Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirection to various sites + Popups


  • Please log in to reply
34 replies to this topic

#1 GaryCheung

GaryCheung

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 02 January 2009 - 07:45 AM

Hi

Running Windows Vista 32bit

I was told to post a HJT log here by buddy215. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/190760/google-redirect-and-pop-ups/ ~ OB My problem is that google and yahoo redirects me to sites such as 'copy-book.com' and ecata.info, in addition to that there are also lots of very annoying frequent pop-ups. I've tried many methods of getting rid of this but non of them work, I think it could be a DNS Hijacker. Here is my HJT log, thank you:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:23, on 02/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1271732570-1918605504-1425275032-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Gary')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 使€…›‹‰ - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使€…›‹‰…ƒˆŽ - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ao?N﹐A5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Ao?N﹐A5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: AFPI - Sysinternals - www.sysinternals.com - C:\Users\Andy\AppData\Local\Temp\AFPI.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMTIHJB - Sysinternals - www.sysinternals.com - C:\Users\Andy\AppData\Local\Temp\JMTIHJB.exe
O23 - Service: KCJOAKAHHESKYO - Sysinternals - www.sysinternals.com - C:\Users\Andy\AppData\Local\Temp\KCJOAKAHHESKYO.exe
O23 - Service: KIKLZHF - Sysinternals - www.sysinternals.com - C:\Users\Andy\AppData\Local\Temp\KIKLZHF.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OZGBS - Sysinternals - www.sysinternals.com - C:\Users\Andy\AppData\Local\Temp\OZGBS.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WPDSG - Sysinternals - www.sysinternals.com - C:\Users\Andy\AppData\Local\Temp\WPDSG.exe

--
End of file - 8939 bytes

Edited by Orange Blossom, 02 January 2009 - 01:22 PM.


BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 06 January 2009 - 11:10 AM

GaryCheung

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#3 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 January 2009 - 02:12 PM

Hi Bamajim

Thank you for replying. I downloaded Combofix and opened it but I can't use it because it says that my OS is not supported. I'm running Windows Vista.

Gary

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 07 January 2009 - 02:40 PM

GaryCheung

Rt Click and Delete Combofix.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Posted Image
Microsoft MVP - Windows Security

#5 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 09 January 2009 - 06:10 PM

Here is the MBAM scan. Thank you.


Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.0.6000

09/01/2009 23:10:47
mbam-log-2009-01-09 (23-10-47).txt

Scan type: Quick Scan
Objects scanned: 51202
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 12 January 2009 - 09:35 AM

GaryCheung

1. Go HERE and download File Lister.Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
Posted Image
Microsoft MVP - Windows Security

#7 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 15 January 2009 - 02:13 PM

Hi

I can get up to the part where I open FileLister.vbe. It finishes running but I can not produce a log. It gives me this error message:

Cannot find the C:\Files.txt file.

Do you want to create a new file?

It then gives me a blank copy of notepad. Any suggestions?

Gary.

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 16 January 2009 - 09:23 AM

GaryCheung

Very Strange.

Go HERE and Download System Repair Engineer by smallfrogs
Select local downloadSave it to your Desktop
Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
Open the sreng folder
Double click SREngPS.exe->>Click Run
At the main Window, in the left Pane,Select Smart Scan
At the next window make sure all of the boxes are checked and Select Scan
When the scan is complete Select Save reports
Save it to your desktop and Close the tool
Double Click SREngLog.txt copy and paste that log as a reply to this thread
Do not run any other options with this tool unless instructed to do so.
Posted Image
Microsoft MVP - Windows Security

#9 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 16 January 2009 - 05:49 PM

Here it is, Thanks:



2009-01-16,22:46:08

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition  (Build 6000) - Not in Administrators Group - Restricted Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
	<SmpcSys><C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe>  [(Verified)Packard Bell B.V.]
	<ehTray.exe><C:\Windows\ehome\ehTray.exe>  [(Verified)Microsoft Windows]
	<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<Symantec PIF AlertEng><"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll">  [File is missing]
	<MSConfig><"C:\Windows\system32\msconfig.exe" /auto>  [(Verified)Microsoft Windows]
	<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
	<><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows]
	<Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL>  [SuperAdBlocker.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
	<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.dll>  [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]
	<WinlogonNotify: avgwlntf><avgwlntf.dll>  [GRISOFT, s.r.o.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<AppWaxOE><; c:\program files\waxoe\waxoe.exe>  []
	<BitComet><; "C:\Program Files\BitComet\BitComet.exe" /tray>  [(Verified)Comet Network Technology Co Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<CAMP SHIM EXIT HECK><; "C:\ProgramData\JUGS MESS FORD.1ee709">  []
	<ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [File is missing]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<ehTray.exe><; C:\Windows\ehome\ehTray.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<GSISETUP><; H:\FSCOMM~B\setup.exe>  [File is missing]
	<HP Software Update><; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
	<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<MsnMsgr><; "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<NvCplDaemon><; RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvMediaCenter><; RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvSvc><; RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<PLATFORM FIVE FLAG HECK><; "C:\ProgramData\Bait size surf.mcgs5">  []
	<QuickTime Task><; "C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<RoxWatchTray><; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe">  [(Verified)Sonic Solutions]
	<RtHDVCpl><; RtHDVCpl.exe>  [N/A]
	<Scr Comp><; "C:\ProgramData\Idol Grim Grim.yja373o">  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Sidebar><; C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Skytel><; C:\Program Files\Realtek\Audio\HDA\Skytel.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<SmpcSys><; C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe>  [(Verified)Packard Bell B.V.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<SunJavaUpdateSched><; "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<Thunder><; "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
	<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
	<toolbar_eula_launcher><; C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe>  [ ]
	<Windows Defender><; %ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [File is missing]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<WindowsWelcomeCenter><; rundll32.exe oobefldr.dll,ShowWelcomeCenter>  [(Verified)Microsoft Windows]
	<WMPNSCFG><; C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<{37-74-4F-FC-ZN}><; c:\windows\system32\dwdsrngt.exe P2D002>  [File is missing]

==================================
Startup Folders
N/A

==================================
Services
[Norton2009 Reset / .norton2009Reset][Stopped/Disabled]
  <C:\Program Files\Norton2009Reset.exe><>
[AFPI / AFPI][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\AFPI.exe><(File is missing)>
[Apple Mobile Device / Apple Mobile Device][Stopped/Disabled]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler][Running/Auto Start]
  <"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"><Symantec Corporation>
[AvgCoreSvc / AvgCoreSvc][Stopped/Disabled]
  <C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe><GRISOFT, s.r.o.>
[AVG E-mail Scanner / AVGEMS][Stopped/Disabled]
  <C:\PROGRA~1\Grisoft\AVG7\avgemc.exe><GRISOFT, s.r.o.>
[Google Updater Service / gusvc][Running/Auto Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[hpqcxs08 / hpqcxs08][Running/Manual Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[JMTIHJB / JMTIHJB][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\JMTIHJB.exe><(File is missing)>
[KCJOAKAHHESKYO / KCJOAKAHHESKYO][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\KCJOAKAHHESKYO.exe><(File is missing)>
[KIKLZHF / KIKLZHF][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\KIKLZHF.exe><(File is missing)>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE"><Symantec Corporation>
[LiveUpdate Notice Service / LiveUpdate Notice Service][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll><Symantec Corporation>
[MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"><Sony Corporation>
[MSSQL$SONY_MEDIAMGR / MSSQL$SONY_MEDIAMGR][Running/Auto Start]
  <C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR><(File is missing)>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Net Driver HPZ12 / Net Driver HPZ12][Stopped/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZinw12.dll><Hewlett-Packard>
[OZGBS / OZGBS][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\OZGBS.exe><(File is missing)>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"><>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZipm12.dll><Hewlett-Packard>
[RoxMediaDB9 / RoxMediaDB9][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"><Sonic Solutions>
[Roxio Hard Drive Watcher 9 / RoxWatch9][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"><Sonic Solutions>
[SonicStage Back-End Service / SonicStage Back-End Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe"><Sony Corporation>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"><Sony Corporation>
[SQLAgent$SONY_MEDIAMGR / SQLAgent$SONY_MEDIAMGR][Stopped/Manual Start]
  <C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR><(File is missing)>
[SonicStage SCSI Service / SSScsiSV][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe><Sony Corporation>
[stllssvr / stllssvr][Stopped/Manual Start]
  <"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"><MicroVision Development, Inc.>
[WPDSG / WPDSG][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\WPDSG.exe><(File is missing)>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[NETGEAR WG111T USB2.0 Wireless Card Service / AR5523][Stopped/Manual Start]
  <system32\DRIVERS\WG11TND5.sys><NETGEAR, Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Advanced SCSI Programming Interface Driver / ASPI][Stopped/Manual Start]
  <\??\C:\Windows\System32\DRIVERS\ASPI32.sys><Adaptec>
[AvgClean / AvgClean][Running/System Start]
  <\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[AVG Minifilter x86 Resident Driver / AvgMfx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgmfx86.sys><GRISOFT, s.r.o.>
[AvgWFP / AvgWFP][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\avgwfp.sys><N/A>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[catchme / catchme][Stopped/Manual Start]
  <\??\C:\Users\Andy\AppData\Local\Temp\catchme.sys><N/A>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[gmer / gmer][Stopped/Manual Start]
  <System32\DRIVERS\gmer.sys><GMER>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[Driver for MagicISO SCSI Host Controller / mcdbus][Stopped/Manual Start]
  <system32\DRIVERS\mcdbus.sys><N/A>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvlddmkm / nvlddmkm][Running/Manual Start]
  <system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[RkHit / RkHit][Stopped/Manual Start]
  <\??\C:\Windows\system32\drivers\RKHit.sys><N/A>
[Sony Ericsson Device 116 driver (WDM) / s116bus][Stopped/Manual Start]
  <system32\DRIVERS\s116bus.sys><MCCI Corporation>
[Sony Ericsson Device 116 USB WMC Modem Filter / s116mdfl][Stopped/Manual Start]
  <system32\DRIVERS\s116mdfl.sys><MCCI Corporation>
[Sony Ericsson Device 116 USB WMC Modem Driver / s116mdm][Stopped/Manual Start]
  <system32\DRIVERS\s116mdm.sys><MCCI Corporation>
[Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) / s116unic][Stopped/Manual Start]
  <system32\DRIVERS\s116unic.sys><MCCI Corporation>
[SASDIFSV / SASDIFSV][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASENUM / SASENUM][Stopped/Manual Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASKUTIL / SASKUTIL][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SAMSUNG Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdm.sys><MCCI>
[ST330 / ST330][Stopped/Manual Start]
  <system32\drivers\st330.sys><THOMSON Telecom Belgium>
[STBUS / STBUS][Stopped/Manual Start]
  <system32\drivers\stbus.sys><THOMSON Telecom Belgium>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[SymIMMP / SymIMMP][Stopped/Manual Start]
  <system32\DRIVERS\SymIM.sys><N/A>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <System32\drivers\tcpip.sys><Microsoft Corporation>
[Microsoft IPv6 Protocol Driver / Tcpip6][Stopped/Manual Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[viaide / viaide][Running/Boot Start]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>

==================================
Browser Add-ons
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[Click-to-Call BHO]
  {5C255C8A-E604-49b4-9D64-90988571CECB} <C:\Program Files\Windows Live\Messenger\wlchtc.dll, (Signed) Microsoft Corporation>
[Search Helper]
  {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll, (Signed) Google Inc.>
[Windows Live Toolbar Helper]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_05]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[雄捃濘5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[Spybot-S&D IE Protection]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[&Windows Live Toolbar]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\Windows\system32\OGACheckControl.DLL, (Signed) >
[Java Plug-in 1.6.0_01]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[MessengerStatsClient Class]
  {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.5.0_03]
  {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
  {000123B4-9B42-4900-B3F7-F4B073EFC214} <, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\Windows\system32\OGACheckControl.DLL, (Signed) >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\Windows\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
  {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <, >
[&Windows Live Toolbar]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[Click-to-Call BHO]
  {5C255C8A-E604-49B4-9D64-90988571CECB} <C:\Program Files\Windows Live\Messenger\wlchtc.dll, (Signed) Microsoft Corporation>
[]
  {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\ProgramData\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\ProgramData\Thunder Network\KanKan\xdrm.dll_1_work, >
[]
  {69A87B7D-DE56-4136-9655-716BA50C19C7} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
  {6D53EC84-6AAE-4787-AEEE-F4628F01010C} <, >
[Search Helper]
  {6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
  {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[]
  {90222687-F593-4738-B738-FBEE9C7B26DF} <, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[]
  {ADECBED6-0366-4377-A739-E69DFBA04663} <, >
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll, (Signed) Google Inc.>
[]
  {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} <, >
[MessengerStatsClient Class]
  {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll, (Signed) Microsoft Corporation>
[]
  {CA6319C0-31B7-401E-A518-A07C3DB8F777} <, >
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Windows\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[]
  {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
  {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} <, >
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[Windows Live Toolbar Helper]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[&D&ownload &with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&D&ownload all video with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&D&ownload all with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[使用迅雷下載]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下載全部鏈接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
Running Processes
[PID: 1384 / Gary][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.10.9746]
[PID: 3584 / Gary][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3956 / Gary][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\nvcpl.dll]  [NVIDIA Corporation, 7.15.10.9746]
	[C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 7.15.10.9746]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 1, 0, 0]
	[C:\Program Files\MagicISO\misosh.dll]  [MagicISO, Inc., 5, 3, 0, 198]
	[C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL]  [SUPERAntiSpyware.com, 1, 0, 0, 1004]
	[C:\Program Files\Spybot - Search & Destroy\SDHelper.dll]  [Safer Networking Limited, 1, 6, 0, 12]
[PID: 3224 / Gary][C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe]  [Symantec Corporation, 1.2.0.18]
	[C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll]  [Symantec Corporation, 1.2.0.18]
	[C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\AlertUi.dll]  [Symantec Corporation, 1.2.0.18]
[PID: 3568 / Gary][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.1.45]
[PID: 3612 / Gary][C:\Program Files\Windows Live\Messenger\msnmsgr.exe]  [Microsoft Corporation, 14.0.8050.1202]
	[C:\Windows\system32\Macromed\Flash\Flash10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
	[C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.10.9746]
[PID: 1040 / Gary][C:\Windows\ehome\ehtray.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3848 / Gary][C:\Program Files\Windows Media Player\wmpnscfg.exe]  [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 1092 / Gary][C:\Windows\ehome\ehmsas.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1952 / Gary][C:\Windows\System32\mobsync.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Microsoft SQL Server\80\COM\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
[PID: 2980 / Gary][C:\Program Files\Windows Live\Contacts\wlcomm.exe]  [Microsoft Corporation, 14.0.8050.1202]
[PID: 820 / Gary][C:\Windows\system32\sdclt.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3168 / Gary][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.5]
	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.5]
	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.5.9]
	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.1]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.1]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.1]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.5]
	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.5]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll]  [N/A, ]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\piclens19.dll]  [N/A, ]
	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.5]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.72]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\avutil-49.dll]  [N/A, ]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll]  [N/A, ]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\avformat-52.dll]  [N/A, ]
	[C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.10.9746]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\freetype.dll]  [N/A, ]
	[C:\Windows\system32\Macromed\Flash\NPSWF32.dll]  [, ]
[PID: 2236 / Gary][C:\Users\Gary\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 452 / Gary][C:\Users\Gary\Desktop\SRE47b56a2f.EXE]  [Smallfrogs Studio, 2.7.0.1210]
	[C:\Users\Gary\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  Error. ["%1" %*"]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  Error. [%SystemRoot%\System32\NOTEPAD.EXE %1"]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
[C:\]
[autorun]
;bskxcjhmbqqvfmrriveinrtpixrxbsfpnlsezsspskzarmxvdtlyairxajsaevcqgxjdsbiedurfekipns
shellexecute="resycled\boot.com c:"
;uowknlulwxbkamswivfkhhedzovqudcwvxmjhltwjmthnkdtzheocciadqpcocbfnmejfecgzy
shell\Open\command="resycled\boot.com c:"
;v

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
[Enabled] \\Recovery DVD Creator
		C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe 
[Enabled] \\SDMsgUpdate (TE)
		C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe -PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
[Enabled] \\{70D5B8FF-9241-4CA5-9F1B-B59C4311E1C9}
		C:\Windows\system32\pcalua.exe -a "C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBRWLQ0\download[1].exe" -d C:\Users\Andy
[Enabled] \\{CE50A441-A04B-45E2-BF71-54FD0374E645}
		C:\Windows\system32\pcalua.exe -a C:\Users\Andy\Desktop\STOPzilla_Setup.exe -d C:\Users\Andy\Desktop
[Enabled] \Apple\AppleSoftwareUpdate
		C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
[Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
		BthUdTask.exe $(Arg0)
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
		N/A 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
		%SystemRoot%\System32\wsqmcons.exe 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
		%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[Enabled] \Microsoft\Windows\Defrag\ManualDefrag
		%windir%\system32\defrag.exe -c
[Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
		%windir%\system32\defrag.exe -c -i
[Enabled] \Microsoft\Windows\Media Center\ehDRMInit
		%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[Enabled] \Microsoft\Windows\Media Center\mcupdate
		%SystemRoot%\ehome\mcupdate $(Arg0) -gc
[Enabled] \Microsoft\Windows\Media Center\OCURActivate
		%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[Enabled] \Microsoft\Windows\Media Center\OCURDiscovery
		%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery
[Enabled] \Microsoft\Windows\Media Center\UpdateRecordPath
		%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[Enabled] \Microsoft\Windows\MobilePC\HotStart
		N/A 
[Enabled] \Microsoft\Windows\MobilePC\TMM
		N/A 
[Enabled] \Microsoft\Windows\MUI\LPRemove
		%windir%\system32\lpremove.exe 
[Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
		N/A 
[Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
		N/A 
[Enabled] \Microsoft\Windows\Shell\CrawlStartPages
		N/A 
[Disabled] \Microsoft\Windows\SideShow\AutoWake
		N/A 
[Enabled] \Microsoft\Windows\SideShow\GadgetManager
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SessionAgent
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SystemDataProviders
		N/A 
[Enabled] \Microsoft\Windows\SystemRestore\SR
		%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
		sc.exe config upnphost start= auto
[Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
		%windir%\system32\wermgr.exe -queuereporting
[Enabled] \Microsoft\Windows\WindowsBackup\AutomaticBackup
		%systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
[Enabled] \Microsoft\Windows\WindowsBackup\CheckFull
		sdclt.exe /CHECKFULL
[Enabled] \Microsoft\Windows\WindowsBackup\Windows Backup Monitor
		sdclt.exe /DETECTFAILURE
[Enabled] \Microsoft\Windows\WindowsCalendar\Reminders - Gary
		C:\Program Files\Windows Calendar\WinCal.exe /reminder
[Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
		%windir%\system32\gatherWiredInfo.vbs 
[Enabled] \Microsoft\Windows\Wireless\GatherWirelessInfo
		%windir%\system32\gatherWirelessInfo.vbs 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


#10 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 19 January 2009 - 09:33 AM

GaryCheung

Sorry for the Delay.

It will take a couple of runs at this to fix so please be patient

1. Rerun SRE2

In the Left Pane Select System Repair

In the Right pane,under the File Association Tab
Place checks in the boxes beside these 2 entries

.PIF Error. ["%1" %*"]
.INI Error. [%SystemRoot%\System32\NOTEPAD.EXE %1"]


And Select the Repair button.

In the Left pane Select Boot Items

In the Right pane under the Services tab, Select the Drivers button
Another winodw will open
Locate under Service NameRkHit / RkHit
Highlite that Service
Select the Delete Service Radio button
Then Select Set
Another window will open Select No to delete the service
A confirmation window will open Select O.k.
Then Exit

Close SRE2->>Reboot your PC->> Rerun SRE2 and post a fresh SRE2 log
Posted Image
Microsoft MVP - Windows Security

#11 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 19 January 2009 - 07:38 PM

Thank you bamajim, here is a fresh SRE2 log:



2009-01-20,00:35:18

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition  (Build 6000) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<BitComet><; "C:\Program Files\BitComet\BitComet.exe" /tray>  [(Verified)Comet Network Technology Co Ltd.]
	<msnmsgr><; "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
	<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe>  [(Verified)Safer Networking Ltd.]
	<AppWaxOE><; c:\program files\waxoe\waxoe.exe>  []
	<ehTray.exe><; C:\Windows\ehome\ehTray.exe>  [(Verified)Microsoft Windows]
	<Sidebar><; C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [(Verified)Microsoft Windows]
	<SmpcSys><; C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe>  [(Verified)Packard Bell B.V.]
	<WindowsWelcomeCenter><; rundll32.exe oobefldr.dll,ShowWelcomeCenter>  [(Verified)Microsoft Windows]
	<WMPNSCFG><; C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<Symantec PIF AlertEng><"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll">  [File is missing]
	<MSConfig><"C:\Windows\system32\msconfig.exe" /auto>  [(Verified)Microsoft Windows]
	<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
	<Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<CAMP SHIM EXIT HECK><; "C:\ProgramData\JUGS MESS FORD.1ee709">  []
	<ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [File is missing]
	<GSISETUP><; H:\FSCOMM~B\setup.exe>  [File is missing]
	<HP Software Update><; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
	<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<NvCplDaemon><; RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvMediaCenter><; RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvSvc><; RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<PLATFORM FIVE FLAG HECK><; "C:\ProgramData\Bait size surf.mcgs5">  []
	<QuickTime Task><; "C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<RoxWatchTray><; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe">  [(Verified)Sonic Solutions]
	<RtHDVCpl><; RtHDVCpl.exe>  [N/A]
	<Scr Comp><; "C:\ProgramData\Idol Grim Grim.yja373o">  []
	<Skytel><; C:\Program Files\Realtek\Audio\HDA\Skytel.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<SunJavaUpdateSched><; "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<Thunder><; "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
	<toolbar_eula_launcher><; C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe>  [ ]
	<Windows Defender><; %ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [File is missing]
	<{37-74-4F-FC-ZN}><; c:\windows\system32\dwdsrngt.exe P2D002>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
	<><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows]
	<Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL>  [SuperAdBlocker.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
	<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.dll>  [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]
	<WinlogonNotify: avgwlntf><avgwlntf.dll>  [GRISOFT, s.r.o.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Control Panel\Desktop]
	<SCRNSAVE.EXE><C:\Windows\DREAMA~1.SCR>  [File is missing]

==================================
Startup Folders
N/A

==================================
Services
[Norton2009 Reset / .norton2009Reset][Stopped/Disabled]
  <C:\Program Files\Norton2009Reset.exe><>
[AFPI / AFPI][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\AFPI.exe><(File is missing)>
[Apple Mobile Device / Apple Mobile Device][Stopped/Disabled]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler][Running/Auto Start]
  <"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"><Symantec Corporation>
[AvgCoreSvc / AvgCoreSvc][Stopped/Disabled]
  <C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe><GRISOFT, s.r.o.>
[AVG E-mail Scanner / AVGEMS][Stopped/Disabled]
  <C:\PROGRA~1\Grisoft\AVG7\avgemc.exe><GRISOFT, s.r.o.>
[Google Updater Service / gusvc][Running/Auto Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[hpqcxs08 / hpqcxs08][Running/Manual Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[JMTIHJB / JMTIHJB][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\JMTIHJB.exe><(File is missing)>
[KCJOAKAHHESKYO / KCJOAKAHHESKYO][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\KCJOAKAHHESKYO.exe><(File is missing)>
[KIKLZHF / KIKLZHF][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\KIKLZHF.exe><(File is missing)>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE"><Symantec Corporation>
[LiveUpdate Notice Service / LiveUpdate Notice Service][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll><Symantec Corporation>
[MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"><Sony Corporation>
[MSSQL$SONY_MEDIAMGR / MSSQL$SONY_MEDIAMGR][Running/Auto Start]
  <C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Net Driver HPZ12 / Net Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZinw12.dll><Hewlett-Packard>
[OZGBS / OZGBS][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\OZGBS.exe><(File is missing)>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"><>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZipm12.dll><Hewlett-Packard>
[RoxMediaDB9 / RoxMediaDB9][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"><Sonic Solutions>
[Roxio Hard Drive Watcher 9 / RoxWatch9][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"><Sonic Solutions>
[SonicStage Back-End Service / SonicStage Back-End Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe"><Sony Corporation>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"><Sony Corporation>
[SQLAgent$SONY_MEDIAMGR / SQLAgent$SONY_MEDIAMGR][Stopped/Manual Start]
  <C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR><Microsoft Corporation>
[SonicStage SCSI Service / SSScsiSV][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe><Sony Corporation>
[stllssvr / stllssvr][Stopped/Manual Start]
  <"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"><MicroVision Development, Inc.>
[WPDSG / WPDSG][Stopped/Manual Start]
  <C:\Users\Andy\AppData\Local\Temp\WPDSG.exe><(File is missing)>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[NETGEAR WG111T USB2.0 Wireless Card Service / AR5523][Stopped/Manual Start]
  <system32\DRIVERS\WG11TND5.sys><NETGEAR, Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Advanced SCSI Programming Interface Driver / ASPI][Stopped/Manual Start]
  <\??\C:\Windows\System32\DRIVERS\ASPI32.sys><Adaptec>
[AvgClean / AvgClean][Running/System Start]
  <\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[AVG Minifilter x86 Resident Driver / AvgMfx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgmfx86.sys><GRISOFT, s.r.o.>
[AvgWFP / AvgWFP][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\avgwfp.sys><N/A>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[catchme / catchme][Stopped/Manual Start]
  <\??\C:\Users\Andy\AppData\Local\Temp\catchme.sys><N/A>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[gmer / gmer][Stopped/Manual Start]
  <System32\DRIVERS\gmer.sys><GMER>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[Driver for MagicISO SCSI Host Controller / mcdbus][Stopped/Manual Start]
  <system32\DRIVERS\mcdbus.sys><N/A>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvlddmkm / nvlddmkm][Running/Manual Start]
  <system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[Sony Ericsson Device 116 driver (WDM) / s116bus][Stopped/Manual Start]
  <system32\DRIVERS\s116bus.sys><MCCI Corporation>
[Sony Ericsson Device 116 USB WMC Modem Filter / s116mdfl][Stopped/Manual Start]
  <system32\DRIVERS\s116mdfl.sys><MCCI Corporation>
[Sony Ericsson Device 116 USB WMC Modem Driver / s116mdm][Stopped/Manual Start]
  <system32\DRIVERS\s116mdm.sys><MCCI Corporation>
[Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) / s116unic][Stopped/Manual Start]
  <system32\DRIVERS\s116unic.sys><MCCI Corporation>
[SASDIFSV / SASDIFSV][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASENUM / SASENUM][Stopped/Manual Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASKUTIL / SASKUTIL][Running/System Start]
  <\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SAMSUNG Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdm.sys><MCCI>
[ST330 / ST330][Stopped/Manual Start]
  <system32\drivers\st330.sys><THOMSON Telecom Belgium>
[STBUS / STBUS][Stopped/Manual Start]
  <system32\drivers\stbus.sys><THOMSON Telecom Belgium>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[SymIMMP / SymIMMP][Stopped/Manual Start]
  <system32\DRIVERS\SymIM.sys><N/A>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <System32\drivers\tcpip.sys><Microsoft Corporation>
[Microsoft IPv6 Protocol Driver / Tcpip6][Stopped/Manual Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[viaide / viaide][Running/Boot Start]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>

==================================
Browser Add-ons
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[Click-to-Call BHO]
  {5C255C8A-E604-49b4-9D64-90988571CECB} <C:\Program Files\Windows Live\Messenger\wlchtc.dll, (Signed) Microsoft Corporation>
[Search Helper]
  {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll, (Signed) Google Inc.>
[Windows Live Toolbar Helper]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_05]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[雄捃濘5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[Spybot-S&D IE Protection]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[&Windows Live Toolbar]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\Windows\system32\OGACheckControl.DLL, (Signed) >
[Java Plug-in 1.6.0_05]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[MessengerStatsClient Class]
  {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.5.0_03]
  {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
  {00000000-0000-0000-0000-000000000000} <, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[]
  {0288A0FE-F9C4-75A7-9659-F19AA11FD9FC} <, >
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[]
  {03F998B2-0E00-11D3-A498-00104B6EB52E} <, >
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\Windows\system32\OGACheckControl.DLL, (Signed) >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0CCA191D-13A6-4E29-B746-314DEE697D83} <, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, (Signed) N/A>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\Windows\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
  {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <, >
[]
  {2019DC25-D1C0-11D6-97B3-0008A124F542} <, >
[]
  {21C4E4B2-40F7-4E77-BF19-8BED7187BB55} <, >
[&Windows Live Toolbar]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XSL Template]
  {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[]
  {377B5106-3B4E-4A2D-8520-8767590CAC86} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <%SystemRoot%\System32\hhctrl.ocx, (Signed) N/A>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, (Signed) Safer Networking Limited>
[Click-to-Call BHO]
  {5C255C8A-E604-49B4-9D64-90988571CECB} <C:\Program Files\Windows Live\Messenger\wlchtc.dll, (Signed) Microsoft Corporation>
[]
  {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <, >
[]
  {5F8469B4-B055-49DD-83F7-62B522420ECC} <, >
[]
  {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\ProgramData\Thunder Network\KanKan\xplayer.dll_1_work, >
[DivXBrowserPlugin Object]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\ProgramData\Thunder Network\KanKan\xdrm.dll_1_work, >
[]
  {69A87B7D-DE56-4136-9655-716BA50C19C7} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
  {6D53EC84-6AAE-4787-AEEE-F4628F01010C} <, >
[Search Helper]
  {6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[Windows Media Services DRM Storage object]
  {760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\Windows\System32\msnetobj.dll, (Signed) Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
  {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <c:\Windows\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <c:\Windows\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Java Plug-in 1.6.0_05]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[]
  {90222687-F593-4738-B738-FBEE9C7B26DF} <, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\Windows\System32\msnetobj.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(171).dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {ADECBED6-0366-4377-A739-E69DFBA04663} <, >
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll, (Signed) Google Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, (Signed) N/A>
[MessengerStatsClient Class]
  {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll, (Signed) Microsoft Corporation>
[Microsoft Office 12 Authorization Control]
  {C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~3\Office12\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[]
  {CA6319C0-31B7-401E-A518-A07C3DB8F777} <, >
[]
  {CA82EE04-28D3-F048-12CD-DD0ED9DB11C6} <, >
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[]
  {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} <, >
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Windows\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[]
  {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, >
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[iTunesDetector Class]
  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Inc.>
[]
  {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} <, >
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.>
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <, >
[]
  {E13AAC70-70AE-4988-808C-B267F2C20E79} <, >
[Windows Live Toolbar Helper]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.171.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[]
  {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.177.(171).dll, Thunder>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document]
  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, (Signed) RealNetworks, Inc.>
[&D&ownload &with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&D&ownload all video with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&D&ownload all with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000, N/A>
[使用迅雷下載]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下載全部鏈接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
Running Processes
[PID: 408 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 536 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 584 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 596 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 628 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 640 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 648 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 768 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 856 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 912 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 956 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1044 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1100 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1148 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1276 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16509 (vista_gdr.070620-1500)]
[PID: 1328 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1512 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1720 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\System32\hpz3l4v2.dll]  [Hewlett-Packard Company, 61.063.249.00]
	[C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpp4v2.dll]  [Hewlett-Packard Corporation, 61.063.249.00]
[PID: 1744 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2008 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe]  [Google, 2.4.1368.5602.beta]
[PID: 2040 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\program files\hp\digital imaging\bin\hpqddsvc.dll]  [Hewlett-Packard Co., 82.0.233.000]
	[c:\program files\hp\digital imaging\bin\hpqddcmn.dll]  [Hewlett-Packard Co., 82.0.233.000]
	[c:\program files\hp\digital imaging\bin\hpqcxs08.dll]  [Hewlett-Packard Co., 82.0.233.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 82.0.233.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 82.0.233.000]
[PID: 524 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe]  [Symantec Corporation, 1.2.0.18]
	[C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll]  [Symantec Corporation, 1.2.0.18]
[PID: 1216 / Gary][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.10.9746]
[PID: 1496 / SYSTEM][C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0760.00]
	[C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
	[C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
	[C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
	[C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\Resources\1033\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0760.00]
	[C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0766.00]
	[C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0534.00]
	[C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0760.00]
[PID: 1596 / Gary][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 1, 0, 0]
	[C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL]  [SUPERAntiSpyware.com, 1, 0, 0, 1004]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\MagicISO\misosh.dll]  [MagicISO, Inc., 5, 3, 0, 198]
[PID: 1848 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzinw12.dll]  [Hewlett-Packard, 12,1,1,54]
[PID: 1788 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzipm12.dll]  [Hewlett-Packard, 12,1,1,54]
[PID: 744 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2256 / Gary][C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe]  [Symantec Corporation, 1.2.0.18]
	[C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll]  [Symantec Corporation, 1.2.0.18]
[PID: 2320 / Gary][C:\Program Files\Windows Live\Messenger\msnmsgr.exe]  [Microsoft Corporation, 14.0.8050.1202]
[PID: 2332 / SYSTEM][C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe]  [Microsoft Corp., 1.2.121.0]
[PID: 2408 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\hpowiav1.dll]  [Hewlett-Packard, 8.1.0.52]
[PID: 2496 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2556 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2764 / LOCAL SERVICE][C:\Windows\system32\WUDFHost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2828 / SYSTEM][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2884 / Gary][C:\Windows\System32\mobsync.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Microsoft SQL Server\80\COM\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
[PID: 2948 / Gary][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 7.15.10.9746]
[PID: 12 / Gary][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.5]
	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.5]
	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.5.9]
	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.1]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.1]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.1]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.5]
	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.5]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll]  [N/A, ]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\piclens19.dll]  [N/A, ]
	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.5]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.72]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\avutil-49.dll]  [N/A, ]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll]  [N/A, ]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\avformat-52.dll]  [N/A, ]
	[C:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.10.9746]
	[C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\kj0bukaw.default\extensions\piclens@cooliris.com\libs\freetype.dll]  [N/A, ]
[PID: 3924 / Andy][C:\Users\Gary\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3940 / Andy][C:\Users\Gary\Desktop\SRE47b56a2f.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3432 / SYSTEM][C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe]  [Symantec Corporation, 3.4.0.162]

==================================
File Associations
.TXT  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
[C:\]
[autorun]
;bskxcjhmbqqvfmrriveinrtpixrxbsfpnlsezsspskzarmxvdtlyairxajsaevcqgxjdsbiedurfekipns
shellexecute="resycled\boot.com c:"
;uowknlulwxbkamswivfkhhedzovqudcwvxmjhltwjmthnkdtzheocciadqpcocbfnmejfecgzy
shell\Open\command="resycled\boot.com c:"
;v

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
[Enabled] \\Recovery DVD Creator
		C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe 
[Enabled] \\SDMsgUpdate (TE)
		C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe -PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
[Enabled] \\{70D5B8FF-9241-4CA5-9F1B-B59C4311E1C9}
		C:\Windows\system32\pcalua.exe -a "C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBRWLQ0\download[1].exe" -d C:\Users\Andy
[Enabled] \\{CE50A441-A04B-45E2-BF71-54FD0374E645}
		C:\Windows\system32\pcalua.exe -a C:\Users\Andy\Desktop\STOPzilla_Setup.exe -d C:\Users\Andy\Desktop
[Enabled] \Apple\AppleSoftwareUpdate
		C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
[Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
		BthUdTask.exe $(Arg0)
[Enabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
		N/A 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
		%SystemRoot%\System32\wsqmcons.exe 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
		%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[Enabled] \Microsoft\Windows\Defrag\ManualDefrag
		%windir%\system32\defrag.exe -c
[Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
		%windir%\system32\defrag.exe -c -i
[Enabled] \Microsoft\Windows\Media Center\ehDRMInit
		%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[Enabled] \Microsoft\Windows\Media Center\mcupdate
		%SystemRoot%\ehome\mcupdate $(Arg0) -gc
[Enabled] \Microsoft\Windows\Media Center\OCURActivate
		%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[Enabled] \Microsoft\Windows\Media Center\OCURDiscovery
		%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery
[Enabled] \Microsoft\Windows\Media Center\UpdateRecordPath
		%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[Enabled] \Microsoft\Windows\MobilePC\HotStart
		N/A 
[Enabled] \Microsoft\Windows\MobilePC\TMM
		N/A 
[Enabled] \Microsoft\Windows\MUI\LPRemove
		%windir%\system32\lpremove.exe 
[Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
		N/A 
[Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
		N/A 
[Enabled] \Microsoft\Windows\Shell\CrawlStartPages
		N/A 
[Disabled] \Microsoft\Windows\SideShow\AutoWake
		N/A 
[Enabled] \Microsoft\Windows\SideShow\GadgetManager
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SessionAgent
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SystemDataProviders
		N/A 
[Enabled] \Microsoft\Windows\SystemRestore\SR
		%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
		sc.exe config upnphost start= auto
[Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
		%windir%\system32\wermgr.exe -queuereporting
[Enabled] \Microsoft\Windows\WindowsBackup\AutomaticBackup
		%systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
[Enabled] \Microsoft\Windows\WindowsBackup\CheckFull
		sdclt.exe /CHECKFULL
[Enabled] \Microsoft\Windows\WindowsBackup\Windows Backup Monitor
		sdclt.exe /DETECTFAILURE
[Enabled] \Microsoft\Windows\WindowsCalendar\Reminders - Gary
		C:\Program Files\Windows Calendar\WinCal.exe /reminder
[Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
		%windir%\system32\gatherWiredInfo.vbs 
[Enabled] \Microsoft\Windows\Wireless\GatherWirelessInfo
		%windir%\system32\gatherWirelessInfo.vbs 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


#12 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 20 January 2009 - 11:26 AM

GaryCheung

Made some progress there. Let's do this next.

Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security

#13 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 23 January 2009 - 06:52 PM

Sorry bamajim there seems to be a problem. Every time before the online scan completes I seem to get the 'Blue Screen' every time. Any other possible step?

Thanks

#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 26 January 2009 - 10:27 AM

GaryCheung

I have a list of Services I want you to remove using SRE2

Rerun SRE2

In the Left pane Select Boot Items

In the Right pane under the Services tab, Select the Drivers button
Another winodw will open
Locate under Service Name (One at a time)

WPDSG / WPDSG

OZGBS / OZGBS

JMTIHJB / JMTIHJB

KCJOAKAHHESKYO / KCJOAKAHHESKYO

KIKLZHF / KIKLZHF

Norton2009 Reset / .norton2009Reset

AFPI / AFPI


Highlite that Service
Select the Delete Service Radio button
Then Select Set
Another window will open Select No to delete the service
A confirmation window will open Select O.k.
Repeat the process for all of the Service Names listed
Then Exit

Close SRE2->>Reboot your PC->> Rerun SRE2 and post a fresh SRE2 log
Posted Image
Microsoft MVP - Windows Security

#15 GaryCheung

GaryCheung
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 26 January 2009 - 06:20 PM

bamajim

Did you mean under the 'Win32 Services' tab instead of drivers tabs. All the lists of services you stated were under the 'Win32 Services' tab not the drivers tab. Should I delete them from there instead?

Gary




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users