Silent Runners
"Silent Runners.vbs", revision 45,
http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Hot Key Kbd 2690 Daemon" = "SK2690DM.EXE" ["Silitek Corporation"]
"PCTVOICE" = "pctspk.exe" ["PCtel, Inc."]
"VTPreset" = "VTPreset.exe" ["S3 Graphics, Inc."]
"C-Media Speaker Configuration" = "F:\Sound\C-Media\WinXP\Setup.exe /SPEAKER" [file not found]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"EPSON Stylus C44 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"" ["SEIKO EPSON CORPORATION"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{08E74C67-99A6-45C7-94DA-A397A8FD8082}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PopupManager Class"
\InProcServer32\(Default) = "C:\Program Files\Popup Manager\PopupMgr_1.0.1.8P.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKCU...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities\sdshelex.dll" ["TuneUp Software GmbH"]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {HKLM...CLSID} = "SmartFTP Shell Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{83D96563-DB11-42DF-92F9-32CE7BA54ED8}" = "Altova Shortcut Drop Handler"
-> {HKLM...CLSID} = "Altova Shortcut Drop Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\LinkDropHandler.dll" ["Altova GmbH"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "D:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
Camouflage\(Default) = "{29557489-990B-11D4-9413-004095490AD4}"
-> {HKLM...CLSID} = "CamouflageShell.ShellExt"
\InProcServer32\(Default) = "C:\Program Files\Camouflage\CamShell.dll" ["Twisted Pear Productions"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
HKLM\Software\Classes\.hta\(Default) = (value not set)
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\John McKenzie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "John McKenzie" & "All Users" startup folders:
---------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]
Enabled Scheduled Tasks:
------------------------
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{2222EF56-F49E-4D07-A14E-8D2B08766958}\
"ButtonText" = "Edit with Altova X&MLSpy"
"MenuText" = "Edit with Altova X&MLSpy"
"Script" = "C:\Program Files\Altova\XMLSpy2005\spy.htm" [null data]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.wanadoo.co.uk
Missing lines (compared with English-language version):
[Strings]: 1 line
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Diskeeper, Diskeeper, ""d:\Program Files\Executive Software\DiskeeperLite\DKService.exe"" ["Executive Software International, Inc."]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
Kerio Personal Firewall, PersFw, ""C:\Program Files\Kerio\Personal Firewall\persfw.exe"" ["Kerio Technologies"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 251 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 63 seconds.
---------- (total run time: 377 seconds)
GMER
GMER 1.0.10.10122 -
http://www.gmer.net
Rootkit 2006-06-11 20:47:19
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.10 ----
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateSection
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{4BCD7FEA-E71B-45EB-8BA0-963757A9039D}
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{4BCD7FEA-E71B-45EB-8BA0-963757A9039D}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information\_restore{4BCD7FEA-E71B-45EB-8BA0-963757A9039D}
File I:\System Volume Information\MountPointManagerRemoteDatabase
File I:\System Volume Information\tracking.log
File I:\System Volume Information\_restore{4BCD7FEA-E71B-45EB-8BA0-963757A9039D}
File J:\System Volume Information\MountPointManagerRemoteDatabase
File J:\System Volume Information\tracking.log
File J:\System Volume Information\_restore{4BCD7FEA-E71B-45EB-8BA0-963757A9039D}
File K:\System Volume Information\MountPointManagerRemoteDatabase
File K:\System Volume Information\tracking.log
File K:\System Volume Information\_restore{4BCD7FEA-E71B-45EB-8BA0-963757A9039D}
---- EOF - GMER 1.0.10 ----
StartDreck
StartDreck (build 2.1.7 public stable) - 2006-06-11 @ 20:08:59 (GMT +01:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as John McKenzie at JOHNSCOMPUTER
舞egistry
舞un Keys
翟urrent User
舞un
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
舞unOnce
聞efault User
舞un
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
*ALUAlert=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
舞unOnce
腿ocal Machine
舞un
*Hot Key Kbd 2690 Daemon=SK2690DM.EXE
*PCTVOICE=pctspk.exe
*VTPreset=VTPreset.exe
*C-Media Speaker Configuration=F:\Sound\C-Media\WinXP\Setup.exe /SPEAKER
*Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
*SpeedTouch USB Diagnostics="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
*AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
*AVG7_EMC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
*EPSON Stylus C44 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
*NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
*SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
*Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
舞unOnce
舞unServices
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
+0=<idle>
+4=<system>
+512=\SystemRoot\System32\smss.exe
+584=\??\C:\WINDOWS\system32\csrss.exe
+608=\??\C:\WINDOWS\system32\winlogon.exe
+652=C:\WINDOWS\system32\services.exe
+664=C:\WINDOWS\system32\lsass.exe
+808=C:\WINDOWS\system32\svchost.exe
+852=C:\WINDOWS\system32\svchost.exe
+888=C:\Program Files\Windows Defender\MsMpEng.exe
+932=C:\WINDOWS\System32\svchost.exe
+1032=C:\WINDOWS\System32\svchost.exe
+1088=C:\WINDOWS\System32\svchost.exe
+1192=C:\WINDOWS\system32\spoolsv.exe
+1308=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
+1324=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
+1400=d:\Program Files\Executive Software\DiskeeperLite\DKService.exe
+1432=C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
+1464=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
+1504=C:\Program Files\Kerio\Personal Firewall\persfw.exe
+1736=C:\WINDOWS\system32\wdfmgr.exe
+1960=C:\WINDOWS\Explorer.EXE
+556=C:\WINDOWS\system32\SK2690DM.EXE
+776=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
+960=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
+984=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
+1000=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
+1132=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
+1108=C:\Program Files\Windows Defender\MSASCui.exe
+1240=C:\WINDOWS\system32\ctfmon.exe
+1664=C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
+2052=C:\WINDOWS\system32\wuauclt.exe
+2816=C:\Documents and Settings\John McKenzie\Desktop\StartDreck\StartDreck.exe
翠pplication specific
HJT Uninstall List
Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 6.0.1
Adobe SVG Viewer 3.0
Altova XMLSpy 2005 Home Edition
Anti-Leech Plugin for Internet Explorer
AOL Instant Messenger
AVG Free Edition
BHA B's Recorder GOLD 5.09
BitTornado 0.3.7
BlueJ 2.0.0
Camouflage
CCleaner (remove only)
CD Stomper 32 bit
CleanUp!
C-Media 3D Audio
dBpowerAMP FLAC Codec
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
dBpowerAMP Real Audio Codec
dBpowerAMP Shorten Codec
dBpowerAMP WMA V9 Codec
DC++ (remove only)
DirMS-S
Diskeeper Lite
DivX
DivX Player
DVD Decrypter (Remove Only)
EPSON Printer Software
FeedReader
FileMerlin
Generic 1.3 CMOS USB Camera
HijackThis 1.99.1
HSP56 MR Drivers
HTML-Kit
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Kaspersky On-line Scanner
Kerio Personal Firewall 2.1.5
LeaguePad
Macromedia Extension Manager
Macromedia Flash Player 8
Micro Trivial Pursuit
Microsoft Data Access Components KB870669
Microsoft DirectX Transform optional components
Microsoft Office Professional Edition 2003
Microsoft Web Publishing Wizard 1.53
Microsoft XML Parser and SDK
mIRC
Mozilla Firefox (1.0.6)
MSN Messenger 7.5
Nero Suite
OpenMG Limited Patch 3.1-02-10-22-01
OpenMG Limited Patch 3.1-02-10-22-02
OpenMG Limited Patch 3.1-02-12-04-01
OpenMG Secure Module 3.1
Opera
Panda ActiveScan
PCI Audio Applications
Picture Package
Popup Manager (remove only)
PowerDVD
PrintFolder 1.2
ProSavageDDR and Utilities
QuickTime
RealPlayer
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
SELECT SSADM Workbench Single User
SiS 661FX_760_741_M661FX_M760_M741
SiS 900 PCI Fast Ethernet Adapter Driver
SmartFTP
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SonicStage 1.5.06
Sony USB Driver
SoulSeek 157 test 8
SoulSeek Client 156c
SpeedTouch USB Software
Spybot - Search & Destroy 1.2
SpywareBlaster v3.2
TMPGEnc DVD Author 1.5
Touch Manager (PS/2 Internet Compact Keyboard)
TuneUp Utilities 2003
Ulead GIF Animator 5 ESD
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Wanadoo Connection Kit v1.5
WildTangent Web Driver
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinPcap 3.1 beta3
WinRAR archiver
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger with BT Communicator