"Silent Runners.vbs", revision 55, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "System Mechanic Startup Guard" = ""C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"" ["iolo technologies, LLC"] "SpybotSD TeaTimer" = ""C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"" [file not found] "Shareaza" = ""C:\Program Files\Shareaza\Shareaza.exe" -tray" ["Shareaza Development Team"] "RegDfrgSch" = "G:\Programmini\Advanced.Registry.Doctor.PRO.v2.2\Advanced Registry Doctor\RegDfrgSch.exe /tray" [file not found] "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [file not found] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Mozilla Quick Launch" = ""d:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo" ["Mozilla Foundation"] "ditraym.exe" = ""C:\Program Files\Pa-software\Disc image demo\ditraym.exe"" ["Pa-software"] "AdobeUpdater" = "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "00PCTFW" = ""C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s" ["PC Tools"] "EnGraph QuickTimeKiller" = ""C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe"" ["install"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."] "WinampAgent" = "f:\Program Files\Winamp\winampa.exe" [file not found] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [file not found] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "LyraHD2TrayApp" = ""G:\Lyra\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"" [file not found] "Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."] "DVDTray" = ""C:\Program Files\HP DVD\Umbrella\DVDTray.exe"" ["Hewlett-Packard Company"] "DVDBitSet" = ""C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI" ["Hewlett-Packard Company"] "DAEMON Tools-1033" = ""D:\Programmini\Daemon\daemon.exe" -lang 1033" [file not found] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "CloneCDTray" = ""G:\Programmini\CloneCD\CloneCDTray.exe" /s" [file not found] "Adobe_ID0EYTHM" = "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" ["Adobe Systems Incorporated"] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "Adobe Photo Downloader" = ""G:\Adobe Elements\apdproxy.exe"" [file not found] "Acrobat Assistant 8.0" = ""D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."] "SpySweeper" = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray" ["Webroot Software, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Expression\Office12\msohevi.dll" [MS] "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" -> {HKLM...CLSID} = "ImageExtractorShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data] "{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}" -> {HKLM...CLSID} = "CInfoTipShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data] "{D845084B-D812-4CA2-A451-645608B24F85}" = "Disc image shell menu extension" -> {HKLM...CLSID} = "DIShellMenu" \InProcServer32\(Default) = "C:\Program Files\Pa-software\Disc image demo\dishlext.dll" ["Pa-software"] "{80B24180-4EFB-11D3-A99A-00A024DDB436}" = "iolo Incinerator Properties Pages" -> {HKLM...CLSID} = "iolo Incinerator Properties Pages" \InProcServer32\(Default) = "C:\WINDOWS\system32\INCINE~1.DLL" ["iolo technologies, LLC"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "Yahoo! Mail Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" ["Yahoo! Inc."] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544}" = "Siti Web" -> {HKLM...CLSID} = "Siti Web" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\12\BIN\FPNSE.DLL" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <> "BootExecute" = "PDBoot.exe" ["Raxco Software, Inc."]|"autocheck autochk *"|"smrgdf C:\Program Files\iolo\System Mechanic 5 Professional\" [null data]|"lsdelete" [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] <> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "Yahoo! Mail Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" ["Yahoo! Inc."] {58C83EE0-5261-11D3-81DC-D2AB3F16133C}\(Default) = "{58C83EE0-5261-11D3-81DC-D2AB3F16133C}" -> {HKLM...CLSID} = "iolo Incinerator Context Menu for Files" \InProcServer32\(Default) = "C:\WINDOWS\system32\incinerator.dll" ["iolo technologies, LLC"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] {58C83EE0-5261-11D3-81DC-D2AB3F16133C}\(Default) = "{58C83EE0-5261-11D3-81DC-D2AB3F16133C}" -> {HKLM...CLSID} = "iolo Incinerator Context Menu for Files" \InProcServer32\(Default) = "C:\WINDOWS\system32\incinerator.dll" ["iolo technologies, LLC"] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClearRecentDocsOnExit" = (REG_BINARY) hex:00 00 00 00 00 00 00 00 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} "EnableLUA" = (REG_DWORD) dword:0x00000000 {User Account Control: Run All Administrators In Admin Approval Mode} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\emachines.bmp"