Dear didom,
I followed your instructions,
I could not find
O4-HKLM\..\Run:[dmohw.exe] C:\WINNT\system32\dmohw.exe
The system seems to work properly.
A program typ3osa communicating with external device on TCP IP lost the configuration, made me scared a bit about future actions.
In a any case I set it again, and now seems to work well.
Here you have the log and txt files. Thanks
The O17 -HKLM\System\CCS\services Tcpip is listed only if I run HijackThis while I have an internet connection active
********* WITH No INTERNET CONNECTION *********
Logfile of HijackThis v1.99.1
Scan saved at 20:23:49, on 21/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\typ3pcp\bin\bnfsserv.exe
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINNT\system32\Hummbird\inetd32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\netdde.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\OpcEnum.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\WINNT\Explorer.EXE
C:\Siemens\Common\S7IEPG\s7oiehsx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
D:\Fun\RealPlayer\RealPlay.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\WINNT\system32\ntvdm.exe
C:\hijackthis\HijackThis.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: 142.3.0.1 typ3osa
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!
http://195.225.176.5...m::/painter.exeO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.s...rl/LSSupCtl.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.r...RdxIE601_it.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...rl/SymAData.cabO23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bosch NFS Server (BoschNFSServer) - Bosch Rexroth AG BRC/ESM11 - C:\typ3pcp\bin\bnfsserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Programmi\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: HCLInetd - Hummingbird Communications Ltd. - C:\WINNT\system32\Hummbird\inetd32.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe
****************************************
"Silent Runners.vbs", revision 41,
http://www.silentrunners.org/Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "ctfmon.exe" [MS]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled {++}
"UnSpyPC" = ""C:\Programmi\UnSpyPC\UnSpyPC.exe"" [file not found]
"Yahoo! Pager" = "C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"ctfmon.exe" = "ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\AutorunsDisabled {++}
"winlogon.exe" = "helper.exe" [file not found]
"notepad.exe" = "msmsgs.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Apoint" = "C:\Programmi\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"HPDJ Taskbar Utility" = "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"(Default)" = (empty string)
"ccApp" = ""C:\Programmi\File comuni\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"TkBellExe" = ""C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled {++}
"ADUserMon" = "C:\Programmi\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"]
"ATIPTA" = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"ccApp" = ""C:\Programmi\File comuni\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"CHotkey" = "mHotkey.exe" ["Chicony"]
"Typ3Logbook" = "C:\typ3pcp\bin\mfclogbuch.exe -debug" ["Bosch Rexroth AG"]
"TkBellExe" = ""C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"StatusClient" = "C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto" ["Hewlett-Packard"]
"SSC_UserPrompt" = "C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"S7UB Start" = ""C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB" ["SIEMENS AG"]
"RoxioEngineUtility" = ""C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"" ["Roxio"]
"RoxioDragToDisc" = ""C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"" ["Roxio"]
"RoxioAudioCentral" = ""C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"" ["Roxio, Inc."]
"Deskup" = "C:\Programmi\Iomega\DriveIcons\deskup.exe /IMGSTART" ["Iomega"]
"Error Nuker" = "C:\Programmi\Error Nuker\bin\ErrorNuker.exe autostart" [file not found]
"Iomega Drive Icons" = "C:\Programmi\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"]
"projselector" = ""C:\Programmi\File comuni\Roxio Shared\Project Selector\projselector.exe" -r" ["Roxio"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\msohev.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
UltimateZip\(Default) = "{2F860D81-AF3C-11D4-BDB3-00E0987D8540}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ULTIMA~1.7\uzshlex.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "fulvio" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"Microsoft Office" -> shortcut to: "C:\Programmi\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scansione del computer - fulvio" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 04, 07 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\programmi\google\googletoolbar2.dll" ["Google Inc."]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programmi\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\shdocvw.dll" [MS]
"Exec" = "C:\Programmi\IrfanView\Ebay\Ebay.htm" [null data]
HOSTS file
----------
C:\WINNT\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINNT\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Automation License Manager Service, almservice, "C:\Siemens\Common\sws\almsrv\almsrvx.exe" ["SIEMENS AG"]
Bosch NFS Server, BoschNFSServer, "C:\typ3pcp\bin\bnfsserv.exe" ["Bosch Rexroth AG BRC/ESM11"]
Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."]
DDE DSDM di rete, NetDDEdsdm, "C:\WINNT\system32\netdde.exe" [MS]
Harmony, Harmony, "C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE" ["Rockwell Software Inc."]
HCLInetd, HCLInetd, "C:\WINNT\system32\Hummbird\inetd32.exe" ["Hummingbird Communications Ltd."]
Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""C:\Programmi\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"]
Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"]
Machine Debug Manager, MDM, ""C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
OpcEnum, OpcEnum, "C:\WINNT\system32\OpcEnum.exe" ["OPC Foundation"]
RSLinx, RSLinx, "C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE /SERVICE" ["Rockwell Software, Inc."]
S7 Global Services, s7asysvx, "C:\Siemens\Step7\S7BIN\s7asysvx.exe" ["SIEMENS AG"]
Servizio Auto-Protect di Norton AntiVirus, navapsvc, ""C:\Programmi\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
SIMATIC IEPG Help Service, s7oiehsx, "C:\Siemens\Common\S7IEPG\s7oiehsx.exe" ["SIEMENS AG"]
Sistema di eventi COM+, EventSystem, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\es.dll" [null data]}
SmartLinkService, SLService, "slserv.exe" [" "]
Symantec Core LC, Symantec Core LC, "C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 23 seconds, including 5 seconds for message boxes)