Tech Support Forum - View Single Post

nuzzskee · 08-17-2005, 05:41 AM

here is the Silent Runner file

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LDM" = "\Program\BackWeb-8876480.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ADUserMon" = "E:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"]
"Iomega Drive Icons" = "E:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"]
"Deskup" = "E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART" ["Iomega"]
"Motive SmartBridge" = "E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"MPFExe" = "E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"Microsoft Works Update Detection" = "E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"HPDJ Taskbar Utility" = "E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"HPHUPD05" = "E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" ["Hewlett-Packard"]
"HP Component Manager" = ""E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HPHmon05" = "E:\WINDOWS\system32\hphmon05.exe" ["Hewlett-Packard"]
"HP Software Update" = "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"AVG7_CC" = "E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"MCAgentExe" = "e:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"AVG7_EMC" = "E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."]
"{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\system32\upnpui.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\ABBYY\FineReader 6.0\FECMenu.dll" ["ABBYY (BIT Software)"]
NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}"
-> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\ssstars.scr" [MS]

Startup items in "Nancy" & "All Users" startup folders:
-------------------------------------------------------

E:\Documents and Settings\Nancy\Start Menu\Programs\Startup
"Office Startup" -> shortcut to: "E:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Logitech Desktop Messenger" -> shortcut to: "E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Marimba User Login" -> shortcut to: "E:\WINDOWS\system32\wscript.exe C:\marimba\mbsacliapp\getuser.vbe" [MS]

Enabled Scheduled Tasks:
------------------------

"HP Usg Daily" -> launches: "E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe" [empty string]
"McAfee.com Update Check (NANCY-7KWMCA4TO-admin 1)" -> launches: "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (NANCY-7KWMCA4TO-Nancy)" -> launches: "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "e:\program files\google\googletoolbar_en_2.0.113-deleon.dll" ["Google Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "e:\program files\google\googletoolbar_en_2.0.113-deleon.dll" ["Google Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\msjava.dll" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "E:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["C-Dilla Ltd"]
Castanet Tuner 4.6, Marimba, "C:\Marimba\CASTAN~1\Tuner.exe" ["Marimba, Inc."]
Client Service for NetWare, NWCWorkstation, "E:\WINDOWS\System32\svchost.exe -k netsvcs" {"E:\WINDOWS\System32\nwwks.dll" [MS]}
Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""E:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"]
Iomega App Services, Iomega App Services, ""E:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"]
McAfee Personal Firewall Service, MpfService, "E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "E:\WINDOWS\system32\HPZipm12.exe" ["HP"]
SMS Agent Host, CcmExec, "E:\WINDOWS\system32\CCM\CcmExec.exe" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 169 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 118 seconds.
---------- (total run time: 430 seconds)

08-17-2005, 05:41 AM	#4 (permalink)
nuzzskee Registered User Join Date: Oct 2004 Posts: 15 OS: XP	here is the Silent Runner file "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "LDM" = "\Program\BackWeb-8876480.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ADUserMon" = "E:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"] "Iomega Drive Icons" = "E:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"] "Deskup" = "E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART" ["Iomega"] "Motive SmartBridge" = "E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."] "MPFExe" = "E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "Microsoft Works Update Detection" = "E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"] "QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "TkBellExe" = ""E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "HPDJ Taskbar Utility" = "E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"] "HPHUPD05" = "E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" ["Hewlett-Packard"] "HP Component Manager" = ""E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HPHmon05" = "E:\WINDOWS\system32\hphmon05.exe" ["Hewlett-Packard"] "HP Software Update" = "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "AVG7_CC" = "E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "MCAgentExe" = "e:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"] "AVG7_EMC" = "E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll" [file not found] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."] "{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices" -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\system32\upnpui.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."] "{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS] "{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS] "{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] HKLM\Software\Classes\\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\ABBYY\FineReader 6.0\FECMenu.dll" ["ABBYY (BIT Software)"] NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}" -> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "E:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "E:\WINDOWS\System32\ssstars.scr" [MS] Startup items in "Nancy" & "All Users" startup folders: ------------------------------------------------------- E:\Documents and Settings\Nancy\Start Menu\Programs\Startup "Office Startup" -> shortcut to: "E:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS] E:\Documents and Settings\All Users\Start Menu\Programs\Startup "Logitech Desktop Messenger" -> shortcut to: "E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"] "Marimba User Login" -> shortcut to: "E:\WINDOWS\system32\wscript.exe C:\marimba\mbsacliapp\getuser.vbe" [MS] Enabled Scheduled Tasks: ------------------------ "HP Usg Daily" -> launches: "E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe" [empty string] "McAfee.com Update Check (NANCY-7KWMCA4TO-admin 1)" -> launches: "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"] "McAfee.com Update Check (NANCY-7KWMCA4TO-Nancy)" -> launches: "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "e:\program files\google\googletoolbar_en_2.0.113-deleon.dll" ["Google Inc."] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "e:\program files\google\googletoolbar_en_2.0.113-deleon.dll" ["Google Inc."] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\msjava.dll" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, "E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] C-DillaCdaC11BA, C-DillaCdaC11BA, "E:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["C-Dilla Ltd"] Castanet Tuner 4.6, Marimba, "C:\Marimba\CASTAN~1\Tuner.exe" ["Marimba, Inc."] Client Service for NetWare, NWCWorkstation, "E:\WINDOWS\System32\svchost.exe -k netsvcs" {"E:\WINDOWS\System32\nwwks.dll" [MS]} Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""E:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"] Iomega App Services, Iomega App Services, ""E:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"] McAfee Personal Firewall Service, MpfService, "E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"] Pml Driver HPZ12, Pml Driver HPZ12, "E:\WINDOWS\system32\HPZipm12.exe" ["HP"] SMS Agent Host, CcmExec, "E:\WINDOWS\system32\CCM\CcmExec.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see everywhere* the script checks and everything it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 169 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 118 seconds. ---------- (total run time: 430 seconds)