C:\RECYCLER\S-1-5-21-515967899-162531612-839522115-1003\Dc11.exe

[Mercenary Dragon]

Found this on my system with AdAware and now I can't seem to get it to go away. Help!!


Here is the AdAware scan log

Logfile created: 11/8/2009 7:56:46
Lavasoft Ad-Aware version: 8.0.8
Extended engine version: 8.1
User performing scan: Mike

*********************** Definitions database information ***********************
Lavasoft definition file: 149.88
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 243058
Objects detected: 3


Type Detected
==========================
Processes.......: 0
Registry entries: 1
Hostfile entries: 0
Files...........: 2
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Skipped items:
Description: HKLM:HKEY_CLASSES_ROOT\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}: Family Name: unknown Clean status: Success Item ID: 1 Family ID: 0

Quarantined items:
Description: C:\System Volume Information\_restore{29738EDF-543B-4F0F-9399-E166B53629A1}\RP13\A0008022.exe Family Name: Win32.Adware.MeMedia Clean status: Success Item ID: 1327738 Family ID: 2094
Description: C:\RECYCLER\S-1-5-21-515967899-162531612-839522115-1003\Dc11.exe Family Name: Win32.Monitor.SpyBuddy Clean status: Success Item ID: 937664 Family ID: 3212

Scan and cleaning complete: Finished correctly after 8969 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Fri Jul 24 17:35:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Jul 24 17:35:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: DRAGONMA-GQNUHE
Processor name: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Processor identifier: x86 Family 15 Model 107 Stepping 2
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 27394, number of processors 2
Physical memory available: 1263267840 bytes
Physical memory total: 2145824768 bytes
Virtual memory available: 1980641280 bytes
Virtual memory total: 2147352576 bytes
Memory load: 41%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 692 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 756 name: \??\D:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 780 name: \??\D:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 824 name: D:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 836 name: D:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1012 name: D:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1044 name: D:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1116 name: D:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1212 name: D:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1336 name: D:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1412 name: D:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1456 name: D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1612 name: D:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2032 name: D:\WINDOWS\Explorer.EXE owner: Mike domain: DRAGONMA-GQNUHE
PID: 492 name: D:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler. exe owner: SYSTEM domain: NT AUTHORITY
PID: 620 name: D:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 440 name: D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 676 name: D:\WINDOWS\system32\hphmon04.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 744 name: D:\WINDOWS\RTHDCPL.EXE owner: Mike domain: DRAGONMA-GQNUHE
PID: 736 name: D:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 972 name: D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 840 name: D:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1160 name: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 1640 name: D:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 208 name: D:\Program Files\BOINC\boinctray.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3100 name: D:\Program Files\Java\jre6\bin\jusched.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3800 name: D:\Program Files\uTorrent\uTorrent.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 2944 name: D:\Program Files\DAEMON Tools Lite\daemon.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3012 name: D:\PROGRA~1\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1236 name: D:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3096 name: D:\WINDOWS\system32\ctfmon.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3168 name: D:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3312 name: D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3364 name: D:\Program Files\PeerGuardian2\pg2.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3368 name: D:\PROGRA~1\AVG\AVG8\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3644 name: D:\Program Files\AVG\AVG8\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3664 name: D:\Program Files\WallpaperToy\Wallpapertoy.Exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 1072 name: D:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1184 name: D:\WINDOWS\system32\HPHipm11.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1796 name: D:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2452 name: D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2692 name: D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1488 name: D:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2976 name: D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 3956 name: D:\Program Files\BOINC\boinc.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 2296 name: D:\WINDOWS\system32\wuauclt.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 2492 name: D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 2676 name: D:\Program Files\Mozilla Firefox\firefox.exe owner: Mike domain: DRAGONMA-GQNUHE
PID: 1576 name: D:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 532 name: D:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Mike domain: DRAGONMA-GQNUHE

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: UPnPMonitor
imagepath: {e57ce738-33e8-4c51-8354-bb4de9d215d1}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: AVG8_TRAY
imagepath: D:\PROGRA~1\AVG\AVG8\avgtray.exe
Name: HPDJ Taskbar Utility
imagepath: D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
Name: HPHmon04
imagepath: D:\WINDOWS\system32\hphmon04.exe
Name: HPHUPD04
imagepath: "D:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: Acrobat Assistant 8.0
imagepath: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
Name: Adobe_ID0EYTHM
imagepath: D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
Name: boincmgr
imagepath: "D:\Program Files\BOINC\boincmgr.exe" /a /s
Name: boinctray
imagepath: "D:\Program Files\BOINC\boinctray.exe"
Name: NvCplDaemon
imagepath: RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: NvMediaCenter
imagepath: RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name:
Name: NeroFilterCheck
imagepath: D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Name: SunJavaUpdateSched
imagepath: "D:\Program Files\Java\jre6\bin\jusched.exe"
Name:
imagepath: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AudioSrv
displayname: Windows Audio
Name: avg8emc
displayname: AVG Free8 E-mail Scanner
Name: avg8wd
displayname: AVG Free8 WatchDog
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: FLEXnet Licensing Service
displayname: FLEXnet Licensing Service
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NMIndexingService
displayname: NMIndexingService
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: Pml Driver HPH11
displayname: Pml Driver HPH11
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration

[Mercenary Dragon]

And here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:29 PM, on 11/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler. exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
D:\WINDOWS\system32\hphmon04.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\BOINC\boinctray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\WallpaperToy\Wallpapertoy.Exe
D:\WINDOWS\system32\HPHipm11.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\DVD Decrypter\DVDDecrypter.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...7&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - D:\WINDOWS\XviDplg.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [HPHmon04] D:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "D:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [boincmgr] "D:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "D:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SmileboxTray] "D:\Documents and Settings\Mike\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: Wallpaper Changer.lnk = D:\Program Files\WallpaperToy\Wallpapertoy.Exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1253992246515
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD105487-2616-49FC-A9C7-9E8795EA45FD}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - D:\WINDOWS\system32\HPHipm11.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11326 bytes

[Mercenary Dragon]

and here is first half of the silent runners log

"Silent Runners.vbs", revision 60, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"uTorrent" = ""D:\Program Files\uTorrent\uTorrent.exe"" ["BitTorrent, Inc."]
"AlcoholAutomount" = ""D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]
"SmileboxTray" = ""D:\Documents and Settings\Mike\Application Data\Smilebox\SmileboxTray.exe"" ["Smilebox, Inc."]
"DAEMON Tools Lite" = ""D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]
"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"PeerGuardian" = "D:\Program Files\PeerGuardian2\pg2.exe" ["Phoenix Labs"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"AVG8_TRAY" = "D:\PROGRA~1\AVG\AVG8\avgtray.exe" ["AVG Technologies CZ, s.r.o."]
"HPDJ Taskbar Utility" = "D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb 07.exe" ["HP"]
"HPHmon04" = "D:\WINDOWS\system32\hphmon04.exe" ["Hewlett-Packard"]
"HPHUPD04" = ""D:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"" [file not found]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"Acrobat Assistant 8.0" = ""C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."]
"Adobe_ID0EYTHM" = "D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VE RSIO~2.EXE" ["Adobe Systems Incorporated"]
"boincmgr" = ""D:\Program Files\BOINC\boincmgr.exe" /a /s" ["Space Sciences Laboratory"]
"boinctray" = ""D:\Program Files\BOINC\boinctray.exe"" ["Space Sciences Laboratory"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"(Default)" = "(empty string)" [file not found]
"NeroFilterCheck" = "D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"SunJavaUpdateSched" = ""D:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"COMODO Internet Security" = ""D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h" ["COMODO"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ContributeBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

{201f27d4-3704-41d6-89c1-aa35e39143ed}\(Default) = "AskBar BHO"
-> {HKLM...CLSID} = "AskBar BHO"
\InProcServer32\(Default) = "D:\Program Files\AskBarDis\bar\bin\askBar.dll" [file not found]

{376892AE-1825-4E5F-9F85-23F9640051CC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CDNSCacheObj Object"
\InProcServer32\(Default) = "D:\WINDOWS\XviDplg.dll" [null data]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter"
-> {HKLM...CLSID} = "AVG Safe Search"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."]

{A3BC75A2-1F87-4686-AA43-5347D756017C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AVG Security Toolbar BHO"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [null data]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll" ["Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "D:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{B7A69B96-3BCE-453b-A261-3B6C16B907C1}" = "NDS File"
-> {HKLM...CLSID} = "NDS File"
\InProcServer32\(Default) = "D:\Program Files\Evolution Tools\ndsExt.dll" [null data]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "D:\WINDOWS\system32\upnpui.dll" [MS]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "D:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" [null data]

"{6230EF55-8E71-4F40-861A-DBA282584FF5}" = "AVS Video Converter 6"
-> {HKLM...CLSID} = "AVSVideoConverter Object"
\InProcServer32\(Default) = "D:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL" ["Online Media Technologies Ltd."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = " D:\WINDOWS\system32\guard32.dll" ["COMODO"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> avgrsstarter\DLLName = "avgrsstx.dll" ["AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> linkscanner\CLSID = "{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}"
-> {HKLM...CLSID} = "XPLPPFilter Class"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgpp.dll" ["AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

AVS Video Converter 6\(Default) = "{6230EF55-8E71-4F40-861A-DBA282584FF5}"
-> {HKLM...CLSID} = "AVSVideoConverter Object"
\InProcServer32\(Default) = "D:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL" ["Online Media Technologies Ltd."]

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"
-> {HKLM...CLSID} = "Lavasoft Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHa ndlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex \ContextMenuHandlers\

00nView\(Default) = "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

NvCplDesktopContext\(Default) = "{A70C977A-BF00-412C-90B7-034C51DA2439}"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\

{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "D:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" [null data]

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

[Mercenary Dragon]

and the second half of silent runners log


{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"
-> {HKLM...CLSID} = "Lavasoft Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandl ers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\scrnsave.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\AutoplayHandlers\Handlers\

AdobePremiereProCS3CameraArrival\
"Provider" = "Adobe Premiere Pro"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExe cute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

AlcoholAutoPlayV2.BurnDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\Burn Disc\command\(Default) = ""D:\Program Files\Alcohol Soft\Alcohol 120\AlCmd.exe" %1" ["Alcohol Soft Development Team"]

AlcoholAutoPlayV2.ReadDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "ReadDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\Read Disc\command\(Default) = ""D:\Program Files\Alcohol Soft\Alcohol 120\AlCmd.exe" %1" ["Alcohol Soft Development Team"]

BridgeCS3ImportMediaOnArrival\
"Provider" = "Adobe Bridge CS3"
"InvokeProgID" = "Adobe.adobebridge"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\laun ch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

DVDDecrypterPlayDVDMovieOnArrival\
"Provider" = "DVD Decrypter"
"InvokeProgID" = "DVDDecrypter"
"InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt"
HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMo vieOnArrival_Decrypt\Command\(Default) = ""D:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "D:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioTo NeroDigital_PlayCDAudioOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio _HandleCDBurningOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_ PlayMusicFilesOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe /DialogiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDis c_HandleCDBurningOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival "
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchN eroStartSmart_HandleCDBurningOnArrival\command\(De fault) = "D:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAud ioCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD _PlayVideoFilesOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_P layCDAudioOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\Transco deVideo_PlayDVDMovieOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""D:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExe cute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPho tos_ShowPicturesOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]


Startup items in "Mike" & "All Users" startup folders:
------------------------------------------------------

D:\Documents and Settings\Mike\Start Menu\Programs\Startup
"Wallpaper Changer" -> shortcut to: "D:\Program Files\WallpaperToy\Wallpapertoy.Exe" [MS]


Enabled Scheduled Tasks:
------------------------

"Ad-Aware Update (Weekly)" -> launches: "D:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent" ["Lavasoft"]
"Google Software Updater" -> launches: "D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" ["Google"]
"GoogleUpdateTaskMachineCore" -> launches: "D:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "D:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"HP Usg Daily" -> launches: "D:\Program Files\hp photosmart 11\printer\Hphusg04.exe /t" ["Hewlett-Packard"]
"HP Usg Login" -> launches: "D:\Program Files\hp photosmart 11\printer\Hphusg04.exe /t" ["Hewlett-Packard"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "D:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"
-> {HKLM...CLSID} = "AVG Security Toolbar"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [null data]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"
-> {HKLM...CLSID} = "Ask Toolbar"
\InProcServer32\(Default) = "D:\Program Files\AskBarDis\bar\bin\askBar.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" = "AVG Security Toolbar"
-> {HKLM...CLSID} = "AVG Security Toolbar"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [null data]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" = (no title provided)
-> {HKLM...CLSID} = "Ask Toolbar"
\InProcServer32\(Default) = "D:\Program Files\AskBarDis\bar\bin\askBar.dll" [file not found]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided)
-> {HKLM...CLSID} = "Contribute Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}\(Default) = "Ask Toolbar Quick View"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{A3BC75A2-1F87-4686-AA43-5347D756017C}" = (no title provided)
-> {HKLM...CLSID} = "AVG Security Toolbar BHO"
\InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "NavigationFailure" = "res://ieframe.dll/navcancl.htm" [MS]
<<H>> "NavigationCanceled" = "res://ieframe.dll/navcancl.htm" [MS]
<<H>> "OfflineInformation" = "res://ieframe.dll/offcancl.htm" [MS]
<<H>> "PostNotCached" = "res://ieframe.dll/repost.htm" [MS]
<<H>> "InPrivate" = "res://ieframe.dll/inprivate.htm" [MS]
<<H>> "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS]
<<H>> "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS]
<<H>> "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS]
<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #, Bonjour Service, ""D:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
AVG Free8 E-mail Scanner, avg8emc, "D:\PROGRA~1\AVG\AVG8\avgemc.exe" ["AVG Technologies CZ, s.r.o."]
AVG Free8 WatchDog, avg8wd, "D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe" ["AVG Technologies CZ, s.r.o."]
COMODO Internet Security Helper Service, cmdAgent, ""D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"" ["COMODO"]
FLEXnet Licensing Service, FLEXnet Licensing Service, ""D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."]
Java Quick Starter, JavaQuickStarterService, ""D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Lavasoft Ad-Aware Service, Lavasoft Ad-Aware Service, ""D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"" ["Lavasoft"]
NMIndexingService, NMIndexingService, ""D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPH11, Pml Driver HPH11, "D:\WINDOWS\system32\HPHipm11.exe" ["HP"]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
Adobe PDF Port\Driver = "D:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]


---------- (launch time: 2009-11-13 05:14:06)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 65 seconds, including 23 seconds for message boxes)

[osprey4]

You need to post this in a forum that diagnoses malware. TechIMO does not have such a forum.

[no1_vern]

You might try going here, they claim to be able to remove dc11.exe -

DC11.EXE (Derivative 37358632), Prevx

Caveat: I dont know them, nor have I any proof of what they say. Use your head, not your fingers.

[Nude_Lewd_Man]

C:\RECYCLER\S-1-5-21-515967899-162531612-839522115-1003\Dc11.exe
Found this on my system with AdAware and now I can't seem to get it to go away. Help!!

Have you tried going to the "C:\RECYCLER\S-1-5-21-515967899-162531612-839522115-1003\" folder and deleting it out..?

As it is a 'System' folder, it isn't normally shown - but you can either enable the viewing of them, or just type it into the address/run area and access it that way... All it is is the "Recycle Bin" for schtuffs that have been deleted...

[Mercenary Dragon]

It is now gone. Deleted it through the DOS interface and haven't seen anything else pop up about it in the several scans and reboots since. Thanks for the help.