“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ModemOnHold” = “C:\Program Files\NetWaiting\netWaiting.exe” [null data] “DellSupport” = ““C:\Program Files\Dell Support\DSAgnt.exe” /startup” [“Gteko Ltd.”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “BandwidthMonitor” = “C:\Program Files\BandwidthMonitor\BWMonitor.exe” [“BWMONITOR.COM”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “igfxtray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”] “igfxhkcmd” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”] “igfxpers” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “SigmatelSysTrayApp” = “stsystra.exe” [“SigmaTel, Inc.”] “DMXLauncher” = “C:\Program Files\Dell\Media Experience\DMXLauncher.exe” [null data] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “Dell QuickSet” = “C:\Program Files\Dell\QuickSet\Quickset.exe” [“Dell Inc”] “IntelZeroConfig” = ““C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”” [“Intel Corporation”] “IntelWireless” = ““C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless” [“Intel Corporation”] “CTSVolFE.exe” = ““C:\Program Files\Creative\Mixer\CTSVolFE.exe” /r” [“Creative Technology Ltd”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] “Norton Ghost 10.0” = ““C:\Program Files\Norton Ghost\Agent\GhostTray.exe”” [“Symantec Corporation”] “ISUSPM Startup” = ““C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup” [“InstallShield Software Corporation”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“InstallShield Software Corporation”] “(Default)” = “(empty string)” [file not found] “MCAgentExe” = “c:\PROGRA~1\mcafee.com\agent\mcagent.exe” [“McAfee, Inc”] “MCUpdateExe” = “c:\PROGRA~1\mcafee.com\agent\mcupdate.exe” [“McAfee, Inc”] “MSKDetectorExe” = “C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup” [“McAfee, Inc.”] “DLA” = “C:\WINDOWS\System32\DLA\DLACTRLW.EXE” [“Sonic Solutions”] “Google Desktop Search” = ““C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup” [null data] “MSKAGENTEXE” = “C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe” [“McAfee Inc.”] “Corel Photo Downloader” = “C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe” [“Corel, Inc.”] “MPFExe” = “C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe” [“McAfee Security”] “Winamp Agent” = “C:\Program Files\Winamp\winampa.exe” [null data] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “VSOCheckTask” = ““C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask” [“McAfee, Inc.”] “VirusScan Online” = “C:\Program Files\McAfee.com\VSO\mcvsshld.exe” [“McAfee, Inc.”] “OASClnt” = “C:\Program Files\McAfee.com\VSO\oasclnt.exe” [“McAfee, Inc.”] “MPSExe” = “c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding” [“McAfee, Inc.”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “TrojanScanner” = “C:\Program Files\Trojan Remover\Trjscan.exe” [“Simply Super Software”] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“GRISOFT s.r.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}(Default) = (no title provided) -> {HKLM…CLSID} = “McBrwHelper Class” \InProcServer32(Default) = “c:\program files\mcafee.com\mps\mcbrhlpr.dll” [“McAfee, Inc.”] {3EC8255F-E043-4cae-8B3B-B191550C2A22}(Default) = “McAfee PopupKiller” -> {HKLM…CLSID} = “McAfee Privacy Service Popup Blocker” \InProcServer32(Default) = “c:\program files\mcafee.com\mps\popupkiller.dll” [“McAfee, Inc.”] {41D68ED8-4CFF-4115-88A6-6EBB8AF19000}(Default) = (no title provided) -> {HKLM…CLSID} = “McAfee AntiPhishing Filter” \InProcServer32(Default) = “c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll” [“McAfee, Inc.”] {5CA3D70E-1895-11CF-8E15-001234567890}(Default) = “*a” (unwritable string) -> {HKLM…CLSID} = “DriveLetterAccess” \InProcServer32(Default) = “C:\WINDOWS\System32\DLA\DLASHX_W.DLL” [“Sonic Solutions”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Notifier BHO” \InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”] {CA6319C0-31B7-401E-A518-A07C3DB8F777}(Default) = “Browser Address Error Redirector” -> {HKLM…CLSID} = “CBrowserHelperObject Object” \InProcServer32(Default) = “C:\Program Files\BAE\BAE.dll” [“Dell Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension” -> {HKLM…CLSID} = “Display Panning CPL Extension” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{5CA3D70E-1895-11CF-8E15-001234567890}” = “DriveLetterAccess” -> {HKLM…CLSID} = “DriveLetterAccess” \InProcServer32(Default) = “C:\WINDOWS\System32\DLA\DLASHX_W.DLL” [“Sonic Solutions”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL” [MS] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Universal Plug and Play Devices” -> {HKLM…CLSID} = “Universal Plug and Play Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{52B87208-9CCF-42C9-B88E-069281105805}” = “Trojan Remover Shell Extension” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Shell Extension” -> {HKLM…CLSID} = “a-squared Free Shell Extension” \InProcServer32(Default) = “C:\Program Files\a-squared Free\a2freecontmenu.dll” [“Emsi Software GmbH”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“GRISOFT s.r.o.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL” [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“lsdelete” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a-squared Free Shell Extension(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Shell Extension” \InProcServer32(Default) = “C:\Program Files\a-squared Free\a2freecontmenu.dll” [“Emsi Software GmbH”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}” -> {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [“Simply Super Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a-squared Free Shell Extension(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Shell Extension” \InProcServer32(Default) = “C:\Program Files\a-squared Free\a2freecontmenu.dll” [“Emsi Software GmbH”] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoCDBurning” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\t\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\scrnsave.scr” [MS] Startup items in “t” & “All Users” startup folders: --------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Dell Network Assistant” -> shortcut to: “C:\WINDOWS\Installer{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe -systray” [null data] “Digital Line Detect” -> shortcut to: “C:\Program Files\Digital Line Detect\DLG.exe” [“BVRP Software”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “OLYMPUS Viewer” -> shortcut to: “C:\Program Files\OLYMPUS\OLYMPUS Viewer\Ov_Monitor.exe” [“OLYMPUS CORPORATION”] Enabled Scheduled Tasks: ------------------------ “McAfee.com Scan for Viruses - My Computer (D399JG2J-t)” -> launches: “c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0” [“McAfee, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\mclsp.dll [“McAfee, Inc.”], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{BA52B914-B692-46C4-B683-905236F6F655}” = “McAfee VirusScan” -> {HKLM…CLSID} = “McAfee VirusScan” \InProcServer32(Default) = “c:\progra~1\mcafee.com\vso\mcvsshl.dll” [“McAfee, Inc.”] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {39FD89BF-D3F1-45B6-BB56-3582CCF489E1}\ “MenuText” = “McAfee AntiPhishing Filter” “CLSIDExtension” = “{7DD73374-7187-4103-8F29-622AA25E7C40}” -> {HKLM…CLSID} = “MyCfgDlgCmdTarget Class” \InProcServer32(Default) = “c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll” [“McAfee, Inc.”] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Free Service, a2free, “C:\Program Files\a-squared Free\a2service.exe” [“Emsi Software GmbH”] Ad-Aware 2007 Service, aawservice, ““C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe”” [“Lavasoft AB”] Advanced Networking Service, hnmsvc, ““C:\Program Files\Dell Network Assistant\hnm_svc.exe”” [“SingleClick Systems”] Autodata Limited License Service, Autodata Limited License Service, ““C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe”” [null data] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“GRISOFT s.r.o.”] Creative Labs Licensing Service, Creative Labs Licensing Service, ““C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe”” [“Creative Labs”] GEARSecurity, GEARSecurity, “C:\WINDOWS\System32\GEARSec.exe” [“GEAR Software”] Intel® PROSet/Wireless Event Log, EvtEng, “C:\Program Files\Intel\Wireless\Bin\EvtEng.exe” [“Intel Corporation”] Intel® PROSet/Wireless Registry Service, RegSrvc, “C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe” [“Intel Corporation”] Intel® PROSet/Wireless Service, S24EventMonitor, “C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe” ["Intel Corporation "] Intel® PROSet/Wireless SSO Service, WLANKEEPER, “C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe” [“Intel® Corporation”] McAfee Personal Firewall Service, MpfService, “C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe” [“McAfee Corporation”] McAfee Task Scheduler, McTskshd.exe, “c:\PROGRA~1\mcafee.com\agent\mctskshd.exe” [“McAfee, Inc”] McAfee WSC Integration, McDetect.exe, “c:\program files\mcafee.com\agent\mcdetect.exe” [“McAfee, Inc”] McAfee.com McShield, McShield, “c:\PROGRA~1\mcafee.com\vso\mcshield.exe” [“McAfee Inc.”] NICCONFIGSVC, NICCONFIGSVC, “C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe” [“Dell Inc.”] Norton Ghost, Norton Ghost, “C:\Program Files\Norton Ghost\Agent\VProSvc.exe” [“Symantec Corporation”] Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC, UserAccess, “C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe” [null data] Symantec Core LC, Symantec Core LC, “C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS] ---------- (launch time: 2007-08-14 18:07:35) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 16 seconds. ---------- (total run time: 52 seconds)