3 NaiAvFilter1;NaiAvFilter1;c:\winnt\system32\drivers\naiavf5x.sys [2008-1-10 117024] S1 pxhelp200;pxhelp200;c:\winnt\system32\drivers\pxhelp200.sys --> c:\winnt\system32\drivers\pxhelp200.sys [?] S2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2007-11-26 221191] S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2007-6-20 81992] S3 OracleORAHOME92_DTSClientCache;OracleORAHOME92_DTSClientCache;c:\oracle\products\9.2.0.1\bin\ONRSD.EXE [2002-4-26 242328] S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2008-5-19 189792] =============== Created Last 30 ================ 2009-05-01 19:29 <DIR> --d----- c:\program files\Root Repeal 2009-04-30 08:02 <DIR> --d----- c:\program files\Trend Micro 2009-04-30 07:26 3,636,864 a------- c:\winnt\system32\drivers\NETw5x32.sys 2009-04-30 07:26 2,756,608 a------- c:\winnt\system32\NETw5r32.dll 2009-04-30 07:26 663,552 a------- c:\winnt\system32\NETw5c32.dll 2009-04-28 21:40 <DIR> --d----- c:\program files\Lavasoft 2009-04-28 21:26 162,304 a------- c:\winnt\system32\ztvunrar36.dll 2009-04-28 21:26 77,312 a------- c:\winnt\system32\ztvunace26.dll 2009-04-28 21:26 75,264 a------- c:\winnt\system32\unacev2.dll 2009-04-28 21:26 69,632 a------- c:\winnt\system32\ztvcabinet.dll 2009-04-28 21:26 153,088 a------- c:\winnt\system32\UNRAR3.dll 2009-04-24 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GARMIN 2009-04-24 14:25 <DIR> --d----- C:\Garmin 2009-04-23 20:25 <DIR> --d----- c:\docume~1\cwiakj\applic~1\GARMIN 2009-04-23 20:24 <DIR> --d----- c:\program files\Garmin GPS Plugin 2009-04-23 20:24 <DIR> --d----- c:\program files\Garmin ==================== Find3M ==================== 2009-04-28 08:14 90,112 a------- c:\winnt\DUMP4b32.tmp 2009-04-06 15:32 38,496 a------- c:\winnt\system32\drivers\mbamswissarmy.sys 2009-04-06 15:32 15,504 a------- c:\winnt\system32\drivers\mbam.sys 2009-02-06 17:00 35,080 a---h--- c:\winnt\system32\mlfcache.dat 2008-01-10 18:08 1,484 a------- c:\program files\INSTALL.LOG 2005-07-29 17:24 472 ac-shr-- c:\winnt\qk1t\k4Yn.vbs ============= FINISH: 20:07:56.04 =============== Attach.txt: DDS (Ver_09-03-16.01) - NTFSx86 Run by cwiakj at 20:07:28.01 on Fri 05/01/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.998.224 [GMT -4:00] ============== Running Processes =============== C:\WINNT\System32\Novell\XTAgent.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\svchost -k DcomLaunch svchost.exe C:\WINNT\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\cvpnd.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Novell\ZENworks\nalntsrv.exe c:\oracle\products\9.2.0.1\bin\omtsreco.exe C:\PROGRA~1\PHAROS~1\BLUEPR~1\Bin\CTskMstr.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\WINNT\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Novell\ZENworks\NalAgent.exe C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\igfxsrvc.exe C:\WINNT\system32\igfxpers.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINNT\system32\dpmw32.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINNT\system32\NWTRAY.EXE C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\eRoom 7\ERClient7.exe c:\winnt\system32\svrsvc\svrsvc.exe C:\WINNT\System32\TPHDEXLG.exe C:\WINNT\system32\TpKmpSVC.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe C:\WINNT\system32\SearchIndexer.exe C:\Program Files\Novell\ZENworks\wm.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\SearchProtocolHost.exe C:\Documents and Settings\cwiakj\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://onebms.bms.com/ mDefault_Page_URL = hxxp://onebms.bms.com uInternet Connection Wizard,ShellNext = hxxp://ie.bms.com/cs/ie.nsf/thunderbird uInternet Settings,ProxyOverride = <local> mWinlogon: System=ziswin.exe BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe mRun: [Naldesk] "c:\program files\novell\zenworks\NALDESK.EXE" /ns mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\winnt\system32\igfxtray.exe mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe mRun: [Persistence] c:\winnt\system32\igfxpers.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TpShocks] TpShocks.exe mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DLA] c:\winnt\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [NDPS] c:\winnt\system32\dpmw32.exe mRun: [ZENRC Tray Icon] c:\winnt\system32\zentray.exe mRun: [bMS Asset Confirmation] c:\i386\options\zam languages\AssetConfirmation-01.exe mRun: [shStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey mRun: [NWTRAY] NWTRAY.EXE mRun: [CfgDownload] c:\program files\ixos\bin\CfgDownload.exe mRun: [sKDaemon.exe] c:\program files\lenovo\productivity keyboard\SKDaemon.exe mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [DMXLauncher] "c:\program files\sonic\product\media experience\DMXLauncher.exe" mRun: [OdTray.exe] "c:\program files\juniper networks\odyssey access client\OdTray.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\cwiakj\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe StartupFolder: c:\docume~1\cwiakj\startm~1\programs\startup\monito~1.lnk - c:\program files\eroom 7\ERClient7.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\winnt\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bms-im~1.lnk - c:\program files\bms-imss\remoteaccess vpn client\vpngui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-explorer: DisallowCpl = 1 (0x1) uPolicies-explorer: NoWindowsUpdate = 1 (0x1) uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = iesetup.exe uPolicies-disallowrun: 2 = IE7-WindowsXP-x86-enu.exe mPolicies-explorer: NoViewOnDrive = 4194304 (0x400000) mPolicies-system: CompatibleRUPSecurity = 1 (0x1) IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll DPF: RightSiteApplet - hxxp://rapid.bms.com/RightSiteDir/applet/rs_applet.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} - file://c:\documents and settings\system\local settings\temp\sisd\STUrlConLoader.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} - file://c:\documents and settings\system\local settings\temp\sisd\STAutoAwayLoader.cab DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxp://hpwnavp01.net.bms.com/eRoomSetup/client.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - file://c:\documents and settings\system\local settings\temp\sisd\STJNILoader.cab DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab Notify: igfxcui - igfxdev.dll Notify: NetIdentity Notification - c:\winnt\system32\novell\XtNotify.dll Notify: OdysseyClient - odyEvent.dll Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Authentication Packages = msv1_0 nwv1_0 c:\winnt\system32\mlJYpQgh ============= SERVICES / DRIVERS =============== R0 odFips;odFips;c:\winnt\system32\drivers\odFIPS.sys [2006-1-23 254208] R0 Shockprf;Shockprf;c:\winnt\system32\drivers\ApsX86.sys [2007-3-2 100656] R0 TPDIGIMN;TPDIGIMN;c:\winnt\system32\drivers\ApsHM86.sys [2007-3-2 19760] R1 NaiAvTdi1;NaiAvTdi1;c:\winnt\system32\drivers\mvstdi5x.sys [2008-1-10 59904] R1 svrsvc_;svrsvc_;c:\winnt\system32\svrsvc\svrsvc_.sys [2007-2-1 25472] R1 TPPWRIF;TPPWRIF;c:\winnt\system32\drivers\TPPWRIF.SYS [2008-1-10 4442] R2 BlankScr;HBDevice;c:\winnt\system32\drivers\blankscr.sys [2005-5-23 6899] R2 iPCAgent;iPCAgent;c:\program files\ipass\ipassconnect\iPCAgent.exe [2008-1-10 90112] R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2007-6-14 87664] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-18 179856] R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-1-10 98304] R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2007-11-26 29184] R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\winnt\system32\drivers\mdc80211.sys [2008-1-10 15793] R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2006-5-9 167936] R2 svrsvc;svrsvc;c:\winnt\system32\svrsvc\svrsvc.exe [2007-2-1 737280] R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\novell\zenworks\asset management\bin\CClientSvc.exe [2008-1-10 49152] R2 WNTHW;WNTHW;c:\winnt\system32\drivers\WNTHW.SYS [2008-1-10 9176] R2 XTAgent;Novell XTier Agent Services;c:\winnt\system32\novell\xtagent.exe [2006-5-2 61440] R3 Darpan;Darpan;c:\winnt\system32\drivers\Darpan.sys [2005-5-23 2773] R3 jnprna;Juniper Network Agent Miniport;c:\winnt\system32\drivers\jnprna.sys [2007-6-14 398720] R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [2008-10-18 15504] R3 NaiAvFilter1;NaiAvFilter1;c:\winnt\system32\drivers\naiavf5x.sys [2008-1-10 117024] S1 pxhelp200;pxhelp200;c:\winnt\system32\drivers\pxhelp200.sys --> c:\winnt\system32\drivers\pxhelp200.sys [?] S2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2007-11-26 221191] S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2007-6-20 81992] S3 OracleORAHOME92_DTSClientCache;OracleORAHOME92_DTSClientCache;c:\oracle\products\9.2.0.1\bin\ONRSD.EXE [2002-4-26 242328] S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2008-5-19 189792] =============== Created Last 30 ================ 2009-05-01 19:29 <DIR> --d----- c:\program files\Root Repeal 2009-04-30 08:02 <DIR> --d----- c:\program files\Trend Micro 2009-04-30 07:26 3,636,864 a------- c:\winnt\system32\drivers\NETw5x32.sys 2009-04-30 07:26 2,756,608 a------- c:\winnt\system32\NETw5r32.dll 2009-04-30 07:26 663,552 a------- c:\winnt\system32\NETw5c32.dll 2009-04-28 21:40 <DIR> --d----- c:\program files\Lavasoft 2009-04-28 21:26 162,304 a------- c:\winnt\system32\ztvunrar36.dll 2009-04-28 21:26 77,312 a------- c:\winnt\system32\ztvunace26.dll 2009-04-28 21:26 75,264 a------- c:\winnt\system32\unacev2.dll 2009-04-28 21:26 69,632 a------- c:\winnt\system32\ztvcabinet.dll 2009-04-28 21:26 153,088 a------- c:\winnt\system32\UNRAR3.dll 2009-04-24 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GARMIN 2009-04-24 14:25 <DIR> --d----- C:\Garmin 2009-04-23 20:25 <DIR> --d----- c:\docume~1\cwiakj\applic~1\GARMIN 2009-04-23 20:24 <DIR> --d----- c:\program files\Garmin GPS Plugin 2009-04-23 20:24 <DIR> --d----- c:\program files\Garmin ==================== Find3M ==================== 2009-04-28 08:14 90,112 a------- c:\winnt\DUMP4b32.tmp 2009-04-06 15:32 38,496 a------- c:\winnt\system32\drivers\mbamswissarmy.sys 2009-04-06 15:32 15,504 a------- c:\winnt\system32\drivers\mbam.sys 2009-02-06 17:00 35,080 a---h--- c:\winnt\system32\mlfcache.dat 2008-01-10 18:08 1,484 a------- c:\program files\INSTALL.LOG 2005-07-29 17:24 472 ac-shr-- c:\winnt\qk1t\k4Yn.vbs ============= FINISH: 20:07:56.04 =============== HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:44:08 PM, on 5/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Novell\XTAgent.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\cvpnd.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Novell\ZENworks\nalntsrv.exe c:\oracle\products\9.2.0.1\bin\omtsreco.exe C:\PROGRA~1\PHAROS~1\BLUEPR~1\Bin\CTskMstr.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe c:\winnt\system32\svrsvc\svrsvc.exe C:\WINNT\System32\TPHDEXLG.exe C:\WINNT\system32\TpKmpSVC.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe C:\WINNT\system32\SearchIndexer.exe C:\Program Files\Novell\ZENworks\wm.exe C:\WINNT\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINNT\system32\igfxtray.exe C:\Program Files\Novell\ZENworks\NalAgent.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\igfxpers.exe C:\WINNT\system32\igfxsrvc.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINNT\system32\TpShocks.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINNT\system32\dpmw32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINNT\system32\NWTRAY.EXE C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe C:\Program Files\eRoom 7\ERClient7.exe C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onebms.bms.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://onebms.bms.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.bms.com/cs/ie.nsf/thunderbird R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://mcd-server/mcd/proxy.pac O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Naldesk] "C:\Program Files\Novell\ZENworks\NALDESK.EXE" /ns O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [NDPS] C:\WINNT\system32\dpmw32.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINNT\system32\zentray.exe O4 - HKLM\..\Run: [bMS Asset Confirmation] C:\i386\Options\ZAM Languages\AssetConfirmation-01.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe O4 - HKLM\..\Run: [sKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BMS-IMSS RemoteAccess VPN Client.lnk = C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\vpngui.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll O12 - Plugin for .cgi: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll O14 - IERESET.INF: START_PAGE_URL=http://onebms.bms.com O16 - DPF: RightSiteApplet - http://rapid.bms.com/RightSiteDir/applet/rs_applet.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STUrlConLoader.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STAutoAwayLoader.cab O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - http://hpwnavp01.net.bms.com/eRoomSetup/client.cab O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STJNILoader.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = one.ads.bms.com O17 - HKLM\Software\..\Telephony: DomainName = one.ads.bms.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = one.ads.bms.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = one.ads.bms.com O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINNT\system32\cusrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\cvpnd.exe O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\oracle\products\9.2.0.1\bin\omtsreco.exe O23 - Service: OracleORAHOME92_DTSClientCache - Unknown owner - c:\oracle\products\9.2.0.1\BIN\ONRSD.EXE O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\BLUEPR~1\Bin\CTskMstr.exe O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: svrsvc - Unknown owner - c:\winnt\system32\svrsvc\svrsvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINNT\System32\Novell\XTAgent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe -- End of file - 16502 bytes

Hello! The problem I'm having started late last week. IE 6 (work standard) has some random redirects or just stops. I also cannot run defrag from Windows or command prompt. I cannot run chkdsk from command prompt and it will not run with reboot. Also have not had luck getting into safe mode with networking. I'd like to get some advice before I consult my no-help desk. I've also run Spybot S&D and our corporate virus solution - McAfee Viruscan Enterprise with no luck. Greatly appreciate any help. Here are my logs: Malwarebytes' Anti-Malware 1.36 Database version: 2062 Windows 5.1.2600 Service Pack 2 4/30/2009 7:11:31 PM mbam-log-2009-04-30 (19-11-31).txt Scan type: Full Scan (C:\|) Objects scanned: 184990 Time elapsed: 25 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:02:45 AM, on 4/30/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Novell\XTAgent.exe C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\cvpnd.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Novell\ZENworks\nalntsrv.exe c:\oracle\products\9.2.0.1\bin\omtsreco.exe C:\PROGRA~1\PHAROS~1\BLUEPR~1\Bin\CTskMstr.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe c:\winnt\system32\svrsvc\svrsvc.exe C:\WINNT\System32\TPHDEXLG.exe C:\WINNT\system32\TpKmpSVC.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe C:\WINNT\system32\SearchIndexer.exe C:\Program Files\Novell\ZENworks\wm.exe C:\WINNT\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINNT\system32\igfxtray.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\igfxpers.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Novell\ZENworks\NalAgent.exe C:\WINNT\system32\TpShocks.exe C:\WINNT\system32\igfxsrvc.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINNT\system32\dpmw32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINNT\system32\NWTRAY.EXE C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe C:\Program Files\eRoom 7\ERClient7.exe C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onebms.bms.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://onebms.bms.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.bms.com/cs/ie.nsf/thunderbird R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://mcd-server/mcd/proxy.pac O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {8131ECC4-78A1-48D0-8BF2-F407F730F028} - C:\WINNT\system32\mlJYpQgh.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Naldesk] "C:\Program Files\Novell\ZENworks\NALDESK.EXE" /ns O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [NDPS] C:\WINNT\system32\dpmw32.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINNT\system32\zentray.exe O4 - HKLM\..\Run: [bMS Asset Confirmation] C:\i386\Options\ZAM Languages\AssetConfirmation-01.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe O4 - HKLM\..\Run: [sKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [sfKg6wIP] C:\Documents and Settings\cwiakj\Application Data\Microsoft\Windows\gxhbt.exe O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BMS-IMSS RemoteAccess VPN Client.lnk = C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\vpngui.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll O12 - Plugin for .cgi: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll O14 - IERESET.INF: START_PAGE_URL=http://onebms.bms.com O16 - DPF: RightSiteApplet - http://rapid.bms.com/RightSiteDir/applet/rs_applet.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STUrlConLoader.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STAutoAwayLoader.cab O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - http://hpwnavp01.net.bms.com/eRoomSetup/client.cab O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - file://C:\Documents and Settings\SYSTEM\Local Settings\Temp\SISD\STJNILoader.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = one.ads.bms.com O17 - HKLM\Software\..\Telephony: DomainName = one.ads.bms.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = one.ads.bms.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = one.ads.bms.com O20 - AppInit_DLLs: ogrnsm.dll O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINNT\system32\cusrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\BMS-IMSS\RemoteAccess VPN Client\cvpnd.exe O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\oracle\products\9.2.0.1\bin\omtsreco.exe O23 - Service: OracleORAHOME92_DTSClientCache - Unknown owner - c:\oracle\products\9.2.0.1\BIN\ONRSD.EXE O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\BLUEPR~1\Bin\CTskMstr.exe O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: svrsvc - Unknown owner - c:\winnt\system32\svrsvc\svrsvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINNT\System32\Novell\XTAgent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe -- End of file - 16831 bytes