DDS (Ver_09-01-07.01) - NTFSx86
Run by laptop user at 16:18:34.60 on Sat 01/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1311 [GMT -5:00]
AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\laptop user\Local Settings\Temporary Internet Files\Content.IE5\GZNAAFCL\hijackgpthis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\laptop user\Local Settings\Temporary Internet Files\Content.IE5\G3DEMJOW\dds[1].com
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.wcboe.org/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 10.13.128.51:8080
uInternet Settings,ProxyOverride = 10.100.0.75;10.100.0.*;10.130.0.*
mWinlogon: System=ziswin.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [ActivControl] c:\program files\activ software\activdriver\ActivControl2.exe
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
Notify: igfxcui - igfxdev.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
LSA: Authentication Packages = msv1_0 nwv1_0
============= SERVICES / DRIVERS ===============
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2008-7-9 34671]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2008-7-9 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2008-7-9 35584]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2007-9-12 54016]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2008-7-9 4480]
R4 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
R4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R4 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2006-5-9 167936]
R4 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-10-23 69632]
R4 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-9-30 98304]
R4 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2008-10-23 266240]
R4 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-9-30 172032]
R4 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2008-10-23 794624]
R4 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2007-1-10 61440]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\drivers\ACTIVhidmini.sys [2008-7-9 52224]
S4 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2007-12-5 98984]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 14976]
=============== Created Last 30 ================
2009-01-08 21:19 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-01-08 21:19 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-08 21:19 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-08 21:19 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-08 21:19 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-08 21:19
--d----- c:\program files\common files\PC Tools
2009-01-08 21:18 --d----- c:\program files\Spyware Doctor
2009-01-08 21:18 --d----- c:\docume~1\laptop~1\applic~1\PC Tools
2009-01-08 21:18 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2008-12-20 23:16 --d----- c:\documents and settings\laptop user\.poweragent
2008-12-20 23:16 --d----- c:\docume~1\laptop~1\applic~1\.poweragent
2008-12-20 23:13 107,840 a------- c:\windows\system32\FTLang.dll
2008-12-20 23:13 71,488 a------- c:\windows\system32\drivers\ftser2k.sys
2008-12-20 23:13 47,432 a------- c:\windows\system32\ftserui2.dll
2008-12-20 23:13 202,048 a------- c:\windows\system32\ftd2xx.dll
2008-12-20 23:13 111,936 a------- c:\windows\system32\ftbusui.dll
2008-12-20 23:13 53,184 a------- c:\windows\system32\drivers\ftdibus.sys
2008-12-20 23:12 --d----- c:\program files\PowerAgent
==================== Find3M ====================
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
============= FINISH: 16:18:49.92 ===============