here it is and thank you for all the help
"Silent Runners.vbs", revision 40.1,
http://www.silentrunners.org/Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TaskTray" = "C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe" ["Creative Technology Ltd."]
"Taskbar" = "C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe" ["Creative Technology Ltd"]
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"EPSON Stylus Photo R300 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"CTStartup" = "C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"UpdReg" = "C:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"Jet Detection" = "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [empty string]
"Gainward" = "C:\WINDOWS\TBPanel.exe /A" ["Gainward Co."]
"ccRegVfy" = ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"CORSAIR_PLUtil" = "C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" ["Prolific Technology Inc."]
"PLFFAP" = "C:\WINDOWS\System32\HotfixQ0306270.exe" ["Prolific Technology Inc."]
"ControlPanel" = "C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile" [null data]
"dmjzu.exe" = "C:\WINDOWS\System32\dmjzu.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\CTStartup {++}
"CTStartup" = ""C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE" EAX.AVI" ["Creative Technology Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{08BEC6AA-49FC-4379-3587-4B21E286C19E}\(Default) = "SearchToolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\glipv.dll" [null data]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Share-to-Web Upload Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\HPGS2WNS.DLL" [file not found]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{336B02CE-F88A-4aea-8731-79EF94D3723A}" = "Free AOL & Unlimited Internet.url"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\aod\aodshext.dll" [file not found]
"{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQ\ICQShExt.dll" ["ICQ"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csicg.exe" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "NoBandCustomize"=dword:00000001
[disables toolbar status changes in Internet Explorer|View|Toolbars]
{User Configuration|Administrative Templates|Windows Components|
Internet Explorer|Toolbars|Disable customizing browser toolbars}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
C:\Documents and Settings\Administrator\Local Settings\History\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GR6XCJ4N\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U585SNW5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UHWR6BWH\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\howie\Local Settings\History\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\howie\Local Settings\History\History.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\howie\Local Settings\Temporary Internet Files\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\howie\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\howie\Local Settings\Temporary Internet Files\Content.IE5\GR6XCJ4N\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\howie\Local Settings\Temporary Internet Files\Content.IE5\U585SNW5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\howie\Local Settings\Temporary Internet Files\Content.IE5\UHWR6BWH\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\howie\Local Settings\Temporary Internet Files\Content.IE5\YTKFA5KR\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\8FSPY329\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\AXR49SRA\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\BJLJ79CW\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\CL4VSBCF\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\CNLVEQZ5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\E70BNG1W\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\ENI3QXI3\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\I1S7YPQ5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\JECVZH89\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\JLKE736S\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\L7FJ9PWE\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\LSSZ11C9\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\M825FHK8\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\MTHABYHS\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\PZBJHPWE\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\Q13CLSRE\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\RA8ZN5CH\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\TFN1RHRW\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\U5BWDKFU\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\UNEZQTEB\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\UXW32XI5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\W1M7CLYN\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\WHUF49YB\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\WN5FI67X\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\WVL7EI71\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\lisa_2\Local Settings\Temporary Internet Files\Content.IE5\XK0B11W5\DESKTOP.INI -- cannot be opened!
Startup items in "howie" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\lisa\Start Menu\Programs\Startup
INFECTION WARNING! "PowerReg Scheduler.exe" [empty string]
INFECTION WARNING! "PowerReg SchedulerV2.exe" [empty string]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Image Transfer" -> shortcut to: "C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe" [null data]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Monitor" -> shortcut to: "C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe -r" ["Arcsoft, Inc."]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{08BEC6AA-49FC-4379-3587-4B21E286C19E}" = "SearchToolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\glipv.dll" [null data]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{08BEC6AA-49FC-4379-3587-4B21E286C19E}" = "SearchToolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\glipv.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{08BEC6AA-49FC-4379-3587-4B21E286C19E}" = "SearchToolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\glipv.dll" [null data]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{6224F700-CBA3-4071-B251-47CB894244CD}\
"ButtonText" = "ICQ Pro"
"MenuText" = "ICQ"
"Exec" = "C:\PROGRA~1\ICQ\ICQ.exe" ["ICQ Inc."]
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
OmniHTTPd Professional, OmniHTTPd, "C:\httpd\ohttpd.exe -p Default -s" [null data]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 301 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 15 seconds.
---------- (total run time: 601 seconds)