Hello didom,
here is the SilentRunner.vbx txtfile. I used the SilentRunner I downloaded a few days ago, I hope it is still
up to date
Thank you
*************************
"Silent Runners.vbs", revision 41,
http://www.silentrunners.org/Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "ctfmon.exe" [MS]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled {++}
"UnSpyPC" = ""C:\Programmi\UnSpyPC\UnSpyPC.exe"" [file not found]
"Yahoo! Pager" = "C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"ctfmon.exe" = "ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\AutorunsDisabled {++}
"winlogon.exe" = "helper.exe" [file not found]
"notepad.exe" = "msmsgs.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Apoint" = "C:\Programmi\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"HPDJ Taskbar Utility" = "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"(Default)" = (empty string)
"ccApp" = ""C:\Programmi\File comuni\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"TkBellExe" = ""C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled {++}
"ADUserMon" = "C:\Programmi\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"]
"ATIPTA" = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"ccApp" = ""C:\Programmi\File comuni\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"CHotkey" = "mHotkey.exe" ["Chicony"]
"Typ3Logbook" = "C:\typ3pcp\bin\mfclogbuch.exe -debug" ["Bosch Rexroth AG"]
"TkBellExe" = ""C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"StatusClient" = "C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto" ["Hewlett-Packard"]
"SSC_UserPrompt" = "C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"S7UB Start" = ""C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB" ["SIEMENS AG"]
"RoxioEngineUtility" = ""C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"" ["Roxio"]
"RoxioDragToDisc" = ""C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"" ["Roxio"]
"RoxioAudioCentral" = ""C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"" ["Roxio, Inc."]
"Deskup" = "C:\Programmi\Iomega\DriveIcons\deskup.exe /IMGSTART" ["Iomega"]
"Error Nuker" = "C:\Programmi\Error Nuker\bin\ErrorNuker.exe autostart" [file not found]
"Iomega Drive Icons" = "C:\Programmi\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"]
"projselector" = ""C:\Programmi\File comuni\Roxio Shared\Project Selector\projselector.exe" -r" ["Roxio"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\msohev.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "fulvio" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"Microsoft Office" -> shortcut to: "C:\Programmi\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scansione del computer - fulvio" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 04, 07 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\programmi\google\googletoolbar2.dll" ["Google Inc."]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\shdocvw.dll" [MS]
"Exec" = "C:\Programmi\IrfanView\Ebay\Ebay.htm" [null data]
HOSTS file
----------
C:\WINNT\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINNT\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Automation License Manager Service, almservice, "C:\Siemens\Common\sws\almsrv\almsrvx.exe" ["SIEMENS AG"]
Bosch NFS Server, BoschNFSServer, "C:\typ3pcp\bin\bnfsserv.exe" ["Bosch Rexroth AG BRC/ESM11"]
Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."]
DDE DSDM di rete, NetDDEdsdm, "C:\WINNT\system32\netdde.exe" [MS]
Harmony, Harmony, "C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE" ["Rockwell Software Inc."]
HCLInetd, HCLInetd, "C:\WINNT\system32\Hummbird\inetd32.exe" ["Hummingbird Communications Ltd."]
Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""C:\Programmi\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"]
Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"]
Machine Debug Manager, MDM, ""C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
OpcEnum, OpcEnum, "C:\WINNT\system32\OpcEnum.exe" ["OPC Foundation"]
RSLinx, RSLinx, "C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE /SERVICE" ["Rockwell Software, Inc."]
S7 Global Services, s7asysvx, "C:\Siemens\Step7\S7BIN\s7asysvx.exe" ["SIEMENS AG"]
Servizio Auto-Protect di Norton AntiVirus, navapsvc, ""C:\Programmi\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
SIMATIC IEPG Help Service, s7oiehsx, "C:\Siemens\Common\S7IEPG\s7oiehsx.exe" ["SIEMENS AG"]
Sistema di eventi COM+, EventSystem, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\es.dll" [null data]}
SmartLinkService, SLService, "slserv.exe" [" "]
Symantec Core LC, Symantec Core LC, "C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 28 seconds, including 11 seconds for message boxes)