"Silent Runners.vbs", revision 59,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Yahoo! Pager" = ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."]
"EA Core" = ""C:\Program Files\Electronic Arts\EADM\Core.exe" -silent" ["Electronic Arts"]
"Aim6" = "(empty string)" [file not found]
"Cognac" = "C:\DOCUME~1\Owner\LOCALS~1\Temp\b.exe" [file not found]
"braviax" = "C:\WINDOWS\system32\braviax.exe" [file not found]
"OE" = "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" ["Trend Micro Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"exec" = "C:\WINDOWS\system32\mstjo.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"basicsmssmenu" = ""C:\Documents and Settings\Owner\My Documents\Basics Status\MaxMenuMgrBasics.exe"" ["Maxtor Corporation"]
"UIUCU" = ""C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE" -CLEAN_UP -S" [file not found]
"SoundMAXPnP" = ""C:\Program Files\Analog Devices\Core\smax4pnp.exe"" ["Analog Devices, Inc."]
"AppleSyncNotifier" = ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"" ["Apple Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"{A3-3C-C9-92-DW}" = ""C:\WINDOWS\system32\dwwnw64r.exe" DWrvgFF" [file not found]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"RealTray" = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"CTSysVol" = ""C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]
"18485314" = "C:\Documents and Settings\All Users\Application Data\18485314\18485314.exe" [file not found]
"braviax" = "C:\WINDOWS\system32\braviax.exe" [file not found]
"sysldtray" = "C:\windows\ld12.exe" [file not found]
"pp" = "c:\windows\pp10.exe" [file not found]
"PC Security 2009" = ""C:\Program Files\PC_Security2009\PC_Security2009.exe" /hide" [file not found]
"sysfbtray" = "c:\windows\freddy49.exe" [file not found]
"UfSeAgnt.exe" = ""C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"" ["Trend Micro Inc."]
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow! Plus\shlext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension"
-> {HKLM...CLSID} = "FileTimeShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Protection System extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Protection System\CoreExt.dll" [empty string]
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"
-> {HKLM...CLSID} = "TMD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll" ["Trend Micro Inc."]
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"
-> {HKLM...CLSID} = "VBPropSheet"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security\VBProp.dll" ["Trend Micro Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> "{38101905-D80F-4788-96F6-986A8186178A}" = "*g" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\flashd32.dll" [null data]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<> "Notification Packages" = ""|"scecli"|"scecli"|"scecli"|"scecli"
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<> ("" [file not found]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,"
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
SimpleShlExt\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Protection System\CoreExt.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
SimpleShlExt\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Protection System\CoreExt.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
Default executables:
--------------------
<> HKLM\SOFTWARE\Classes\.bat\(Default) = "csfile"
<> HKLM\SOFTWARE\Classes\csfile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshrp.exe "%1" %*" [file not found]
<> HKLM\SOFTWARE\Classes\.com\(Default) = "csfile"
<> HKLM\SOFTWARE\Classes\csfile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshrp.exe "%1" %*" [file not found]
<> HKLM\SOFTWARE\Classes\.exe\(Default) = "csfile"
<> HKLM\SOFTWARE\Classes\csfile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshrp.exe "%1" %*" [file not found]
HKLM\SOFTWARE\Classes\.scr\(Default) = "scrfile"
<> HKLM\SOFTWARE\Classes\scrfile\shell\open\command\(Default) = ""%1" %*" [file not found]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"ForceClassicControlPanel" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"AllowLegacyWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"AllowUnhashedWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000
{Hide Desktop tab}
"NoDispScrSavPage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"EnableProfileQuota" = (REG_DWORD) dword:0x00000001
{unrecognized setting}