"Silent Runners.vbs", revision 36, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpyEmergency" = ""C:\Program Files\Spy Emergency 2005\SpyEmergency.exe"" ["NETGATE"]
"AOL Fast Start" = ""C:\Program Files\America Online 9.0c\AOL.EXE" -b" ["America Online, Inc."]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"QYVHYkEx" = "C:\PROGRA~1\usqwsptx\GMgCA4BN.exe" [null data]
"AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"" ["Lavasoft Sweden"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\McAgent.exe" ["McAfee, Inc"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow! Plus\shlext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{80B24180-4EFB-11D3-A99A-00A024DDB436}" = "iolo Incinerator Properties Pages"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\incinerator.dll" ["iolo technologies, LLC"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "smrgdf C:\Program Files\iolo\System Mechanic 5\" [null data], [file not found], [file not found], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssflwbox.scr" [MS]
Enabled Wallpaper and Active Desktop:
-------------------------------------
Active Desktop is disabled.
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\jerimie piccola\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"
Enabled Scheduled Tasks:
------------------------
"McAfee.com Update Check (D6HW2R61-Owner)" -> launches: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-jerimie piccola)" -> launches: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-tharock)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {CLSID}\(Default) = "Yahoo! Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {CLSID}\(Default) = "Yahoo! Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\PROGRA~1\Yahoo!\Messenger\YPager.exe" ["Yahoo! Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
AOL TopSpeed Monitor, AOL TopSpeedMonitor, "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ["America Online, Inc"]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- May 07 , 2005 10:02 Pm Scaned agian I dunno if anything is diferrent Plz Help *
-------------------------------------------------------------------------------------------------"Silent Runners.vbs", revision 36, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpyEmergency" = ""C:\Program Files\Spy Emergency 2005\SpyEmergency.exe"" [file not found]
"AOL Fast Start" = ""C:\Program Files\America Online 9.0c\AOL.EXE" -b" ["America Online, Inc."]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"QYVHYkEx" = "C:\PROGRA~1\usqwsptx\GMgCA4BN.exe" [null data]
"AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"" ["Lavasoft Sweden"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\McAgent.exe" ["McAfee, Inc"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow! Plus\shlext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{80B24180-4EFB-11D3-A99A-00A024DDB436}" = "iolo Incinerator Properties Pages"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\incinerator.dll" ["iolo technologies, LLC"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [file not found]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [file not found]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [file not found]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [file not found]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [file not found]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "smrgdf C:\Program Files\iolo\System Mechanic 5\" [null data], [file not found], [file not found], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssflwbox.scr" [MS]
Enabled Wallpaper and Active Desktop:
-------------------------------------
Active Desktop is disabled.
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\jerimie piccola\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"
Enabled Scheduled Tasks:
------------------------
"McAfee.com Update Check (D6HW2R61-Owner)" -> launches: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-jerimie piccola)" -> launches: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-tharock)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {CLSID}\(Default) = "Yahoo! Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {CLSID}\(Default) = "Yahoo! Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\PROGRA~1\Yahoo!\Messenger\YPager.exe" ["Yahoo! Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
AOL TopSpeed Monitor, AOL TopSpeedMonitor, "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ["America Online, Inc"]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.