Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hello4


  • This topic is locked This topic is locked
7 replies to this topic

#1 bruce_m

bruce_m

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 August 2011 - 10:52 PM

The other night I had a pop up and tried to close it.. had to confirm the closing of the window. After that I get this nasty bunch of blank windows popping up (hello4)

Some of the processes in the task manager that I don't recognize include multiple isuspm.exe and QTTask.exe.

I tried to system restore back a few months and I get the message saying that it is unable to restore back to the chosen point. I have tried multiple times but no success.

Please help !! I've run MBAM and it finds nothing.

Bruce
Windows XP Pro

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by bruce_m, 22 August 2011 - 09:22 AM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:10 AM

Posted 22 August 2011 - 11:40 AM

Hello.

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image


Please post the contents of the file in your next reply.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 bruce_m

bruce_m
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 August 2011 - 08:45 PM

I wasn't able to get it to run in normal mode.. it would open a "black window" and run a diagnostic then close, with no option to run or save anything.

So this is the result from running the "AutoRuns" in safe mode. I hope this is what you need.
Thanks.


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "" "" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "" "" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "COMODO SafeSurf" "" "" "c:\program files\comodo\safesurf\cssurf.exe"
+ "conhost" "" "" "c:\documents and settings\bruce\application data\microsoft\conhost.exe"
+ "Cpqset" "" "" "c:\program files\hewlett-packard\default settings\cpqset.exe"
+ "High Definition Audio Property Page Shortcut" "High Definition Audio Property Page Shortcut v1.0" "Windows ® Server 2003 DDK provider" "c:\windows\system32\chdaudpropshortcut.exe"
+ "HP Software Update" "" "" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "hpWirelessAssistant" "" "" "c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe"
+ "ISUSPM Startup" "" "" "c:\program files\common files\installshield\updateservice\isuspm .exe"
+ "ISUSScheduler" "" "" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "iTunesHelper" "" "" "c:\program files\itunes\ituneshelper.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 110.33 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "PinnacleDriverCheck" "" "" "File not found: C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg"
+ "QlbCtrl" "" "" "c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe"
+ "QPService" "" "" "c:\program files\hp\quickplay\qpservice.exe"
+ "QuickTime Task" "" "" "c:\program files\quicktime\qttask .exe"
+ "Realtime Monitor" "" "" "c:\program files\ca\etrust antivirus\realmon.exe"
+ "RecGuard" "" "" "c:\windows\sminst\recguard.exe"
+ "SunJavaUpdateSched" "" "" "c:\program files\java\jre6\bin\jusched.exe"
+ "SynTPEnh" "" "" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TkBellExe" "" "" "c:\program files\common files\real\update_ob\realsched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Acrobat Assistant.lnk" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe"
+ "CompuServe 7.0 Tray Icon.lnk" "CS Tray Icon" "CompuServe Interactive Services, Inc." "c:\program files\compuserve 7.0\cstray.exe"
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
+ "HP Photosmart Premier Fast Start.lnk" "HP Photosmart Premier" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqthb08.exe"
+ "Microsoft Office.lnk" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\osa.exe"
+ "Service Manager.lnk" "SQL Server Service Manager" "Microsoft Corporation" "c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe"
"C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp" "" "" ""
+ "Vongo Tray.lnk" "" "" "File not found: C:\Program Files\Vongo\Tray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "FlashPlayerUpdate" "Adobe® Flash® Player Installer/Uninstaller 10.3 r181" "Adobe Systems, Inc." "c:\windows\system32\macromed\flash\flashutil10t_activex.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "cdo" "Microsoft SharePoint Portal Server Object Model" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Elements" "Adobe Systems Inc." "c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll"
+ "InoShell" "" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inoshell.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "Yahoo! Mail" "YMMAPI Module" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "InoShell" "" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inoshell.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "PIDirectoryHook" "" "" "c:\program files\arcsoft\photoimpression 5\share\pihook.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 110.33 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn5\yt.dll"
+ "AcroIEToolbarHelper Class" "" "" "c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Google Toolbar Helper" "Google IE Client Toolbar" "Google Inc." "c:\program files\google\googletoolbar1.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn5\ytsingleinstance.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn5\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "" "" "c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn5\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "At1.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At10.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At11.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At12.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At13.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At14.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At15.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At16.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At17.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At18.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At19.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At2.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At20.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At21.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At22.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At23.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At24.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At241.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At242.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At243.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At244.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At245.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At246.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At247.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At248.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At249.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At250.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At251.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At252.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At253.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At254.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At255.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At256.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At257.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At258.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At259.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At260.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At261.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At262.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At263.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At264.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At3.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At4.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At5.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At6.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At7.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At8.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At9.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "RealUpgradeLogonTaskS-1-5-21-4040721995-428841684-2297361889-1005.job" "RealUpgrade Launcher " "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeScheduledTaskS-1-5-21-4040721995-428841684-2297361889-1005.job" "RealUpgrade Launcher " "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aawservice" "Protects your computer from spyware" "Lavasoft" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "AddFiltr" "Add Filter For Usb" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp quick launch buttons\addfiltr.exe"
+ "AOL ACS" "AOL Connectivity Service" "America Online" "c:\program files\common files\aol\acs\aolacsd.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "getPlusHelper" "getPlus® Helper" "NOS Microsystems Ltd." "c:\program files\nos\bin\getplus_helper.dll"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\shared\hpqwmiex.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "InoRPC" "Listens for Admin Server discovery and policy requests" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inorpc.exe"
+ "InoRT" "Provides real-time on-access virus protection" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inort.exe"
+ "InoTask" "Schedules background task such as scan jobs and signature downloads" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inotask.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "MDM" "Manages local and remote debugging for Visual Studio debuggers" "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MSSQLSERVER" "SQL Server Windows NT" "Microsoft Corporation" "c:\program files\microsoft sql server\mssql\binn\sqlservr.exe"
+ "MSSQLServerADHelper" "Microsoft SQL Server Active Directory Helper Service" "Microsoft Corporation" "c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe"
+ "nosGetPlusHelper" "getPlus® Helper" "NOS Microsystems Ltd." "c:\program files\nos\bin\getplus_helper_3004.dll"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "Pml Driver HPZ12" "PML Driver" "HP" "c:\windows\system32\hpzipm12.exe"
+ "SQLSERVERAGENT" "Microsoft SQL Server Agent" "Microsoft Corporation" "c:\program files\microsoft sql server\mssql\binn\sqlagent.exe"
+ "WANMiniportService" "Wan Miniport (ATW) Service" "America Online, Inc." "c:\windows\wanmpsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Afc" "Arcsoft® ASPI Shell" "Arcsoft, Inc." "c:\windows\system32\drivers\afc.sys"
+ "AliIde" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "AmdK8" "AMD Processor Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdk8.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CoachUsb" "USB Driver for Digital Camera" "FotoNation Ltd." "c:\windows\system32\drivers\coachusb.sys"
+ "CoachVc" "Video Capture Minidriver for Digital Camera" "Accapella Ltd." "c:\windows\system32\drivers\coachvc.sys"
+ "eabfiltr" "QLB PS/2 Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabfiltr.sys"
+ "eabusb" "QLB USB Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabusb.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HBtnKey" "HP Tablet PC Key Button HID Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\cpqbttn.sys"
+ "HdAudAddService" "High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdaud.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "INO_FLPY" "CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net" "Computer Associates" "c:\windows\system32\drivers\ino_flpy.sys"
+ "INO_FLTR" "CA eTrust Antivirus/InoculateIT File System Filter Driver for Windows 2000/XP/2003" "Computer Associates" "c:\windows\system32\drivers\ino_fltr.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MarvinBus" "Pinnacle Marvin Discrete Bus Enumerator" "Pinnacle Systems GmbH" "c:\windows\system32\drivers\marvinbus.sys"
+ "MCSTRM" "" "" "File not found: C:\WINDOWS\System32\Drivers\MCSTRM.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.64 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "nvata" "NVIDIA® nForce™ IDE Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvata.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvenetfd.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvnetbus.sys"
+ "nvsmu" "NVIDIA® nForce™ SMU Microcontroller Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvsmu.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASENUM" "SASENUM.SYS" " SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasenum.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "UIUSys" "" "" "File not found: system32\DRIVERS\UIUSYS.SYS"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "wanatw" "Wan Miniport (ATW)" "America Online, Inc." "c:\windows\system32\drivers\wanatw4.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "WISTechVIDCAP" "Pinnacle Systems DVC130/170 AV Capture Driver." "Pinnacle Systems" "c:\windows\system32\drivers\wisgostrm.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.3IV2" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\windows\system32\3ivxvfwcodec.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX® Codec for Windows" "DivXNetworks, Inc." "c:\windows\system32\divx.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.LEAD" "" "" "File not found: LCODCCMP.DLL"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "ArcSoft MP3 Encoder" "ArcSoft Mp3 Encoder" "" "c:\program files\common files\arcsoft\mpeg engine\arcmp3enc.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "LAME Audio Encoder" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\lame.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "3ivx Decoder Filter" "3ivx MPEG-4 5.0.3 DirectShow Video Decoder" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideodecoder.ax"
+ "3ivx Media Muxer" "3ivx MPEG-4 5.0.3 DirectShow Media Muxer" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsmediamux.ax"
+ "3ivx Media Splitter" "3ivx MPEG-4 5.0.3 DirectShow Media Splitter" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsmediasplitter.ax"
+ "3ivx MPEG-4 Video Encoder" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ArcGetDataSample" "ArcGetDataSample" "arcsoft" "c:\program files\common files\arcsoft\mpeg engine\arcgetdatasample.ax"
+ "ArcPutDataSample" "ArcGetDataSample" "arcsoft" "c:\program files\common files\arcsoft\mpeg engine\arcputdatasample.ax"
+ "ArcSoft 3GP Splitter" "ArcSoft 3GP/3G2 Splitter Filter " "ArcSoft Co. " "c:\program files\common files\arcsoft\mpeg engine\3gpsplitter.ax"
+ "ArcSoft AAC Decoder" "ArcSoft AAC Decoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\aacdecode.ax"
+ "ArcSoft AAC Encoder" "AACEncoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\aacencoder.ax"
+ "ArcSoft AC3 Audio Decoder" "ArcSoft AC3 Audio Decoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\ac3dec.ax"
+ "ArcSoft AMR/AAC Reader" "ArcSoft AMR/AAC Reader" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\amraacreader.ax"
+ "Arcsoft AMRDecoder" "AMRDecoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\amrdecoder.ax"
+ "Arcsoft AMREncoder" "AMREncoder" "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\amrencoder.ax"
+ "ArcSoft Avi Writer Filter" "ArcSoft AVI Writer Filter" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\uaviwriter.ax"
+ "ArcSoft Deinterlace" "deinterlace" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\deinterlace.ax"
+ "Arcsoft DV Transition" "DV Transition Buffer" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\dvtransition.ax"
+ "ArcSoft H.264 Decoder" "ArcSoft H.264 Decoder (Filter)" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\h264decfilter.ax"
+ "ArcSoft H.264 Encoder" "ArcSoft AVC/H264 Encoder Filter eval " "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\h264encoder.ax"
+ "ArcSoft H.264 Splitter" "ArcSoft H.264 Splitter (Filter)" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\h264splitter.ax"
+ "ArcSoft H263 Encoder" "ArcSoft H263 Encoder Filter" "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\h263encoder.ax"
+ "Arcsoft LPCM Decoder" "LPCM Decoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\lpcmdec.ax"
+ "ArcSoft MP3 Encoder" "ArcSoft Mp3 Encoder" "" "c:\program files\common files\arcsoft\mpeg engine\arcmp3enc.ax"
+ "ArcSoft MP4 Splitter" "ArcSoft MP4 Splitter Filter " "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\mp4splitter.ax"
+ "ArcSoft MP4Muxer" "ArcSoft 3GP/3G2 Muxer Filter" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\3gpmux.ax"
+ "ArcSoft MP4Muxer" "ArcSoft MP4 Muxer Filter" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\mp4muxer.ax"
+ "ArcSoft MPEG Audio Decoder" "ArcSoft Audio Decoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\mpgaudio.ax"
+ "ArcSoft Mpeg Encoder Filter" "" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\arcmpegcodec.ax"
+ "ArcSoft Mpeg Mplex Filter" "MplexFilter" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\arcmplexfilter.ax"
+ "Arcsoft Mpeg Mplex Filter" "MplexFilter" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\mplexfilter.ax"
+ "ArcSoft MPEG Splitter" "MPGSplitter Filter" "ArcSoft, Inc." "c:\program files\common files\arcsoft\mpeg engine\arcspl.ax"
+ "ArcSoft MPEG Video Decoder" "ArcSoft Mpeg Video Decoder Filter" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\mpgvideo.ax"
+ "Arcsoft Mpeg2Audio Encoder" "Mpeg2AudioEncoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\mpeg2audioencoder.ax"
+ "ArcSoft MPEG4 Decoder" "ArcSoft MPEG4 Video Decoder (Filter)" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\mp4decoder.ax"
+ "ArcSoft MPEG4 Decoder" "ArcSoft H.263 Video Decoder (Filter)" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\h263dec.ax"
+ "ArcSoft MPEG4 Encoder" "ArcSoft MPEG-4 Encoder Filter" "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\ump4encoder.ax"
+ "ArcSoft MPEG4 Encoder-EX" "ArcSoft MPEG-4 Encoder Filter " "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\shared filters\mp4encoder-ex.ax"
+ "ArcSoft QCELP 13K Encoder" "ArcSoft QCELP 13K Encoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\qcelpencoder.ax"
+ "Arcsoft QCELPDecoder" "ArcSoft QCELP Decoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\qcelpdecoder.ax"
+ "ArcSoft RealMedia Audio Decoder" "RealAudioDecoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\realaudiodecoder.ax"
+ "ArcSoft RealMedia Splitter" "RealMediaSplitter" "Arcsoft, Inc." "c:\program files\common files\arcsoft\mpeg engine\realmediasplitter.ax"
+ "ArcSoft RealMedia Video Decoder" "RealVideoDecoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\realvideodecoder.ax"
+ "ArcSoft Realtime Capture Encoder Filter" "Arc Real time Capture Encoder Filter" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\arccaptureencoder.ax"
+ "Arcsoft Source Buffer Filter" "Device Source Buffer Filter" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\srcbuffer.ax"
+ "ArcSoft TS Stream" "MPGSplitter Filter" "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\uarcdemux.ax"
+ "ArcSoft Video Decoder" "ArcSoft Video Decoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\uasvid.ax"
+ "ArcSoft VideoEffect" "Arcsoft Video Effect Filter 1.0" "Arcsoft Corporation" "c:\program files\common files\arcsoft\mpeg engine\arcvideoeffect.ax"
+ "Arcsoft WMV/ASF Splitter" "ArcWmvSpl" "Arcsoft, Inc." "c:\program files\common files\arcsoft\mpeg engine\arcwmvspl.ax"
+ "AVI Writer" "" "" "c:\program files\common files\muvee technologies\divx\aviwriter.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claud.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer (HP_QP2005)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\hp\quickplay\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clvsd.ax"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivXNetworks, Inc." "c:\windows\system32\divxdec.ax"
+ "DivX Video Encoder (3ivx)" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "File Dump" "FileDump DLL" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\filedump.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "HP Frame Grabber Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP MPEG-1 Encoder" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP Resize Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP Rotate Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP VTK Frame Grabber Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK MPEG-1 Encoder" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Resize Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Rotate Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "Image Effects" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\VideoEffects.ax"
+ "Image Effects" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Motion_Detection.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LAME Audio Encoder" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\lame.ax"
+ "LEAD MCMP/MJPEG Codec" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\hp\digital imaging\bin\lcodccmp.dll"
+ "LEAD MCMP/MJPEG Decoder" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\hp\digital imaging\bin\lcodccmp.dll"
+ "MainConcept (Muvee) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept (Muvee) MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveeeampeg.ax"
+ "MainConcept (Muvee) MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveespmpeg.ax"
+ "MainConcept (Muvee) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mceampeg.ax"
+ "MediaWriter Filter" "NetWrite Filter" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mediawriter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "QuickTime Encoder" "QuickTime Encoder" "muvee Technologies" "c:\program files\common files\muvee technologies\030625\quicktimesink.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "QuickTimeRenderer Filter" "QuickTimeRenderer Filter" "muvee Technologies Pte. Ltd." "c:\program files\common files\muvee technologies\030625\quicktimerenderer.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Render Dib" "Special Effects Sample" "ArcSoft" "c:\program files\arcsoft\photoimpression 5\modules\browser\ezrgb24.ax"
+ "Samsung Video Encoder (3ivx)" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Snapshot" "Arcsoft Snapshot Filter 1.0" "Arcsoft Corporation" "c:\program files\common files\arcsoft\mpeg engine\arcsnap.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "TimeShift2.0 Client Filter" "Timeshift2.0 Filter" "Arcsoft Inc." "c:\program files\common files\arcsoft\mpeg engine\timeshift2.ax"
+ "TimeShift2.0 Server Filter" "Timeshift2.0 Filter" "Arcsoft Inc." "c:\program files\common files\arcsoft\mpeg engine\timeshift2.ax"
+ "Tivo DirectShow Source Filter" "TiVo DirectShow Filter" "TiVo Inc." "c:\program files\common files\tivo shared\directshow\tivodirectshowfilter.dll"
+ "VisioForge Dump" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Dump.ax"
+ "VisioForge Screen Capture 3" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Screen_Capture.ax"
+ "VisioForge Video Resizer" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Video_Resizer.ax"
+ "VT Deinterlace" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Deinterlace.dll"
+ "WAV Dest" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\wavdest.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMplug" "" "" "File not found: C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "XviD MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\WINDOWS\system32\ropezufi.dll " "" "" "File not found: C:\WINDOWS\system32\ropezufi.dll "
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port" "Acrobat ® PDF Port" "Adobe Systems Incorporated." "c:\windows\system32\adobepdf.dll"
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "LIDIL hpzll43a" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll43a.dll"
+ "RICOH Language Monitor2" "RICOH BIDI Language Monitor" "RICOH CO.,Ltd." "c:\windows\system32\rc4mon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "C:\WINDOWS\system32\ropezufi.dll" "" "" "File not found: C:\WINDOWS\system32\ropezufi.dll"

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:10 AM

Posted 23 August 2011 - 04:20 AM

Hello.

Use Autoruns to remove the following items from startup.

+ "At1.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At10.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At11.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At12.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At13.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At14.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At15.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At16.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At17.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At18.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At19.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At2.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At20.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At21.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At22.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At23.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At24.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At241.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At242.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At243.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At244.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At245.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At246.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At247.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At248.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At249.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At250.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At251.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At252.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At253.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At254.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At255.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At256.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At257.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At258.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At259.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At260.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At261.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At262.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At263.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At264.job" "" "" "c:\windows\fonts\ekm00fom5.com"
+ "At3.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At4.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At5.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At6.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At7.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At8.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"
+ "At9.job" "" "" "File not found: C:\WINDOWS\system32\YxoQAL66.exe"

Let me know how things are running afterwards.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 bruce_m

bruce_m
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 24 August 2011 - 10:02 AM

I removed those items using safe mode. Restarted, and now I can run the Autoruns in normal mode. On start up in normal mode I still get some blank windows "Blank2" and "Hello4" at the top of those blank windows.

Also, in the Processes column of the task manager I get multiple "isuspm.exe" and "QTTask.exe" As well as having my google and yahoo searches redirected.

Just to make sure I got those items removed I ran Autoruns again and here are the results of that one. I noticed there are a few items that are listed as "File not found" etc...



"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
+ "and" "" "" "File not found: and"
+ "Data\dwm.exe" "" "" "File not found: Data\dwm.exe"
+ "explorer.exe,C:\Documents" "" "" "File not found: explorer.exe,C:\Documents"
+ "Settings\Bruce\Application" "" "" "File not found: Settings\Bruce\Application"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "" "" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "" "" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "COMODO SafeSurf" "" "" "c:\program files\comodo\safesurf\cssurf.exe"
+ "conhost" "" "" "c:\documents and settings\bruce\application data\microsoft\conhost.exe"
+ "Cpqset" "" "" "c:\program files\hewlett-packard\default settings\cpqset.exe"
+ "High Definition Audio Property Page Shortcut" "High Definition Audio Property Page Shortcut v1.0" "Windows ® Server 2003 DDK provider" "c:\windows\system32\chdaudpropshortcut.exe"
+ "HP Software Update" "" "" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "hpWirelessAssistant" "" "" "c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe"
+ "ISUSPM Startup" "" "" "c:\program files\common files\installshield\updateservice\isuspm .exe"
+ "ISUSScheduler" "" "" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "iTunesHelper" "" "" "c:\program files\itunes\ituneshelper.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 110.33 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "PinnacleDriverCheck" "" "" "File not found: C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg"
+ "QlbCtrl" "" "" "c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe"
+ "QPService" "" "" "c:\program files\hp\quickplay\qpservice.exe"
+ "QuickTime Task" "" "" "c:\program files\quicktime\qttask .exe"
+ "Realtime Monitor" "" "" "c:\program files\ca\etrust antivirus\realmon.exe"
+ "RecGuard" "" "" "c:\windows\sminst\recguard.exe"
+ "SunJavaUpdateSched" "" "" "c:\program files\java\jre6\bin\jusched.exe"
+ "SynTPEnh" "" "" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TkBellExe" "" "" "c:\program files\common files\real\update_ob\realsched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Acrobat Assistant.lnk" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe"
+ "CompuServe 7.0 Tray Icon.lnk" "CS Tray Icon" "CompuServe Interactive Services, Inc." "c:\program files\compuserve 7.0\cstray.exe"
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
+ "HP Photosmart Premier Fast Start.lnk" "HP Photosmart Premier" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqthb08.exe"
+ "Microsoft Office.lnk" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\osa.exe"
+ "Service Manager.lnk" "SQL Server Service Manager" "Microsoft Corporation" "c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load" "" "" ""
+ "C:\DOCUME~1\Bruce\LOCALS~1\Temp\csrss.exe" "" "" "c:\documents and settings\bruce\local settings\temp\csrss.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Messenger (Yahoo!)" "" "" "c:\program files\yahoo!\messenger\yahoomessenger.exe"
+ "swg" "" "" "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "TomTomHOME.exe" "" "" "File not found: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "cdo" "Microsoft SharePoint Portal Server Object Model" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Elements" "Adobe Systems Inc." "c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll"
+ "InoShell" "" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inoshell.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "Yahoo! Mail" "YMMAPI Module" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "InoShell" "" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inoshell.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "PIDirectoryHook" "" "" "c:\program files\arcsoft\photoimpression 5\share\pihook.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 110.33 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn5\yt.dll"
+ "AcroIEToolbarHelper Class" "" "" "c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Google Toolbar Helper" "Google IE Client Toolbar" "Google Inc." "c:\program files\google\googletoolbar1.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn5\ytsingleinstance.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn5\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "" "" "c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn5\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "RealUpgradeLogonTaskS-1-5-21-4040721995-428841684-2297361889-1005.job" "RealUpgrade Launcher " "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeScheduledTaskS-1-5-21-4040721995-428841684-2297361889-1005.job" "RealUpgrade Launcher " "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aawservice" "Protects your computer from spyware" "Lavasoft" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "AddFiltr" "Add Filter For Usb" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp quick launch buttons\addfiltr.exe"
+ "AOL ACS" "AOL Connectivity Service" "America Online" "c:\program files\common files\aol\acs\aolacsd.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\shared\hpqwmiex.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "InoRPC" "Listens for Admin Server discovery and policy requests" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inorpc.exe"
+ "InoRT" "Provides real-time on-access virus protection" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inort.exe"
+ "InoTask" "Schedules background task such as scan jobs and signature downloads" "Computer Associates International, Inc." "c:\program files\ca\etrust antivirus\inotask.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "MDM" "Manages local and remote debugging for Visual Studio debuggers" "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MSSQLSERVER" "SQL Server Windows NT" "Microsoft Corporation" "c:\program files\microsoft sql server\mssql\binn\sqlservr.exe"
+ "MSSQLServerADHelper" "Microsoft SQL Server Active Directory Helper Service" "Microsoft Corporation" "c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe"
+ "nosGetPlusHelper" "getPlus® Helper" "NOS Microsystems Ltd." "c:\program files\nos\bin\getplus_helper_3004.dll"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "Pml Driver HPZ12" "PML Driver" "HP" "c:\windows\system32\hpzipm12.exe"
+ "SQLSERVERAGENT" "Microsoft SQL Server Agent" "Microsoft Corporation" "c:\program files\microsoft sql server\mssql\binn\sqlagent.exe"
+ "WANMiniportService" "Wan Miniport (ATW) Service" "America Online, Inc." "c:\windows\wanmpsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Afc" "Arcsoft® ASPI Shell" "Arcsoft, Inc." "c:\windows\system32\drivers\afc.sys"
+ "AliIde" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "AmdK8" "AMD Processor Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdk8.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CoachUsb" "USB Driver for Digital Camera" "FotoNation Ltd." "c:\windows\system32\drivers\coachusb.sys"
+ "CoachVc" "Video Capture Minidriver for Digital Camera" "Accapella Ltd." "c:\windows\system32\drivers\coachvc.sys"
+ "eabfiltr" "QLB PS/2 Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabfiltr.sys"
+ "eabusb" "QLB USB Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabusb.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HBtnKey" "HP Tablet PC Key Button HID Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\cpqbttn.sys"
+ "HdAudAddService" "High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdaud.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "INO_FLPY" "CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net" "Computer Associates" "c:\windows\system32\drivers\ino_flpy.sys"
+ "INO_FLTR" "CA eTrust Antivirus/InoculateIT File System Filter Driver for Windows 2000/XP/2003" "Computer Associates" "c:\windows\system32\drivers\ino_fltr.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MarvinBus" "Pinnacle Marvin Discrete Bus Enumerator" "Pinnacle Systems GmbH" "c:\windows\system32\drivers\marvinbus.sys"
+ "MCSTRM" "" "" "File not found: C:\WINDOWS\System32\Drivers\MCSTRM.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.64 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "nvata" "NVIDIA® nForce™ IDE Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvata.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvenetfd.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvnetbus.sys"
+ "nvsmu" "NVIDIA® nForce™ SMU Microcontroller Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvsmu.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASENUM" "SASENUM.SYS" " SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasenum.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "UIUSys" "" "" "File not found: system32\DRIVERS\UIUSYS.SYS"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "wanatw" "Wan Miniport (ATW)" "America Online, Inc." "c:\windows\system32\drivers\wanatw4.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "WISTechVIDCAP" "Pinnacle Systems DVC130/170 AV Capture Driver." "Pinnacle Systems" "c:\windows\system32\drivers\wisgostrm.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.3IV2" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\windows\system32\3ivxvfwcodec.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX® Codec for Windows" "DivXNetworks, Inc." "c:\windows\system32\divx.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.LEAD" "" "" "File not found: LCODCCMP.DLL"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "ArcSoft MP3 Encoder" "ArcSoft Mp3 Encoder" "" "c:\program files\common files\arcsoft\mpeg engine\arcmp3enc.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "LAME Audio Encoder" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\lame.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "3ivx Decoder Filter" "3ivx MPEG-4 5.0.3 DirectShow Video Decoder" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideodecoder.ax"
+ "3ivx Media Muxer" "3ivx MPEG-4 5.0.3 DirectShow Media Muxer" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsmediamux.ax"
+ "3ivx Media Splitter" "3ivx MPEG-4 5.0.3 DirectShow Media Splitter" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsmediasplitter.ax"
+ "3ivx MPEG-4 Video Encoder" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ArcGetDataSample" "ArcGetDataSample" "arcsoft" "c:\program files\common files\arcsoft\mpeg engine\arcgetdatasample.ax"
+ "ArcPutDataSample" "ArcGetDataSample" "arcsoft" "c:\program files\common files\arcsoft\mpeg engine\arcputdatasample.ax"
+ "ArcSoft 3GP Splitter" "ArcSoft 3GP/3G2 Splitter Filter " "ArcSoft Co. " "c:\program files\common files\arcsoft\mpeg engine\3gpsplitter.ax"
+ "ArcSoft AAC Decoder" "ArcSoft AAC Decoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\aacdecode.ax"
+ "ArcSoft AAC Encoder" "AACEncoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\aacencoder.ax"
+ "ArcSoft AC3 Audio Decoder" "ArcSoft AC3 Audio Decoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\ac3dec.ax"
+ "ArcSoft AMR/AAC Reader" "ArcSoft AMR/AAC Reader" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\amraacreader.ax"
+ "Arcsoft AMRDecoder" "AMRDecoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\amrdecoder.ax"
+ "Arcsoft AMREncoder" "AMREncoder" "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\amrencoder.ax"
+ "ArcSoft Avi Writer Filter" "ArcSoft AVI Writer Filter" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\uaviwriter.ax"
+ "ArcSoft Deinterlace" "deinterlace" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\deinterlace.ax"
+ "Arcsoft DV Transition" "DV Transition Buffer" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\dvtransition.ax"
+ "ArcSoft H.264 Decoder" "ArcSoft H.264 Decoder (Filter)" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\h264decfilter.ax"
+ "ArcSoft H.264 Encoder" "ArcSoft AVC/H264 Encoder Filter eval " "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\h264encoder.ax"
+ "ArcSoft H.264 Splitter" "ArcSoft H.264 Splitter (Filter)" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\h264splitter.ax"
+ "ArcSoft H263 Encoder" "ArcSoft H263 Encoder Filter" "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\h263encoder.ax"
+ "Arcsoft LPCM Decoder" "LPCM Decoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\lpcmdec.ax"
+ "ArcSoft MP3 Encoder" "ArcSoft Mp3 Encoder" "" "c:\program files\common files\arcsoft\mpeg engine\arcmp3enc.ax"
+ "ArcSoft MP4 Splitter" "ArcSoft MP4 Splitter Filter " "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\mp4splitter.ax"
+ "ArcSoft MP4Muxer" "ArcSoft 3GP/3G2 Muxer Filter" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\3gpmux.ax"
+ "ArcSoft MP4Muxer" "ArcSoft MP4 Muxer Filter" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\mp4muxer.ax"
+ "ArcSoft MPEG Audio Decoder" "ArcSoft Audio Decoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\mpgaudio.ax"
+ "ArcSoft Mpeg Encoder Filter" "" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\arcmpegcodec.ax"
+ "ArcSoft Mpeg Mplex Filter" "MplexFilter" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\arcmplexfilter.ax"
+ "Arcsoft Mpeg Mplex Filter" "MplexFilter" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\mplexfilter.ax"
+ "ArcSoft MPEG Splitter" "MPGSplitter Filter" "ArcSoft, Inc." "c:\program files\common files\arcsoft\mpeg engine\arcspl.ax"
+ "ArcSoft MPEG Video Decoder" "ArcSoft Mpeg Video Decoder Filter" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\mpgvideo.ax"
+ "Arcsoft Mpeg2Audio Encoder" "Mpeg2AudioEncoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\mpeg2audioencoder.ax"
+ "ArcSoft MPEG4 Decoder" "ArcSoft MPEG4 Video Decoder (Filter)" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\mp4decoder.ax"
+ "ArcSoft MPEG4 Decoder" "ArcSoft H.263 Video Decoder (Filter)" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\h263dec.ax"
+ "ArcSoft MPEG4 Encoder" "ArcSoft MPEG-4 Encoder Filter" "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\ump4encoder.ax"
+ "ArcSoft MPEG4 Encoder-EX" "ArcSoft MPEG-4 Encoder Filter " "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\shared filters\mp4encoder-ex.ax"
+ "ArcSoft QCELP 13K Encoder" "ArcSoft QCELP 13K Encoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\qcelpencoder.ax"
+ "Arcsoft QCELPDecoder" "ArcSoft QCELP Decoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\qcelpdecoder.ax"
+ "ArcSoft RealMedia Audio Decoder" "RealAudioDecoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\realaudiodecoder.ax"
+ "ArcSoft RealMedia Splitter" "RealMediaSplitter" "Arcsoft, Inc." "c:\program files\common files\arcsoft\mpeg engine\realmediasplitter.ax"
+ "ArcSoft RealMedia Video Decoder" "RealVideoDecoder" "ArcSoft" "c:\program files\common files\arcsoft\mpeg engine\realvideodecoder.ax"
+ "ArcSoft Realtime Capture Encoder Filter" "Arc Real time Capture Encoder Filter" "Arcsoft" "c:\program files\common files\arcsoft\mpeg engine\arccaptureencoder.ax"
+ "Arcsoft Source Buffer Filter" "Device Source Buffer Filter" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\srcbuffer.ax"
+ "ArcSoft TS Stream" "MPGSplitter Filter" "ArcSoft Co. (hangzhou, PRC)" "c:\program files\common files\arcsoft\mpeg engine\uarcdemux.ax"
+ "ArcSoft Video Decoder" "ArcSoft Video Decoder" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\uasvid.ax"
+ "ArcSoft VideoEffect" "Arcsoft Video Effect Filter 1.0" "Arcsoft Corporation" "c:\program files\common files\arcsoft\mpeg engine\arcvideoeffect.ax"
+ "Arcsoft WMV/ASF Splitter" "ArcWmvSpl" "Arcsoft, Inc." "c:\program files\common files\arcsoft\mpeg engine\arcwmvspl.ax"
+ "AVI Writer" "" "" "c:\program files\common files\muvee technologies\divx\aviwriter.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claud.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer (HP_QP2005)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\hp\quickplay\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clvsd.ax"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivXNetworks, Inc." "c:\windows\system32\divxdec.ax"
+ "DivX Video Encoder (3ivx)" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "File Dump" "FileDump DLL" "ArcSoft Inc." "c:\program files\common files\arcsoft\mpeg engine\filedump.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "HP Frame Grabber Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP MPEG-1 Encoder" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP Resize Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP Rotate Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP VTK Frame Grabber Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK MPEG-1 Encoder" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Resize Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Rotate Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "Image Effects" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\VideoEffects.ax"
+ "Image Effects" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Motion_Detection.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LAME Audio Encoder" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\lame.ax"
+ "LEAD MCMP/MJPEG Codec" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\hp\digital imaging\bin\lcodccmp.dll"
+ "LEAD MCMP/MJPEG Decoder" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\hp\digital imaging\bin\lcodccmp.dll"
+ "MainConcept (Muvee) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept (Muvee) MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveeeampeg.ax"
+ "MainConcept (Muvee) MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveespmpeg.ax"
+ "MainConcept (Muvee) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept2\muveedsmpeg.ax"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mceampeg.ax"
+ "MediaWriter Filter" "NetWrite Filter" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mediawriter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "QuickTime Encoder" "QuickTime Encoder" "muvee Technologies" "c:\program files\common files\muvee technologies\030625\quicktimesink.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "QuickTimeRenderer Filter" "QuickTimeRenderer Filter" "muvee Technologies Pte. Ltd." "c:\program files\common files\muvee technologies\030625\quicktimerenderer.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Render Dib" "Special Effects Sample" "ArcSoft" "c:\program files\arcsoft\photoimpression 5\modules\browser\ezrgb24.ax"
+ "Samsung Video Encoder (3ivx)" "3ivx MPEG-4 5.0.3 Video for Windows Codec" "3ivx Technologies Pty. Ltd." "c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxdsvideoencoder.ax"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Snapshot" "Arcsoft Snapshot Filter 1.0" "Arcsoft Corporation" "c:\program files\common files\arcsoft\mpeg engine\arcsnap.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "TimeShift2.0 Client Filter" "Timeshift2.0 Filter" "Arcsoft Inc." "c:\program files\common files\arcsoft\mpeg engine\timeshift2.ax"
+ "TimeShift2.0 Server Filter" "Timeshift2.0 Filter" "Arcsoft Inc." "c:\program files\common files\arcsoft\mpeg engine\timeshift2.ax"
+ "Tivo DirectShow Source Filter" "TiVo DirectShow Filter" "TiVo Inc." "c:\program files\common files\tivo shared\directshow\tivodirectshowfilter.dll"
+ "VisioForge Dump" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Dump.ax"
+ "VisioForge Screen Capture 3" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Screen_Capture.ax"
+ "VisioForge Video Resizer" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Video_Resizer.ax"
+ "VT Deinterlace" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\Deinterlace.dll"
+ "WAV Dest" "" "" "File not found: C:\Program Files\EatCam\Webcam Recorder for ICQ\codec\wavdest.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMplug" "" "" "File not found: C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "XviD MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\WINDOWS\system32\ropezufi.dll " "" "" "File not found: C:\WINDOWS\system32\ropezufi.dll "
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port" "Acrobat ® PDF Port" "Adobe Systems Incorporated." "c:\windows\system32\adobepdf.dll"
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "LIDIL hpzll43a" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll43a.dll"
+ "RICOH Language Monitor2" "RICOH BIDI Language Monitor" "RICOH CO.,Ltd." "c:\windows\system32\rc4mon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "C:\WINDOWS\system32\ropezufi.dll" "" "" "File not found: C:\WINDOWS\system32\ropezufi.dll"

Edited by bruce_m, 24 August 2011 - 04:30 PM.


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:10 AM

Posted 24 August 2011 - 11:35 PM

As well as having my google and yahoo searches redirected.


You didn't mention this before. That changes things.

It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 bruce_m

bruce_m
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 27 August 2011 - 10:48 PM

I posted the log file on the section you directed me to.

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:10 AM

Posted 27 August 2011 - 11:53 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic416367.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Please do not bump your topic. Do not worry about being forgotten; we have mechanisms in place to ensure that you are not overlooked.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

~Blade
Forum Administrator

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users