Here's the log:
"Silent Runners.vbs", revision 64,
http://www.silentrunners.org/Operating System: Microsoft Windows XP Home Edition Service Pack 3 (32-bit)
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe [MS]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe [Ahead Software Gmbh]
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [Cyberlink Corp.]
InCD = C:\Program Files\Ahead\InCD\InCD.exe [Ahead Software AG]
SoundMan = SOUNDMAN.EXE [Realtek Semiconductor Corp.]
VTTimer = VTTimer.exe [S3 Graphics, Inc.]
VTTrayp = VTtrayp.exe [S3 Graphics Co., Ltd.]
PhoneTray = C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe [null data]
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [RealNetworks, Inc.]
egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [ESET]
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated]
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM…CLSID} = Adobe PDF Reader Link Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM…CLSID} = RealPlayer Download and Record Plugin for Internet Explorer
\InProcServer32\(Default) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [Oracle Corporation]
{ba14329e-9550-4989-b3f2-9732e92d17cc}\(Default) = Vuze Remote
-> {HKLM…CLSID} = Vuze Remote Toolbar
\InProcServer32\(Default) = C:\Program Files\Vuze_Remote\prxtbVuz0.dll [Conduit Ltd.]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext
-> {HKLM…CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]
{950FF917-7A57-46BC-8017-59D9BF474000} = Shell Extension for CDRW
-> {HKLM…CLSID} = Shell Extension for CDRW
\InProcServer32\(Default) = C:\Program Files\Ahead\InCD\incdshx.dll [Ahead Software AG]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM…CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRar\rarext.dll [null data]
{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
-> {HKLM…CLSID} = Microsoft Office Outlook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
-> {HKLM…CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll [MS]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
-> {HKLM…CLSID} = RealOne Player Context Menu Class
\InProcServer32\(Default) = c:\program files\real\realplayer\rpshell.dll [RealNetworks, Inc.]
{B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension
-> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension
\InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
-> {HKLM…CLSID} = WPDShServiceObj Class
\InProcServer32\(Default) = C:\WINDOWS\system32\WPDShServiceObj.dll [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = {807553E5-5146-11D5-A672-00B0D022E945}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<> mso-offdap11\CLSID = {32505114-5902-49B2-880A-1F7738E5A384}
-> {HKLM…CLSID} = Data Page Plugable Protocal mso-offdap11 Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D}
-> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension
\InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET]
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRar\rarext.dll [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRar\rarext.dll [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRar\rarext.dll [null data]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
InCDMenu\(Default) = {950FF917-7A57-46BC-8017-59D9BF474000}
-> {HKLM…CLSID} = Shell Extension for CDRW
\InProcServer32\(Default) = C:\Program Files\Ahead\InCD\incdshx.dll [Ahead Software AG]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM…CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D}
-> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension
\InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET]
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRar\rarext.dll [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRar\rarext.dll [null data]
Default executables:
--------------------
<> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Attachment Manager|
Do not preserve zone information in file attachments}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Documents and Settings\Boyd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MPCPlayCDAudioOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe %1 /cd [Gabest]
MPCPlayDVDMovieOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe %1 /dvd [Gabest]
MPCPlayMusicFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe %1 [Gabest]
MPCPlayVideoFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe %1 [Gabest]
MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]
NeroAutoPlayEmptyCD\
Provider = Nero StartSmart
InvokeProgID = Nero.AutoPlay
InvokeVerb = EmptyCD
HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = "C:\Program Files\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L [Ahead Software AG]
NeroAutoPlayInCDAutorunEmptyCD\
Provider = InCD
InvokeProgID = Nero.AutoPlay
InvokeVerb = InCDAutorunEmptyCD
HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\InCDAutorunEmptyCD\command\(Default) = C:\Program Files\Ahead\InCD\InCDL.exe [Ahead Software AG]
PDVDPlayDVDMovieOnArrival\
Provider = PowerDVD
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" [CyberLink Corp.]
RPCDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.]
RPDeviceOnArrival\
Provider = RealPlayer
ProgID = RealPlayer.HWEventHandler
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2}
-> {HKLM…CLSID} = RealNetworks Scheduler
\LocalServer32\(Default) = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay [RealNetworks, Inc.]
RPDVDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.]
RPPlayCDAudioOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /play %1 [RealNetworks, Inc.]
RPPlayDVDMovieOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 [RealNetworks, Inc.]
RPPlayMediaOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.]
VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file
cdda:///%1 [VideoLAN]
VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file
dvd:///%1 [VideoLAN]
VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file
vcd:///%1 [VideoLAN]
VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file
vcd:///%1 [VideoLAN]
VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\