"Silent Runners.vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Norton SystemWorks" = ""C:Program FilesNorton SystemWorkscfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz" ["Symantec Corporation"]
"eMuleAutoStart" = "C:Program FileseMuleemule.exe -AutoStart" [file not found]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"SunJavaUpdateSched" = "C:Program FilesJavaj2re1.4.2_03binjusched.exe" [null data]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"Recguard" = "C:WINDOWSSMINSTRECGUARD.EXE" [empty string]
"PS2" = "C:WINDOWSsystem32ps2.exe" ["Hewlett-Packard Company"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]
"NAV CfgWiz" = ""C:Program FilesNorton AntiVirusCfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"" ["Symantec Corporation"]
"LSBWatcher" = "c:hpdrivershplsbwatcherlsburnwatcher.exe" ["Hewlett-Packard Company"]
"KBD" = "C:HPKBDKBD.EXE" ["Hewlett-Packard Company"]
"ISUSScheduler" = ""C:Program FilesFichiers communsInstallShieldUpdateServiceissch.exe" -start" ["InstallShield Software Corporation"]
"IgfxTray" = "C:WINDOWSsystem32igfxtray.exe" ["Intel Corporation"]
"hpsysdrv" = "c:windowssystemhpsysdrv.exe" ["Hewlett-Packard Company"]
"BigDogPath" = "C:WINDOWSVM_STI.EXE Philips SPC 200NC PC Camera" ["BIGDOG"]
"AOLDialer" = "C:Program FilesFichiers communsAOLACSAOLDial.exe" ["America Online, Inc"]
"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"ccApp" = ""C:Program FilesFichiers communsSymantec SharedccApp.exe"" ["Symantec Corporation"]
"DiskeeperSystray" = ""C:Program FilesDiskeeper CorporationDiskeeperDkIcon.exe"" ["Diskeeper Corporation"]
"ISUSPM Startup" = "c:PROGRA~1FICHIE~1INSTAL~1UPDATE~1isuspm.exe -startup" ["InstallShield Software Corporation"]
HKLMSoftwareMicrosoftActive SetupInstalled Components
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = "Outlook Express"
StubPath = "C:WINDOWSsystem32shmgrate.exe OCInstallUserConfigOE" [MS]
{8b15971b-5355-4c82-8c07-7e181ea07608}(Default) = "Fax"
StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFfxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}(Default) = "Fax Provider"
StubPath = "rundll32.exe C:WINDOWSsystem32SetupFxsOcm.dll,XP_UninstallProvider" [MS]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesSpybot - Search & DestroySDHelper.dll" ["Safer Networking Limited"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}(Default) = (no title provided)
-> {HKLM...CLSID} = "Barre d'outils MSN Search Helper"
InProcServer32(Default) = "C:Program FilesMSN Toolbar SuiteTB 2.05.0000.1105fr-frmsntb.dll" [MS]
{BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
InProcServer32(Default) = "C:Program FilesNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
InProcServer32(Default) = "c:Program FilesSonic RecordNow!shlext.dll" [null data]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
InProcServer32(Default) = "C:WINDOWSsystem32ShellvRTF.dll" ["XSS"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"
-> {HKLM...CLSID} = "DisplayCplExt Class"
InProcServer32(Default) = "C:Program FilesStardockObject DesktopWindowBlindswbui.dll" ["Stardock.Net, Inc"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
InProcServer32(Default) = "C:WINDOWSsystem32dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
InProcServer32(Default) = "C:WINDOWSsystem32dfshim.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32browseui.dll" [MS]
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search"
-> {HKLM...CLSID} = "Windows Desktop Search"
InProcServer32(Default) = "C:Program FilesMSN Toolbar SuiteEXT 2.05.0001.1119fr-frmsnlExt.dll" [MS]
"{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "MSN Deskbar"
-> {HKLM...CLSID} = "Barre de recherche MSN"
InProcServer32(Default) = "C:Program FilesMSN Toolbar SuiteDB 2.05.0001.1119fr-frdeskbar.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows
INFECTION WARNING! "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
INFECTION WARNING! igfxcuiDLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! WBDLLName = "C:PROGRA~1StardockOBJECT~1WINDOW~1fastload.dll" ["Stardock"]
HKLMSoftwareClasses*shellexContextMenuHandlers
Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
InProcServer32(Default) = "C:Program FilesNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
InProcServer32(Default) = "C:Program FilesNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
Default executables:
--------------------
HKCUSoftwareClasses.bat(Default) = (value not set)
HKCUSoftwareClasses.cmd(Default) = (value not set)
HKCUSoftwareClasses.com(Default) = (value not set)
HKCUSoftwareClasses.exe(Default) = (value not set)
HKCUSoftwareClasses.hta(Default) = (value not set)
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsCompaq_PropriétaireLocal SettingsApplication DataMicrosoftWallpaper1.bmp"
Startup items in "Compaq_Propriétaire" & "All Users" startup folders:
---------------------------------------------------------------------
C:Documents and SettingsCompaq_PropriétaireMenu DémarrerProgrammesDémarrage
"Internet Explorer" -> shortcut to: "" [file not found]
C:Documents and SettingsAll UsersMenu DémarrerProgrammesDémarrage
"Windows Desktop Search" -> shortcut to: "C:Program FilesMSN Toolbar SuiteDS 2.05.0001.1119fr-frbinWindowsSearch.exe /startup" [MS]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Analyser mon ordinateur - Compaq_Propriétaire" -> launches: "C:PROGRA~1Norton AntiVirusNavw32.exe /task:"C:Documents and SettingsAll UsersApplication DataSymantecNorton AntiVirusTasksmycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:Program FilesNorton SystemWorksOBC.exe /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"]
"Symantec Drmc" -> launches: "C:Program FilesFichiers communsSymantec SharedSymDrmc.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:Program FilesSymantecLiveUpdateNDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "C:Program FilesNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Barre d'outils MSN Search"
InProcServer32(Default) = "C:Program FilesMSN Toolbar SuiteTB 2.05.0000.1105fr-frmsntb.dll" [MS]
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Barre d'outils MSN Search"
InProcServer32(Default) = "C:Program FilesMSN Toolbar SuiteTB 2.05.0000.1105fr-frmsntb.dll" [MS]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "C:Program FilesNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "C:Program FilesNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Barre d'outils MSN Search"
InProcServer32(Default) = "C:Program FilesMSN Toolbar SuiteTB 2.05.0000.1105fr-frmsntb.dll" [MS]
Explorer Bars
HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars
{9455301C-CF6B-11D3-A266-00C04F689C50}(Default) = (no title provided)
-> {HKLM...CLSID} = "&Organise-notes Encarta"
InProcServer32(Default) = "C:Program FilesFichiers communsMicrosoft SharedEncarta ResearcherEROPROJ.DLL" [MS]
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
InProcServer32(Default) = "C:WINDOWSsystem32Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{9455301C-CF6B-11D3-A266-00C04F689C50}
"ButtonText" = "Organise-notes"
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:WINDOWSINFIERESET.INF (used to "Reset Web Settings" )
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, "C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe" ["America Online, Inc."]
ATK Keyboard Service, ATKKeyboardService, "C:WINDOWSATKKBService.exe" ["ASUSTeK COMPUTER INC."]
Carte de performance WMI, WmiApSrv, "C:WINDOWSsystem32wbemwmiapsrv.exe" [MS]
Diskeeper, Diskeeper, ""C:Program FilesDiskeeper CorporationDiskeeperDkService.exe"" ["Diskeeper Corporation"]
HTTP SSL, HTTPFilter, "C:WINDOWSSystem32svchost.exe -k HTTPFilter" {"C:WINDOWSSystem32w3ssl.dll" [MS]}
LexBce Server, LexBceS, "C:WINDOWSsystem32LEXBCES.EXE" ["Lexmark International, Inc."]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:Program FilesNorton AntiVirusIWPNPFMntor.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:PROGRA~1Norton SystemWorksNorton UtilitiesNPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:Program FilesNorton AntiVirusnavapsvc.exe"" ["Symantec Corporation"]
Speed Disk service, Speed Disk service, "C:PROGRA~1Norton SystemWorksNorton UtilitiesSpeed DiskNOPDB.EXE" ["Symantec Corporation"]
StarWind iSCSI Service, StarWindService, "C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe" ["Rocket Division Software"]
Symantec Core LC, Symantec Core LC, "C:Program FilesFichiers communsSymantec SharedCCPD-LCsymlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:Program FilesFichiers communsSymantec SharedccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:Program FilesFichiers communsSymantec SharedSPBBCSPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLMSystemCurrentControlSetControlPrintMonitors
Lexmark Network PortDriver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 61 seconds, including 18 seconds for message boxes)