Uninstall manager list
Access IBM
Adobe Reader 6.0.1
AOL Instant Messenger
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
DivX
DivX Player
ewido security suite
Gnucleus(remove only)
Google Earth Plus
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HP OfficeJet G Series
IBM 11a/b/g Wireless LAN Mini PCI Adapter Software
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
IBM Update Connector
Image Transfer
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD
iPod for Windows 2005-01-11
iPod for Windows 2005-06-26
iPod Updater 2004-08-06
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Kaspersky On-line Scanner
LiveUpdate 1.80 (Symantec Corporation)
Lotus Notes 5.0.12
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
mIRC
Nero - Burning Rom (Web installer)
Panda ActiveScan
Post-it® Software Notes Lite Version 2
PowerDVD
QuickTime
RealPlayer
SharkPort 2
Sony USB Driver
Soulseek Client 152
SPSS 12.0 for Windows
Spyware Doctor 3.2
Symantec AntiVirus Client
TeraTerm Pro 2.3
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Update for Windows XP (KB898461)
Wallpapers
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
WS_FTP 5.08
FindPf
Volume in drive C is C_DRIVE
Volume Serial Number is 6815-CCB9
Directory of C:\PROGRA~1
08/29/2005 11:08 AM <DIR> .
08/29/2005 11:08 AM <DIR> ..
09/05/2004 02:00 PM <DIR> 3M
06/28/2004 10:13 AM <DIR> 80211abg
06/07/2004 03:43 PM <DIR> Adobe
09/05/2004 01:56 PM <DIR> Ahead
09/15/2004 01:45 AM <DIR> AIM
09/05/2004 01:29 PM <DIR> AOD
06/28/2004 10:47 AM <DIR> ATI Technologies
08/27/2005 09:13 PM <DIR> BitLord
09/27/2004 09:54 PM <DIR> Common Files
02/20/2003 12:09 PM <DIR> ComPlus Applications
06/28/2004 10:43 AM <DIR> CONEXANT
09/05/2004 02:03 PM <DIR> CyberLink
06/28/2004 10:44 AM <DIR> Digital Line Detect
09/06/2004 12:07 PM <DIR> DivX
08/29/2005 03:45 AM <DIR> ewido
09/09/2004 11:43 AM <DIR> GnucleusLAN
07/06/2005 01:05 AM <DIR> Google
03/02/2005 11:46 AM <DIR> Hewlett-Packard
06/07/2004 02:44 PM <DIR> HighMAT CD Writing Wizard
06/28/2004 11:09 AM <DIR> IBM
05/26/2004 04:47 PM <DIR> IBM DLA
05/26/2004 04:47 PM <DIR> IBM RecordNow!
06/28/2004 11:16 AM <DIR> Intel
11/29/2004 05:01 PM <DIR> Interact
03/10/2005 06:09 AM <DIR> Internet Explorer
05/26/2004 04:48 PM <DIR> InterVideo
08/19/2005 12:48 PM <DIR> iPod
05/19/2005 03:16 PM <DIR> iTunes
04/12/2005 04:15 PM <DIR> Java
09/06/2004 02:56 AM <DIR> JavaSoft
11/15/2004 03:01 AM <DIR> Lavasoft
03/10/2005 06:07 AM <DIR> Messenger
06/07/2004 03:32 PM <DIR> Microsoft ActiveSync
02/20/2003 12:14 PM <DIR> microsoft frontpage
06/07/2004 03:31 PM <DIR> Microsoft Office
06/07/2004 03:31 PM <DIR> Microsoft Visual Studio
06/07/2004 05:08 PM <DIR> Microsoft VM
09/05/2004 12:48 PM <DIR> Microsoft Works
06/07/2004 03:30 PM <DIR> Microsoft.NET
08/29/2005 11:48 PM <DIR> mIRC
03/04/2005 06:27 AM <DIR> Movie Maker
02/20/2003 12:09 PM <DIR> MSN Gaming Zone
03/04/2005 06:21 AM <DIR> NetMeeting
06/28/2004 10:44 AM <DIR> NetWaiting
06/07/2004 03:51 PM <DIR> OfficeUpdate11
06/07/2004 03:07 PM <DIR> Online Services
03/04/2005 06:21 AM <DIR> Outlook Express
05/19/2005 03:16 PM <DIR> QuickTime
03/02/2005 11:47 AM <DIR> ReadIRIS
06/07/2004 05:00 PM <DIR> Real
05/26/2004 04:42 PM <DIR> SBApps
09/06/2004 06:35 PM <DIR> Sony Corporation
11/03/2004 02:14 AM <DIR> SPSS
08/28/2005 12:07 PM <DIR> Spyware Doctor
05/26/2004 04:46 PM <DIR> Support.com
06/07/2004 03:11 PM <DIR> Symantec
06/07/2004 03:11 PM <DIR> Symantec_Client_Security
05/26/2004 04:01 PM <DIR> Synaptics
05/26/2004 04:35 PM <DIR> ThinkPad
06/07/2004 03:15 PM <DIR> TTERMPRO
03/04/2005 06:27 AM <DIR> Windows Media Player
03/04/2005 06:21 AM <DIR> Windows NT
11/06/2004 08:41 PM <DIR> WinMX
08/27/2005 07:58 PM <DIR> WinRAR
09/05/2004 02:02 PM <DIR> WinZip
06/07/2004 03:17 PM <DIR> WS_FTP
02/20/2003 12:14 PM <DIR> xerox
0 File(s) 0 bytes
69 Dir(s) 34,407,149,568 bytes free
Silent Runners
"Silent Runners.vbs", revision 40.1,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PCTools"]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"IBM RecordNow!" = (empty string)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
"HPAIO_PrintFolderMgr" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe" [null data]
"EZEJMNAP" = "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" ["IBM Corp."]
"BMMLREF" = "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [null data]
"BluetoothAuthenticationAgent" = "rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent" [MS]
"WinampAgent" = ""C:\Program Files\Winamp3\\winampa.exe"" [file not found]
"UC_Start" = "C:\Program Files\IBM\Updater\\ucstartup.exe" [null data]
"TrackPointSrv" = "tp4serv.exe" ["IBM Corporation"]
"TpShocks" = "TpShocks.exe" ["IBM Corp."]
"TPKMAPHELPER" = "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper" ["IBM Corp."]
"TPHOTKEY" = "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [null data]
"TP4EX" = "tp4ex.exe" ["IBM Corporation"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SetupType" = "Portable" [file not found]
"S3TRAY2" = "S3Tray2.exe" ["S3 Graphics, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"QCWLIcon" = "C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" ["IBM Corp."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" [file not found]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*Z" (unwritable string)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\IBM RecordNow!\shlext.dll" [null data]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\0\
DisplayName = "STUDENTS - Logon script"
0\ -> launches: "\\blue.ad.bentley.edu\SysVol\blue.ad.bentley.edu\Policies\{FB0227BC-A585-4F0D-8AEE-6299715C815C}\User\Scripts\Logon\script.vbs /STUDENT" [file not found]
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\
DisplayName = "STUDENTS - Logon script"
0\ -> launches: "\\blue.ad.bentley.edu\SysVol\blue.ad.bentley.edu\Policies\{FB0227BC-A585-4F0D-8AEE-6299715C815C}\User\Scripts\Logoff\logoff.vbs" [file not found]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\GRANAI_ALFR\My Documents\Image Transfer\'04_08_01_01\DCIM\101MSDCF\sandbar.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]
Startup items in "GRANAI_ALFR" & "All Users" startup folders:
-------------------------------------------------------------
C:\Documents and Settings\GRANAI_ALFR\Start Menu\Programs\Startup
"Microsoft Office OneNote 2003 Quick Launch" -> shortcut to: "C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr" [MS]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"Image Transfer" -> shortcut to: "C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe" [null data]
"Post-it® Software Notes Lite" -> shortcut to: "C:\Program Files\3M\PSN2Lite\Psn2Lite.exe -RegRun" ["3M"]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec Corporation"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
IBM KCU Service, TpKmpSVC, "C:\WINDOWS\system32\TpKmpSVC.exe" [null data]
IBM PM Service, IBMPMSVC, "C:\WINDOWS\System32\ibmpmsvc.exe" [null data]
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
QCONSVC, QCONSVC, "System32\QCONSVC.EXE" ["IBM Corp."]
Symantec AntiVirus Client, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 42 seconds, including 18 seconds for message boxes)
HJThis Log
Logfile of HijackThis v1.99.1
Scan saved at 2:02:46 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\HJ\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ecampus.bentley.edu/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SetupType] Portable
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://student1.bentley.edu/iNotes.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1125115932172O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
https://www-3.ibm.co...nt/IbmEgath.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {EFF2715A-2294-470D-BC71-B2FEFCB968AC} -
https://deploy.bentl...3C9/install.cabO16 - DPF: {F024C1CA-5915-462E-B7C0-3BC993206553} -
https://deploy.bentl...3C9/install.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\Software\..\Telephony: DomainName = blue.ad.bentley.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Program Files\80211abg\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe