Solved XP running very slowly

seafoodshanty · 2010/10/29

[Resolved] XP running very slowly

You solved my virus problem on this machine once before but I am again experiencing a very slow response.

I am also having a problem with a dell innovo 1700 running vista basic. That machine is constantly trying to run Startup repair. I don't know if it will let me run your diagnostic.

In any event I'm attaching the results of the run on this machine. Admin: As per instructions, these need to be posted here, not attached

Thanks for your help.

DDS (Ver_10-10-21.02) - NTFSx86
Run by admin at 9:52:03.93 on Fri 10/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.253 [GMT -4:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn5\ytbb.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\admin\Desktop\prog from windowsbbs.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe "
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\QUICKB~1.LNK -
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: eset.com\www
Trusted Zone: eset.eu\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178805116182
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]

=============== Created Last 30 ================

2010-10-13 18:22:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 18:22:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 18:22:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 18:22:43 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-06 15:44:51 17408 ----a-w- C:\psapi.dll
2010-08-01 12:52:36 4364032 ----a-w- c:\program files\common files\lpuninstall.exe
2008-10-17 13:21:50 709632 ----a-w- c:\program files\posteriza.exe

============= FINISH: 9:52:35.93 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/25/2005 3:22:34 PM
System Uptime: 10/27/2010 8:32:49 AM (49 hours ago)

Motherboard: Dell Inc. | | 0X8582
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 118.199 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MX700 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX700 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam

==== System Restore Points ===================

RP300: 7/30/2010 9:19:36 AM - System Checkpoint
RP301: 7/31/2010 10:40:32 AM - System Checkpoint
RP302: 8/1/2010 10:53:52 AM - System Checkpoint
RP303: 8/2/2010 10:58:39 AM - System Checkpoint
RP304: 8/3/2010 9:00:42 AM - Software Distribution Service 3.0
RP305: 8/4/2010 9:29:45 AM - System Checkpoint
RP306: 8/5/2010 10:59:02 AM - System Checkpoint
RP307: 8/6/2010 2:40:19 PM - System Checkpoint
RP308: 8/7/2010 3:55:38 PM - System Checkpoint
RP309: 8/8/2010 4:00:24 PM - System Checkpoint
RP310: 8/9/2010 5:48:30 PM - System Checkpoint
RP311: 8/10/2010 6:20:38 PM - System Checkpoint
RP312: 8/11/2010 7:42:14 PM - System Checkpoint
RP313: 8/12/2010 7:51:30 PM - System Checkpoint
RP314: 8/13/2010 8:31:19 AM - Software Distribution Service 3.0
RP315: 8/14/2010 10:01:23 AM - System Checkpoint
RP316: 8/15/2010 10:47:09 AM - System Checkpoint
RP317: 8/16/2010 12:39:33 PM - System Checkpoint
RP318: 8/17/2010 6:23:41 PM - System Checkpoint
RP319: 8/27/2010 1:28:05 AM - System Checkpoint
RP320: 8/28/2010 10:05:10 AM - System Checkpoint
RP321: 8/29/2010 10:06:38 AM - System Checkpoint
RP322: 8/30/2010 10:38:56 AM - System Checkpoint
RP323: 8/31/2010 12:29:03 PM - System Checkpoint
RP324: 9/1/2010 2:49:58 PM - System Checkpoint
RP325: 9/2/2010 6:56:29 PM - System Checkpoint
RP326: 9/4/2010 8:43:12 AM - System Checkpoint
RP327: 9/5/2010 9:13:50 AM - System Checkpoint
RP328: 9/6/2010 8:44:27 AM - Software Distribution Service 3.0
RP329: 9/7/2010 9:35:09 AM - System Checkpoint
RP330: 9/8/2010 10:13:25 AM - System Checkpoint
RP331: 9/9/2010 12:02:08 PM - System Checkpoint
RP332: 9/10/2010 12:53:27 PM - System Checkpoint
RP333: 9/11/2010 5:58:28 PM - System Checkpoint
RP334: 9/12/2010 6:18:37 PM - System Checkpoint
RP335: 9/13/2010 6:34:13 PM - System Checkpoint
RP336: 9/14/2010 7:29:25 PM - System Checkpoint
RP337: 9/15/2010 10:10:20 PM - System Checkpoint
RP338: 9/16/2010 8:20:58 AM - Software Distribution Service 3.0
RP339: 9/17/2010 9:37:46 AM - System Checkpoint
RP340: 9/18/2010 4:50:34 PM - System Checkpoint
RP341: 9/19/2010 5:25:36 PM - System Checkpoint
RP342: 9/20/2010 6:04:22 PM - System Checkpoint
RP343: 9/21/2010 9:49:18 PM - System Checkpoint
RP344: 9/22/2010 11:28:37 PM - System Checkpoint
RP345: 9/24/2010 12:13:57 AM - System Checkpoint
RP346: 9/25/2010 9:05:51 AM - System Checkpoint
RP347: 9/26/2010 9:40:31 AM - System Checkpoint
RP348: 9/27/2010 9:54:10 AM - System Checkpoint
RP349: 9/28/2010 10:01:19 AM - System Checkpoint
RP350: 9/29/2010 1:57:19 PM - System Checkpoint
RP351: 9/30/2010 8:31:11 AM - Software Distribution Service 3.0
RP352: 10/1/2010 9:17:01 AM - System Checkpoint
RP353: 10/2/2010 10:04:27 AM - System Checkpoint
RP354: 10/3/2010 8:07:19 PM - System Checkpoint
RP355: 10/5/2010 10:29:25 AM - System Checkpoint
RP356: 10/6/2010 10:54:54 AM - System Checkpoint
RP357: 10/7/2010 8:26:42 AM - Software Distribution Service 3.0
RP358: 10/8/2010 9:54:18 AM - System Checkpoint
RP359: 10/9/2010 10:57:17 AM - System Checkpoint
RP360: 10/10/2010 11:43:50 AM - System Checkpoint
RP361: 10/11/2010 3:25:18 PM - System Checkpoint
RP362: 10/12/2010 5:05:24 PM - System Checkpoint
RP363: 10/14/2010 8:59:34 AM - Software Distribution Service 3.0
RP364: 10/15/2010 10:57:48 AM - System Checkpoint
RP365: 10/16/2010 12:32:29 PM - System Checkpoint
RP366: 10/17/2010 3:03:51 PM - System Checkpoint
RP367: 10/18/2010 4:21:33 PM - System Checkpoint
RP368: 10/20/2010 9:17:04 AM - System Checkpoint
RP369: 10/21/2010 9:28:51 AM - System Checkpoint
RP370: 10/22/2010 9:35:10 AM - System Checkpoint
RP371: 10/23/2010 9:56:54 AM - System Checkpoint
RP372: 10/24/2010 10:50:21 AM - System Checkpoint
RP373: 10/25/2010 11:26:44 AM - System Checkpoint
RP374: 10/26/2010 12:02:17 PM - System Checkpoint
RP375: 10/28/2010 9:56:32 AM - System Checkpoint
RP376: 10/29/2010 9:36:52 AM - Software Distribution Service 3.0
RP377: 10/29/2010 9:52:13 AM - Installed Java(TM) 6 Update 22

==== Installed Programs ======================

1st Pricing
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Avery Wizard 3.1
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Drivers 6.0
Canon MP Navigator 2.2
Canon MP Navigator EX 1.0
Canon MP830
Canon MP830 User Registration
Canon MX700 series
Canon My Printer
Canon ScanGearStarter
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Carbonite
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Customer Support Tool A302
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
Destinations
DeviceManagementQFolder
dj_taplugin
EarthBrowser
EarthLink setup files
Easy-WebPrint
ESET NOD32 Antivirus
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 6900 series
HP Imaging Device Functions 6.0
HP Photosmart Essential
HP Update
hpf_ProductContext
HYCAD 5.29
Intel Matrix Storage Manager
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Software v9.2.4.11
Intel(R) PROSafe for Wired Connections
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Linksys EasyLink Advisor
Macromedia Flash Player
MenuPro
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MX-900 Editor
MyWay Search Assistant
OpenOffice.org Installer 1.0
ParetoLogic DriverCure
Photo Click
PlayerLiteH 1.0.1.9.LH
PowerDVD 5.5
Pure Networks Platform
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
Readme
RealPlayer
RealUpgrade 1.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smart Defrag 1.20
StartupMonitor
Status
TrayApp
TurboCAD Deluxe v11.1
TurboCAD Symbols
Unix Utilities for Yahoo! Widgets
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video Viewer
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WordPerfect Office 12
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
Yahoo! Widgets

==== Event Viewer Messages From Past Week ========

10/29/2010 9:25:38 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
10/29/2010 9:25:38 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL. Reference error message: The operation completed successfully. .
10/29/2010 9:25:38 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================

broni · 2010/10/29

I'm not sure, if your issues are caused by some infection, but we can check

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=============================================================

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

seafoodshanty · 2010/10/30

First Step

Here are results:
alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4997

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/30/2010 10:28:11 AM
mbam-log-2010-10-30 (10-28-11).txt

Scan type: Quick scan
Objects scanned: 207761
Time elapsed: 40 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\I0TS1Z9V\Adobe__Flash__Player[1].exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Will run next Step.

broni · 2010/10/30

Ok...

seafoodshanty · 2010/10/31

Step 2

GMER results:
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-31 08:19:39
Windows 5.1.2600 Service Pack 3
Running: 0dt8j391[1].exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\uxldrfow.sys

---- System - GMER 1.0.15 ----

SSDT 8638C580 ZwAssignProcessToJobObject
SSDT 8638D100 ZwDebugActiveProcess
SSDT 8638CB30 ZwDuplicateObject
SSDT 8638BCC0 ZwOpenProcess
SSDT 8638BFC0 ZwOpenThread
SSDT 8638C9C0 ZwProtectVirtualMemory
SSDT 8638C860 ZwSetContextThread
SSDT 8638C6E0 ZwSetInformationThread
SSDT 86389700 ZwSetSecurityObject
SSDT 8638C420 ZwSuspendProcess
SSDT 8638C2C0 ZwSuspendThread
SSDT 8638BE50 ZwTerminateProcess
SSDT 8638C150 ZwTerminateThread
SSDT 8638CF50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? umht.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF79FD760]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1068] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1988] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2880] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3168] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3764] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4808] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\internet explorer\iexplore.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[3168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \FileSystem\Fastfat \Fat AD4BED20

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSktpa.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSyavu.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSncun.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqqcn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSpqlt.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSofxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSktpa.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSyavu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSncun.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqqcn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSpqlt.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSofxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSpxoe.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSktpa.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSyavu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSncun.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSqqcn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\

To Be CONTINUED.

seafoodshanty · 2010/10/31

Step 2 (continued)

TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSpqlt.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSofxh.log
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\devenum.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{01002B17-5D93-4551-81E4-831FEF780A53}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{01002B17-5D93-4551-81E4-831FEF780A53}@FriendlyName WMT MuxDeMux Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{01002B17-5D93-4551-81E4-831FEF780A53}@CLSID {01002B17-5D93-4551-81E4-831FEF780A53}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{01002B17-5D93-4551-81E4-831FEF780A53}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}@FriendlyName Full Screen Renderer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}@CLSID {07167665-5011-11CF-BF33-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{07167665-5011-11CF-BF33-00AA0055595A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{0DF28BF3-48C0-45B3-9539-D4AA969CF0EB}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{0DF28BF3-48C0-45B3-9539-D4AA969CF0EB}@FriendlyName WAV Dest Trial
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{0DF28BF3-48C0-45B3-9539-D4AA969CF0EB}@CLSID {0DF28BF3-48C0-45B3-9539-D4AA969CF0EB}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{0DF28BF3-48C0-45B3-9539-D4AA969CF0EB}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{129D7E40-C10D-11D0-AFB9-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{129D7E40-C10D-11D0-AFB9-00AA00B67A42}@FriendlyName DV Muxer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{129D7E40-C10D-11D0-AFB9-00AA00B67A42}@CLSID {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{129D7E40-C10D-11D0-AFB9-00AA00B67A42}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}@FriendlyName Color Space Converter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}@CLSID {1643E180-90F5-11CE-97D5-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1643E180-90F5-11CE-97D5-00AA0055595A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{187463A0-5BB7-11D3-ACBE-0080C75E246E}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{187463A0-5BB7-11D3-ACBE-0080C75E246E}@FriendlyName WM ASF Reader
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{187463A0-5BB7-11D3-ACBE-0080C75E246E}@CLSID {187463A0-5BB7-11D3-ACBE-0080C75E246E}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{187463A0-5BB7-11D3-ACBE-0080C75E246E}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1A56451B-1315-4012-861E-8587333DD631}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1A56451B-1315-4012-861E-8587333DD631}@FriendlyName Screen Capture filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1A56451B-1315-4012-861E-8587333DD631}@CLSID {1A56451B-1315-4012-861E-8587333DD631}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1A56451B-1315-4012-861E-8587333DD631}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}@FriendlyName AVI Splitter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}@CLSID {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C}@FriendlyName WMT AudioAnalyzer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C}@CLSID {1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}@FriendlyName VGA 16 Color Ditherer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}@CLSID {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{209F3965-0471-4290-6294-A8CDB7FA174A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{209F3965-0471-4290-6294-A8CDB7FA174A}@FriendlyName Musicmatch Radio Source
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{209F3965-0471-4290-6294-A8CDB7FA174A}@CLSID {209F3965-0471-4290-6294-A8CDB7FA174A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{209F3965-0471-4290-6294-A8CDB7FA174A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{22E24591-49D0-11D2-BB50-006008320064}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{22E24591-49D0-11D2-BB50-006008320064}@FriendlyName Windows Media Audio Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{22E24591-49D0-11D2-BB50-006008320064}@CLSID {22E24591-49D0-11D2-BB50-006008320064}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{22E24591-49D0-11D2-BB50-006008320064}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2618EA8E-3396-49A2-A532-84E6EA80C3B0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2618EA8E-3396-49A2-A532-84E6EA80C3B0}@FriendlyName Photo Story 2 Trial Source Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2618EA8E-3396-49A2-A532-84E6EA80C3B0}@CLSID {2618EA8E-3396-49A2-A532-84E6EA80C3B0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2618EA8E-3396-49A2-A532-84E6EA80C3B0}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{280A3020-86CF-11D1-ABE6-00A0C905F375}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{280A3020-86CF-11D1-ABE6-00A0C905F375}@FriendlyName AC3 Parser Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{280A3020-86CF-11D1-ABE6-00A0C905F375}@CLSID {280A3020-86CF-11D1-ABE6-00A0C905F375}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{280A3020-86CF-11D1-ABE6-00A0C905F375}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26}@FriendlyName WMT Format Conversion
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26}@CLSID {2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}@FriendlyName StreamBufferSink
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}@CLSID {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2EA10031-0033-450E-8072-E27D9E768142}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2EA10031-0033-450E-8072-E27D9E768142}@FriendlyName WMT Black Frame Generator
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2EA10031-0033-450E-8072-E27D9E768142}@CLSID {2EA10031-0033-450E-8072-E27D9E768142}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{2EA10031-0033-450E-8072-E27D9E768142}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}@FriendlyName MJPEG Decompressor
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}@CLSID {301056D0-6DFF-11D2-9EEB-006008039E37}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{301056D0-6DFF-11D2-9EEB-006008039E37}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{30355649-0000-0010-8000-00AA00389B71}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{30355649-0000-0010-8000-00AA00389B71}@FriendlyName Indeo? video 5.10 Decompression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{30355649-0000-0010-8000-00AA00389B71}@CLSID {30355649-0000-0010-8000-00AA00389B71}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{30355649-0000-0010-8000-00AA00389B71}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{31087270-D348-432C-899E-2D2F38FF29A0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{31087270-D348-432C-899E-2D2F38FF29A0}@FriendlyName WMT Screen Capture filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{31087270-D348-432C-899E-2D2F38FF29A0}@CLSID {31087270-D348-432C-899E-2D2F38FF29A0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{31087270-D348-432C-899E-2D2F38FF29A0}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{3301A7C4-0A8D-11D4-914D-00C04F610D24}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{3301A7C4-0A8D-11D4-914D-00C04F610D24}@FriendlyName Microsoft Screen Video Decompressor
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{3301A7C4-0A8D-11D4-914D-00C04F610D24}@CLSID {3301A7C4-0A8D-11D4-914D-00C04F610D24}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{3301A7C4-0A8D-11D4-914D-00C04F610D24}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}@FriendlyName MPEG-I Stream Splitter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}@CLSID {336475D0-942A-11CE-A870-00AA002FEAB5}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{336475D0-942A-11CE-A870-00AA002FEAB5}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}@FriendlyName SAMI (CC) Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}@CLSID {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{38BE3000-DBF4-11D0-860E-00A024CFEF6D}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{38BE3000-DBF4-11D0-860E-00A024CFEF6D}@FriendlyName MPEG Layer-3 Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{38BE3000-DBF4-11D0-860E-00A024CFEF6D}@CLSID {38BE3000-DBF4-11D0-860E-00A024CFEF6D}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{38BE3000-DBF4-11D0-860E-00A024CFEF6D}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{3AE86B20-7BE8-11D1-ABE6-00A0C905F375}@FriendlyName MPEG-2 Splitter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{3AE86B20-7BE8-11D1-ABE6-00A0C905F375}@CLSID {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{3AE86B20-7BE8-11D1-ABE6-00A0C905F375}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4009F700-AEBA-11D1-8344-00C04FB92EB7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4009F700-AEBA-11D1-8344-00C04FB92EB7}@FriendlyName ACELP.net Sipro Lab Audio Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4009F700-AEBA-11D1-8344-00C04FB92EB7}@CLSID {4009F700-AEBA-11D1-8344-00C04FB92EB7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4009F700-AEBA-11D1-8344-00C04FB92EB7}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{48025243-2D39-11CE-875D-00608CB78066}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{48025243-2D39-11CE-875D-00608CB78066}@FriendlyName Internal Script Command Renderer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{48025243-2D39-11CE-875D-00608CB78066}@CLSID {48025243-2D39-11CE-875D-00608CB78066}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{48025243-2D39-11CE-875D-00608CB78066}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}@FriendlyName MPEG Audio Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}@CLSID {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4B428940-263C-11D1-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4B428940-263C-11D1-A520-000000000000}@FriendlyName File Source (Netshow URL)
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4B428940-263C-11D1-A520-000000000000}@CLSID {4B428940-263C-11D1-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4B428940-263C-11D1-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB}@FriendlyName WMT Import Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB}@CLSID {4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4EB31670-9FC6-11CF-AF6E-00AA00B67A42}@FriendlyName DV Splitter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4EB31670-9FC6-11CF-AF6E-00AA00B67A42}@CLSID {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4EB31670-9FC6-11CF-AF6E-00AA00B67A42}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4F3E50BD-A9D7-4721-B0E1-00CB42A0A747}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4F3E50BD-A9D7-4721-B0E1-00CB42A0A747}@FriendlyName Bitmap Generate
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4F3E50BD-A9D7-4721-B0E1-00CB42A0A747}@CLSID {4F3E50BD-A9D7-4721-B0E1-00CB42A0A747}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4F3E50BD-A9D7-4721-B0E1-00CB42A0A747}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4FACBBA1-FFD8-4CD7-8228-61E2F65CB1AE}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4FACBBA1-FFD8-4CD7-8228-61E2F65CB1AE}@FriendlyName Windows Media Video Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4FACBBA1-FFD8-4CD7-8228-61E2F65CB1AE}@CLSID {4FACBBA1-FFD8-4CD7-8228-61E2F65CB1AE}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{4FACBBA1-FFD8-4CD7-8228-61E2F65CB1AE}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}@FriendlyName Video Mixing Renderer 9
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}@CLSID {51B4ABF3-748F-4E3B-A276-C828330E926A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{51B4ABF3-748F-4E3B-A276-C828330E926A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{521FB373-7654-49F2-BDB1-0C6E6660714F}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{521FB373-7654-49F2-BDB1-0C6E6660714F}@FriendlyName Windows Media Video Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{521FB373-7654-49F2-BDB1-0C6E6660714F}@CLSID {521FB373-7654-49F2-BDB1-0C6E6660714F}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{521FB373-7654-49F2-BDB1-0C6E6660714F}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{586FB486-5560-4FF3-96DF-1118C96AF456}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{586FB486-5560-4FF3-96DF-1118C96AF456}@FriendlyName WMT VIH2 Fix
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{586FB486-5560-4FF3-96DF-1118C96AF456}@CLSID {586FB486-5560-4FF3-96DF-1118C96AF456}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{586FB486-5560-4FF3-96DF-1118C96AF456}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{5B4B05EB-1F63-446B-AAD1-E10A34D650E0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{5B4B05EB-1F63-446B-AAD1-E10A34D650E0}@FriendlyName Record Queue
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{5B4B05EB-1F63-446B-AAD1-E10A34D650E0}@CLSID {5B4B05EB-1F63-446B-AAD1-E10A34D650E0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{5B4B05EB-1F63-446B-AAD1-E10A34D650E0}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{63F8AA94-E2B9-11D0-ADF6-00C04FB66DAD}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{63F8AA94-E2B9-11D0-ADF6-00C04FB66DAD}@FriendlyName Windows Media Multiplexer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{63F8AA94-E2B9-11D0-ADF6-00C04FB66DAD}@CLSID {63F8AA94-E2B9-11D0-ADF6-00C04FB66DAD}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{63F8AA94-E2B9-11D0-ADF6-00C04FB66DAD}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A0-A946-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A0-A946-11D0-A520-000000000000}@FriendlyName ASX file Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A0-A946-11D0-A520-000000000000}@CLSID {640999A0-A946-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A0-A946-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A1-A946-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A1-A946-11D0-A520-000000000000}@FriendlyName ASX v.2 file Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A1-A946-11D0-A520-000000000000}@CLSID {640999A1-A946-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A1-A946-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A2-A946-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A2-A946-11D0-A520-000000000000}@FriendlyName NSC file Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A2-A946-11D0-A520-000000000000}@CLSID {640999A2-A946-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{640999A2-A946-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}@FriendlyName ACM Wrapper
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}@CLSID {6A08CF80-0E18-11CF-A24D-0020AFD79767}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6B6D0800-9ADA-11D0-A520-00A0D10129C0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6B6D0800-9ADA-11D0-A520-00A0D10129C0}@FriendlyName Windows Media source filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6B6D0800-9ADA-11D0-A520-00A0D10129C0}@CLSID {6B6D0800-9ADA-11D0-A520-00A0D10129C0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6B6D0800-9ADA-11D0-A520-00A0D10129C0}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}@FriendlyName Video Renderer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}@CLSID {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6C68955E-F965-4249-8E18-F0977B1D2899}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6C68955E-F965-4249-8E18-F0977B1D2899}@FriendlyName Frame Eater
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6C68955E-F965-4249-8E18-F0977B1D2899}@CLSID {6C68955E-F965-4249-8E18-F0977B1D2899}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6C68955E-F965-4249-8E18-F0977B1D2899}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}@FriendlyName MPEG-2 Video Stream Analyzer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}@CLSID {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6E8D4A20-310C-11D0-B79A-00AA003767A7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6E8D4A20-310C-11D0-B79A-00AA003767A7}@FriendlyName Line 21 Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6E8D4A20-310C-11D0-B79A-00AA003767A7}@CLSID {6E8D4A20-310C-11D0-B79A-00AA003767A7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6E8D4A20-310C-11D0-B79A-00AA003767A7}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}@FriendlyName Video Port Manager
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}@CLSID {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{70BC06E0-5666-11D3-A184-00105AEF9F33}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{70BC06E0-5666-11D3-A184-00105AEF9F33}@FriendlyName WST Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{70BC06E0-5666-11D3-A184-00105AEF9F33}@CLSID {70BC06E0-5666-11D3-A184-00105AEF9F33}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{70BC06E0-5666-11D3-A184-00105AEF9F33}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}@FriendlyName Video Renderer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}@CLSID {70E102B0-5556-11CE-97C0-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{70E102B0-5556-11CE-97C0-00AA0055595A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{7C23220E-55BB-11D3-8B16-00C04FB6BD3D}@FriendlyName WM ASF Writer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{7C23220E-55BB-11D3-8B16-00C04FB6BD3D}@CLSID {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{7C23220E-55BB-11D3-8B16-00C04FB6BD3D}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{7F1232EE-44D7-4494-AB8B-CC61B10E21A5}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{7F1232EE-44D7-4494-AB8B-CC61B10E21A5}@FriendlyName WMT Sample Information Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{7F1232EE-44D7-4494-AB8B-CC61B10E21A5}@CLSID {7F1232EE-44D7-4494-AB8B-CC61B10E21A5}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{7F1232EE-44D7-4494-AB8B-CC61B10E21A5}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{814B9800-1C88-11D1-BAD9-00609744111A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{814B9800-1C88-11D1-BAD9-00609744111A}@FriendlyName VBI Surface Allocator
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{814B9800-1C88-11D1-BAD9-00609744111A}@CLSID {814B9800-1C88-11D1-BAD9-00609744111A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{814B9800-1C88-11D1-BAD9-00609744111A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{82CCD3E0-F71A-11D0-9FE5-00609778EA66}

TO BE CONTINUED

seafoodshanty · 2010/10/31

Step 2 (continued)

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{82CCD3E0-F71A-11D0-9FE5-00609778EA66}@FriendlyName Microsoft MPEG-4 Video Decompressor
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{82CCD3E0-F71A-11D0-9FE5-00609778EA66}@CLSID {82CCD3E0-F71A-11D0-9FE5-00609778EA66}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{82CCD3E0-F71A-11D0-9FE5-00609778EA66}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{8596E5F0-0DA5-11D0-BD21-00A0C911CE86}@FriendlyName File writer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{8596E5F0-0DA5-11D0-BD21-00A0C911CE86}@CLSID {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{8596E5F0-0DA5-11D0-BD21-00A0C911CE86}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{92883667-E95C-443D-AC96-4CACA27BEB6E}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{92883667-E95C-443D-AC96-4CACA27BEB6E}@FriendlyName WMT Log Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{92883667-E95C-443D-AC96-4CACA27BEB6E}@CLSID {92883667-E95C-443D-AC96-4CACA27BEB6E}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{92883667-E95C-443D-AC96-4CACA27BEB6E}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6}@FriendlyName WMT Virtual Renderer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6}@CLSID {930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{9B8C4620-2C1A-11D0-8493-00A02438AD48}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{9B8C4620-2C1A-11D0-8493-00A02438AD48}@FriendlyName DVD Navigator
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{9B8C4620-2C1A-11D0-8493-00A02438AD48}@CLSID {9B8C4620-2C1A-11D0-8493-00A02438AD48}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{9B8C4620-2C1A-11D0-8493-00A02438AD48}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A0025E90-E45B-11D1-ABE9-00A0C905F375}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A0025E90-E45B-11D1-ABE9-00A0C905F375}@FriendlyName Overlay Mixer2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A0025E90-E45B-11D1-ABE9-00A0C905F375}@CLSID {A0025E90-E45B-11D1-ABE9-00A0C905F375}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A0025E90-E45B-11D1-ABE9-00A0C905F375}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}@FriendlyName AVI Draw
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}@CLSID {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A98C8400-4181-11D1-A520-00A0D10129C0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A98C8400-4181-11D1-A520-00A0D10129C0}@FriendlyName .RAM file Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A98C8400-4181-11D1-A520-00A0D10129C0}@CLSID {A98C8400-4181-11D1-A520-00A0D10129C0}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{A98C8400-4181-11D1-A520-00A0D10129C0}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AECF5D2E-7A18-4DD2-BDCD-29B6F615B448}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AECF5D2E-7A18-4DD2-BDCD-29B6F615B448}@FriendlyName WMT DirectX Transform Wrapper
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AECF5D2E-7A18-4DD2-BDCD-29B6F615B448}@CLSID {AECF5D2E-7A18-4DD2-BDCD-29B6F615B448}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AECF5D2E-7A18-4DD2-BDCD-29B6F615B448}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AF7D8180-A8F9-11CF-9A46-00AA00B7DAD1}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AF7D8180-A8F9-11CF-9A46-00AA00B7DAD1}@FriendlyName G.711 Codec
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AF7D8180-A8F9-11CF-9A46-00AA00B7DAD1}@CLSID {AF7D8180-A8F9-11CF-9A46-00AA00B7DAD1}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AF7D8180-A8F9-11CF-9A46-00AA00B7DAD1}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AFB6C280-2C41-11D3-8A60-0000F81E0E4A}@FriendlyName MPEG-2 Demultiplexer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AFB6C280-2C41-11D3-8A60-0000F81E0E4A}@CLSID {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{AFB6C280-2C41-11D3-8A60-0000F81E0E4A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B1B77C00-C3E4-11CF-AF79-00AA00B67A42}@FriendlyName DV Video Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B1B77C00-C3E4-11CF-AF79-00AA00B67A42}@CLSID {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B1B77C00-C3E4-11CF-AF79-00AA00B67A42}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}@FriendlyName Indeo? audio software
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}@CLSID {B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B6353564-96C4-11D2-8DDB-006097C9A2B2}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B6353564-96C4-11D2-8DDB-006097C9A2B2}@FriendlyName Windows Media Update Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B6353564-96C4-11D2-8DDB-006097C9A2B2}@CLSID {B6353564-96C4-11D2-8DDB-006097C9A2B2}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B6353564-96C4-11D2-8DDB-006097C9A2B2}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F320-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F320-C401-11D0-A520-000000000000}@FriendlyName ASF DIB Handler
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F320-C401-11D0-A520-000000000000}@CLSID {B9D1F320-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F320-C401-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F321-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F321-C401-11D0-A520-000000000000}@FriendlyName ASF ACM Handler
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F321-C401-11D0-A520-000000000000}@CLSID {B9D1F321-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F321-C401-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F322-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F322-C401-11D0-A520-000000000000}@FriendlyName ASF ICM Handler
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F322-C401-11D0-A520-000000000000}@CLSID {B9D1F322-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F322-C401-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F323-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F323-C401-11D0-A520-000000000000}@FriendlyName ASF URL Handler
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F323-C401-11D0-A520-000000000000}@CLSID {B9D1F323-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F323-C401-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F324-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F324-C401-11D0-A520-000000000000}@FriendlyName ASF JPEG Handler
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F324-C401-11D0-A520-000000000000}@CLSID {B9D1F324-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F324-C401-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F325-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F325-C401-11D0-A520-000000000000}@FriendlyName ASF DJPEG Handler
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F325-C401-11D0-A520-000000000000}@CLSID {B9D1F325-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F325-C401-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F32E-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F32E-C401-11D0-A520-000000000000}@FriendlyName ASF embedded stuff Handler
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F32E-C401-11D0-A520-000000000000}@CLSID {B9D1F32E-C401-11D0-A520-000000000000}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{B9D1F32E-C401-11D0-A520-000000000000}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{BC0D69A8-0923-4EEE-9375-9239F5A38B92}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{BC0D69A8-0923-4EEE-9375-9239F5A38B92}@FriendlyName 9x8Resize
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{BC0D69A8-0923-4EEE-9375-9239F5A38B92}@CLSID {BC0D69A8-0923-4EEE-9375-9239F5A38B92}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{BC0D69A8-0923-4EEE-9375-9239F5A38B92}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{BC7ACB90-622B-11D2-829D-00C04F8EC183}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{BC7ACB90-622B-11D2-829D-00C04F8EC183}@FriendlyName WIA Stream Snapshot Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{BC7ACB90-622B-11D2-829D-00C04F8EC183}@CLSID {BC7ACB90-622B-11D2-829D-00C04F8EC183}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{BC7ACB90-622B-11D2-829D-00C04F8EC183}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C0D076C5-E4C6-4561-8BF4-80DA8DB819D7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C0D076C5-E4C6-4561-8BF4-80DA8DB819D7}@FriendlyName Allocator Fix
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C0D076C5-E4C6-4561-8BF4-80DA8DB819D7}@CLSID {C0D076C5-E4C6-4561-8BF4-80DA8DB819D7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C0D076C5-E4C6-4561-8BF4-80DA8DB819D7}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C1F400A0-3F08-11D3-9F0B-006008039E37}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C1F400A0-3F08-11D3-9F0B-006008039E37}@FriendlyName SampleGrabber
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C1F400A0-3F08-11D3-9F0B-006008039E37}@CLSID {C1F400A0-3F08-11D3-9F0B-006008039E37}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C1F400A0-3F08-11D3-9F0B-006008039E37}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C1F400A4-3F08-11D3-9F0B-006008039E37}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C1F400A4-3F08-11D3-9F0B-006008039E37}@FriendlyName Null Renderer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C1F400A4-3F08-11D3-9F0B-006008039E37}@CLSID {C1F400A4-3F08-11D3-9F0B-006008039E37}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C1F400A4-3F08-11D3-9F0B-006008039E37}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C44C65C7-FDF1-453D-89A5-BCC28F5D69F9}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C44C65C7-FDF1-453D-89A5-BCC28F5D69F9}@FriendlyName WMT Virtual Source
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C44C65C7-FDF1-453D-89A5-BCC28F5D69F9}@CLSID {C44C65C7-FDF1-453D-89A5-BCC28F5D69F9}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C44C65C7-FDF1-453D-89A5-BCC28F5D69F9}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F}@FriendlyName WMT Interlacer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F}@CLSID {C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C9F5FE02-F851-4EB5-99EE-AD602AF1E619}@FriendlyName StreamBufferSource
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C9F5FE02-F851-4EB5-99EE-AD602AF1E619}@CLSID {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{C9F5FE02-F851-4EB5-99EE-AD602AF1E619}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}@FriendlyName Smart Tee
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}@CLSID {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}@FriendlyName Overlay Mixer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}@CLSID {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CD8743A1-3736-11D0-9E69-00C04FD7C15B}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CEF4D40F-ACA5-40BA-8F3B-161A594A1A39}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CEF4D40F-ACA5-40BA-8F3B-161A594A1A39}@FriendlyName RealPlayer Audio Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CEF4D40F-ACA5-40BA-8F3B-161A594A1A39}@CLSID {CEF4D40F-ACA5-40BA-8F3B-161A594A1A39}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CEF4D40F-ACA5-40BA-8F3B-161A594A1A39}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}@FriendlyName AVI Decompressor
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}@CLSID {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CFFB1FC7-270D-4986-B299-FECF3F0E42DB}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CFFB1FC7-270D-4986-B299-FECF3F0E42DB}@FriendlyName Uncompressed Domain Shot Detection Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CFFB1FC7-270D-4986-B299-FECF3F0E42DB}@CLSID {CFFB1FC7-270D-4986-B299-FECF3F0E42DB}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{CFFB1FC7-270D-4986-B299-FECF3F0E42DB}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}@FriendlyName AVI/WAV File Source
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}@CLSID {D3588AB0-0781-11CE-B03A-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D3588AB0-0781-11CE-B03A-0020AF0BA770}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}@FriendlyName QuickTime Movie Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}@CLSID {D51BD5A0-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A0-7548-11CF-A520-0080C77EF58A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}@FriendlyName Wave Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}@CLSID {D51BD5A1-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A1-7548-11CF-A520-0080C77EF58A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}@FriendlyName MIDI Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}@CLSID {D51BD5A2-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A2-7548-11CF-A520-0080C77EF58A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}@FriendlyName Multi-file Parser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}@CLSID {D51BD5A3-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A3-7548-11CF-A520-0080C77EF58A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}@FriendlyName File stream renderer
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}@CLSID {D51BD5A5-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5A5-7548-11CF-A520-0080C77EF58A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5AE-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5AE-7548-11CF-A520-0080C77EF58A}@FriendlyName XML Playlist
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5AE-7548-11CF-A520-0080C77EF58A}@CLSID {D51BD5AE-7548-11CF-A520-0080C77EF58A}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{D51BD5AE-7548-11CF-A520-0080C77EF58A}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111BBD-8282-4923-8B0F-C9C10D28F342}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111BBD-8282-4923-8B0F-C9C10D28F342}@FriendlyName CyberLink Line21 Decoder Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111BBD-8282-4923-8B0F-C9C10D28F342}@CLSID {DE111BBD-8282-4923-8B0F-C9C10D28F342}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111BBD-8282-4923-8B0F-C9C10D28F342}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111E5E-7134-4DF8-9371-BEC7582A60D2}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111E5E-7134-4DF8-9371-BEC7582A60D2}@FriendlyName CyberLink Video/SP Decoder DELL 5.3
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111E5E-7134-4DF8-9371-BEC7582A60D2}@CLSID {DE111E5E-7134-4DF8-9371-BEC7582A60D2}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111E5E-7134-4DF8-9371-BEC7582A60D2}\Capabilities
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE111E5E-7134-4DF8-9371-BEC7582A60D2}\Capabilities@{374ac4df-7c98-4257-b13d-36087dbee458} 1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE113374-2D0B-4D90-93ED-7A4B193560D7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE113374-2D0B-4D90-93ED-7A4B193560D7}@FriendlyName CyberLink AudioCD Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE113374-2D0B-4D90-93ED-7A4B193560D7}@CLSID {DE113374-2D0B-4D90-93ED-7A4B193560D7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE113374-2D0B-4D90-93ED-7A4B193560D7}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE1167CB-C62C-446E-9CBA-EE687DFB4B37}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE1167CB-C62C-446E-9CBA-EE687DFB4B37}@FriendlyName CyberLink TimeStretch Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE1167CB-C62C-446E-9CBA-EE687DFB4B37}@CLSID {DE1167CB-C62C-446E-9CBA-EE687DFB4B37}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE1167CB-C62C-446E-9CBA-EE687DFB4B37}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11A3D0-2858-4F2D-904F-25992F433925}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11A3D0-2858-4F2D-904F-25992F433925}@FriendlyName CyberLink DVD Navigator
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11A3D0-2858-4F2D-904F-25992F433925}@CLSID {DE11A3D0-2858-4F2D-904F-25992F433925}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11A3D0-2858-4F2D-904F-25992F433925}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11F7D8-A61B-460F-954D-3E7BA82AC296}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11F7D8-A61B-460F-954D-3E7BA82AC296}@FriendlyName CyberLink Audio Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11F7D8-A61B-460F-954D-3E7BA82AC296}@CLSID {DE11F7D8-A61B-460F-954D-3E7BA82AC296}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11F7D8-A61B-460F-954D-3E7BA82AC296}\Capabilities
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{DE11F7D8-A61B-460F-954D-3E7BA82AC296}\Capabilities@{374ac4df-7c98-4257-b13d-36087dbee458} 1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E2510970-F137-11CE-8B67-00AA00A3F1A6}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E2510970-F137-11CE-8B67-00AA00A3F1A6}@FriendlyName AVI Mux
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E2510970-F137-11CE-8B67-00AA00A3F1A6}@CLSID {E2510970-F137-11CE-8B67-00AA00A3F1A6}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E2510970-F137-11CE-8B67-00AA00A3F1A6}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}@FriendlyName Line 21 Decoder 2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}@CLSID {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}@FriendlyName File Source (Async.)
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}@CLSID {E436EBB5-524F-11CE-9F53-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E436EBB5-524F-11CE-9F53-0020AF0BA770}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}@FriendlyName File Source (URL)
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}@CLSID {E436EBB6-524F-11CE-9F53-0020AF0BA770}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E476CBFF-E229-4524-B6B7-228A3129D1C7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E476CBFF-E229-4524-B6B7-228A3129D1C7}@FriendlyName WMT DV Extract
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E476CBFF-E229-4524-B6B7-228A3129D1C7}@CLSID {E476CBFF-E229-4524-B6B7-228A3129D1C7}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{E476CBFF-E229-4524-B6B7-228A3129D1C7}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EF105BC3-C064-45F1-AD53-6D8A8578D01B}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EF105BC3-C064-45F1-AD53-6D8A8578D01B}@FriendlyName WMT Switch Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EF105BC3-C064-45F1-AD53-6D8A8578D01B}@CLSID {EF105BC3-C064-45F1-AD53-6D8A8578D01B}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EF105BC3-C064-45F1-AD53-6D8A8578D01B}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EFCA7F80-49ED-11D5-85EB-00A0CCE04913}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EFCA7F80-49ED-11D5-85EB-00A0CCE04913}@FriendlyName Sonic Cinemaster? DS VCD Navigator
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EFCA7F80-49ED-11D5-85EB-00A0CCE04913}@CLSID {EFCA7F80-49ED-11D5-85EB-00A0CCE04913}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EFCA7F80-49ED-11D5-85EB-00A0CCE04913}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C}@FriendlyName WMT Volume
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C}@CLSID {EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{F44BB2D0-F070-463E-9433-B0CCF3CFD627}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{F44BB2D0-F070-463E-9433-B0CCF3CFD627}@FriendlyName Stretch Video
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{F44BB2D0-F070-463E-9433-B0CCF3CFD627}@CLSID {F44BB2D0-F070-463E-9433-B0CCF3CFD627}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{F44BB2D0-F070-463E-9433-B0CCF3CFD627}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{F8388A40-D5BB-11D0-BE5A-0080C706568E}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{F8388A40-D5BB-11D0-BE5A-0080C706568E}@FriendlyName Infinite Pin Tee Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{F8388A40-D5BB-11D0-BE5A-0080C706568E}@CLSID {F8388A40-D5BB-11D0-BE5A-0080C706568E}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{F8388A40-D5BB-11D0-BE5A-0080C706568E}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}@FriendlyName QT Decompressor
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}@CLSID {FDFE9681-74A3-11D0-AFA7-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}@FriendlyName MPEG Video Decoder
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}@CLSID {FEB50740-7BEF-11CE-9BD9-0000E202599C}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Instance\{FEB50740-7BEF-11CE-9BD9-0000E202599C}@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B05324BB-0A95-9FF9-C4D1-C9C1624F83E0}\InProcServer32@ C:\WINDOWS\system32\wmpencen.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B05324BB-0A95-9FF9-C4D1-C9C1624F83E0}\InProcServer32@ThreadingModel Both

---- EOF - GMER 1.0.15 ----

seafoodshanty · 2010/10/31

Step 3

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7B12000 \WINDOWS\system32\KDCOM.DLL
0xF7A22000 \WINDOWS\system32\BOOTVID.dll
0xF7612000 umht.sys
0xF74E3000 ACPI.sys
0xF7B14000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74D2000 pci.sys
0xF7622000 isapnp.sys
0xF7BDA000 pciide.sys
0xF7892000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7632000 MountMgr.sys
0xF74B3000 ftdisk.sys
0xF789A000 PartMgr.sys
0xF7642000 VolSnap.sys
0xF749B000 atapi.sys
0xF73C6000 iastor.sys
0xF7652000 disk.sys
0xF7662000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73A6000 fltmgr.sys
0xF7394000 sr.sys
0xF78A2000 PxHelp20.sys
0xF737D000 KSecDD.sys
0xF72F0000 Ntfs.sys
0xF72C3000 NDIS.sys
0xF72A9000 Mup.sys
0xF7692000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5DBD000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5DA9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5D81000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79E2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5D5D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79EA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76A2000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xF5D3A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5C13000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xF5B7E000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF79FA000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF7A02000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5B58000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF76C2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7A0A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7C77000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF65B1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5B41000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7702000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A12000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5B30000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7712000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78B2000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78C2000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF7722000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78CA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78D2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B54000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5AD2000 \SystemRoot\system32\DRIVERS\update.sys
0xF65A5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF78DA000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7732000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEDA86000 \SystemRoot\system32\drivers\sthda.sys
0xEDA62000 \SystemRoot\system32\drivers\portcls.sys
0xF7762000 \SystemRoot\system32\drivers\drmk.sys
0xF7AF6000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF5EA8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B62000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7AD6000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B96000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C50000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B98000 \SystemRoot\System32\Drivers\Beep.SYS
0xEB9CF000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xF799A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79A2000 \SystemRoot\System32\drivers\vga.sys
0xF7B9A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B9C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79AA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79B2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEDA5A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEB94C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEB8F3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEB8A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6B39000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEB87D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEB864000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xEB842000 \SystemRoot\System32\drivers\afd.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEB817000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEB7A7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7802000 \SystemRoot\System32\Drivers\Fips.SYS
0xED36F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77F2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB82E1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7AD2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xEDA5E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB82D9000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB82D1000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB1A0F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB133D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB18D1000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB1A0B000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB1891000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB12F3000 \SystemRoot\System32\drivers\Dxapi.sys
0xB0916000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D38000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04A000 \SystemRoot\System32\ati2cqag.dll
0xBF084000 \SystemRoot\System32\ati3duag.dll
0xBF2A7000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAF1DA000 \SystemRoot\system32\DRIVERS\eamon.sys
0xB3118000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF7962000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xF796A000 \SystemRoot\system32\DRIVERS\purendis.sys
0xAF175000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0D9B000 \SystemRoot\system32\drivers\sysaudio.sys
0xAEF6F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAEE16000 \SystemRoot\System32\Drivers\HTTP.sys
0xAEBDE000 \SystemRoot\system32\DRIVERS\srv.sys
0xB5A21000 \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
0xAD5A6000 \??\C:\DOCUME~1\admin\LOCALS~1\Temp\uxldrfow.sys
0xAD4B7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAD48C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
636 C:\WINDOWS\system32\smss.exe
684 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
948 C:\WINDOWS\system32\ati2evxx.exe
964 C:\WINDOWS\system32\svchost.exe
1012 svchost.exe
1108 C:\WINDOWS\system32\svchost.exe
1212 svchost.exe
1300 C:\WINDOWS\system32\svchost.exe
1416 svchost.exe
1452 C:\WINDOWS\system32\svchost.exe
1608 C:\WINDOWS\system32\spoolsv.exe
1992 C:\WINDOWS\explorer.exe
2044 svchost.exe
212 msdtc.exe
284 alg.exe
296 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
324 aspnet_state.exe
436 C:\Program Files\Bonjour\mDNSResponder.exe
460 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
516 C:\WINDOWS\system32\dllhost.exe
1068 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1340 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
1508 C:\WINDOWS\system32\svchost.exe
1460 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
1732 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
1752 C:\WINDOWS\system32\imapi.exe
916 C:\Program Files\Java\jre6\bin\jqs.exe
1820 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
1836 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1920 C:\WINDOWS\system32\HPZipm12.exe
2268 locator.exe
2460 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2504 C:\WINDOWS\system32\svchost.exe
2884 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2956 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3068 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3368 wmpnetwk.exe
3944 C:\WINDOWS\stsystra.exe
4032 C:\WINDOWS\StartupMonitor.exe
2132 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2560 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
2704 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2708 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2968 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
3192 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
3216 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3388 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
3380 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
3668 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3692 C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
3800 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
3876 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
4088 C:\Program Files\QuickTime\QTTask.exe
824 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2276 C:\Program Files\Dell Support\DSAgnt.exe
2488 C:\WINDOWS\system32\ctfmon.exe
2632 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
836 C:\WINDOWS\system32\java.exe
4008 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2880 C:\Program Files\Internet Explorer\iexplore.exe
1988 C:\Program Files\Internet Explorer\iexplore.exe
4500 C:\WINDOWS\system32\vssvc.exe
4544 C:\WINDOWS\system32\dllhost.exe
4396 C:\WINDOWS\system32\wuauclt.exe
5776 C:\Program Files\Internet Explorer\iexplore.exe
3768 C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\THXSV90H\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JS-75MHB0, Rev: 03.01C03

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365

Done!

Thanks for your help.

broni · 2010/10/31

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

seafoodshanty · 2010/11/01

Tdsskiller report

2010/11/01 12:11:07.0203 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/01 12:11:07.0203 ================================================================================
2010/11/01 12:11:07.0203 SystemInfo:
2010/11/01 12:11:07.0203
2010/11/01 12:11:07.0203 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/01 12:11:07.0203 Product type: Workstation
2010/11/01 12:11:07.0203 ComputerName: BACKOFHOUSE
2010/11/01 12:11:07.0203 UserName: admin
2010/11/01 12:11:07.0203 Windows directory: C:\WINDOWS
2010/11/01 12:11:07.0203 System windows directory: C:\WINDOWS
2010/11/01 12:11:07.0203 Processor architecture: Intel x86
2010/11/01 12:11:07.0203 Number of processors: 2
2010/11/01 12:11:07.0203 Page size: 0x1000
2010/11/01 12:11:07.0203 Boot type: Normal boot
2010/11/01 12:11:07.0203 ================================================================================
2010/11/01 12:11:07.0656 Initialize success
2010/11/01 12:11:15.0546 ================================================================================
2010/11/01 12:11:15.0546 Scan started
2010/11/01 12:11:15.0546 Mode: Manual;
2010/11/01 12:11:15.0546 ================================================================================
2010/11/01 12:11:15.0875 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/01 12:11:16.0656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/01 12:11:16.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/01 12:11:17.0125 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/01 12:11:17.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/01 12:11:17.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/01 12:11:17.0531 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/01 12:11:17.0687 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/01 12:11:17.0859 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/01 12:11:17.0953 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/01 12:11:18.0109 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/01 12:11:18.0296 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/01 12:11:18.0468 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/01 12:11:18.0640 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/01 12:11:18.0875 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/01 12:11:19.0015 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/01 12:11:19.0187 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/01 12:11:19.0265 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/01 12:11:19.0437 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/01 12:11:19.0625 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/01 12:11:19.0828 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/01 12:11:19.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/01 12:11:20.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/01 12:11:20.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/01 12:11:20.0671 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/01 12:11:20.0843 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/01 12:11:21.0046 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/01 12:11:21.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/01 12:11:21.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/01 12:11:21.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/01 12:11:21.0781 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/01 12:11:21.0968 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/01 12:11:22.0171 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/01 12:11:22.0328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/01 12:11:22.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/01 12:11:22.0687 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/01 12:11:22.0953 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/01 12:11:23.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/01 12:11:23.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/01 12:11:23.0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/01 12:11:23.0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/01 12:11:23.0906 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2010/11/01 12:11:23.0921 DSproct - detected Unsigned file (1)
2010/11/01 12:11:24.0015 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/01 12:11:24.0156 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/11/01 12:11:24.0312 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/11/01 12:11:24.0343 epfwtdir (4699a50183b792d994be657c68f18e9e) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/11/01 12:11:24.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/01 12:11:24.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/01 12:11:24.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/01 12:11:24.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/01 12:11:25.0140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/01 12:11:25.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/01 12:11:25.0453 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/01 12:11:25.0656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/01 12:11:25.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/01 12:11:25.0875 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/01 12:11:26.0062 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/01 12:11:26.0250 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/01 12:11:26.0421 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/01 12:11:26.0500 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/01 12:11:26.0593 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/01 12:11:26.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/01 12:11:26.0781 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/01 12:11:26.0968 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/01 12:11:27.0140 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/01 12:11:27.0359 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
2010/11/01 12:11:27.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/01 12:11:27.0703 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/01 12:11:27.0921 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2010/11/01 12:11:28.0171 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2010/11/01 12:11:28.0250 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2010/11/01 12:11:28.0359 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/01 12:11:28.0515 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/01 12:11:28.0687 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/01 12:11:28.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/01 12:11:29.0078 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/01 12:11:29.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/01 12:11:29.0406 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/01 12:11:29.0562 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/01 12:11:29.0687 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/01 12:11:29.0859 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/01 12:11:30.0031 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/01 12:11:30.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/01 12:11:30.0343 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/01 12:11:30.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/01 12:11:30.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/01 12:11:30.0859 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/01 12:11:31.0062 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2010/11/01 12:11:31.0109 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/01 12:11:31.0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/01 12:11:31.0453 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/01 12:11:31.0625 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/01 12:11:31.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/01 12:11:32.0000 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/01 12:11:32.0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/01 12:11:32.0296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/01 12:11:32.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/01 12:11:32.0625 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/01 12:11:32.0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/01 12:11:32.0968 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/01 12:11:33.0140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/01 12:11:33.0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/01 12:11:33.0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/01 12:11:33.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/01 12:11:33.0890 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/01 12:11:34.0031 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/01 12:11:34.0218 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/01 12:11:34.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/01 12:11:34.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/01 12:11:34.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/01 12:11:35.0062 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/01 12:11:35.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/01 12:11:35.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/01 12:11:35.0718 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/01 12:11:35.0750 omci - detected Unsigned file (1)
2010/11/01 12:11:35.0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/01 12:11:35.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/01 12:11:36.0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/01 12:11:36.0312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/01 12:11:36.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/01 12:11:36.0625 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/01 12:11:36.0843 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/01 12:11:37.0000 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/01 12:11:37.0234 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2010/11/01 12:11:37.0281 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/01 12:11:37.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/01 12:11:37.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/01 12:11:37.0750 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
2010/11/01 12:11:37.0828 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/01 12:11:37.0843 PxHelp20 - detected Unsigned file (1)
2010/11/01 12:11:37.0953 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/01 12:11:38.0109 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/01 12:11:38.0265 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/01 12:11:38.0390 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/01 12:11:38.0546 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/01 12:11:38.0687 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/01 12:11:38.0890 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/01 12:11:39.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/01 12:11:39.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/01 12:11:39.0421 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/01 12:11:39.0562 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/01 12:11:39.0734 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/01 12:11:39.0890 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/01 12:11:40.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/01 12:11:40.0296 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2010/11/01 12:11:40.0343 SDDMI2 - detected Unsigned file (1)
2010/11/01 12:11:40.0390 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/01 12:11:40.0500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/01 12:11:40.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/01 12:11:40.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/01 12:11:41.0125 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/01 12:11:41.0296 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/01 12:11:41.0468 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/01 12:11:41.0562 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/01 12:11:41.0718 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/01 12:11:41.0890 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/01 12:11:42.0109 STHDA (6b14c6e98f752ebbab24a4e0bd0f3a24) C:\WINDOWS\system32\drivers\sthda.sys
2010/11/01 12:11:42.0203 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/11/01 12:11:42.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/01 12:11:42.0531 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/01 12:11:42.0703 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/01 12:11:42.0843 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/01 12:11:42.0968 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/01 12:11:43.0125 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/01 12:11:43.0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/01 12:11:43.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/01 12:11:43.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/01 12:11:43.0843 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/01 12:11:44.0031 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/01 12:11:44.0234 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/01 12:11:44.0437 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/01 12:11:44.0609 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/01 12:11:44.0734 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/01 12:11:44.0953 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/01 12:11:45.0046 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/01 12:11:45.0234 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/01 12:11:45.0406 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/01 12:11:45.0546 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/01 12:11:45.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/01 12:11:45.0875 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/01 12:11:46.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/01 12:11:46.0203 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/01 12:11:46.0343 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/01 12:11:46.0515 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/01 12:11:46.0671 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/01 12:11:46.0859 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/01 12:11:47.0109 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/01 12:11:47.0187 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/01 12:11:47.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/01 12:11:47.0515 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/01 12:11:47.0593 ================================================================================
2010/11/01 12:11:47.0593 Scan finished
2010/11/01 12:11:47.0593 ================================================================================
2010/11/01 12:11:47.0703 Detected object count: 4
2010/11/01 12:12:25.0484 Unsigned file(DSproct) - User select action: Skip
2010/11/01 12:12:25.0484 Unsigned file(omci) - User select action: Skip
2010/11/01 12:12:25.0484 Unsigned file(PxHelp20) - User select action: Skip
2010/11/01 12:12:25.0484 Unsigned file(SDDMI2) - User select action: Skip

broni · 2010/11/01

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

seafoodshanty · 2010/11/02

Combofix results

ComboFix 10-11-01.05 - admin 11/02/2010 9:24.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.439 [GMT -4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-10-31 12:42 . 2010-10-31 12:42 -------- d-----w- c:\documents and settings\FRANK\Application Data\Apple Computer
2010-10-30 13:46 . 2010-10-30 13:46 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2010-10-30 13:46 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 13:46 . 2010-10-30 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-30 13:46 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 13:46 . 2010-10-30 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 13:52 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-13 18:22 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 18:22 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 18:22 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 18:22 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 06:29 . 2007-05-16 14:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 17:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 17:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 17:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-08-21 18:35 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 13:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 17:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 17:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-06 15:44 . 2010-06-14 19:39 17408 ----a-w- C:\psapi.dll
2010-08-01 12:52 . 2009-05-24 13:21 4364032 ----a-w- c:\program files\Common Files\lpuninstall.exe
2008-10-17 13:21 . 2008-10-17 13:21 709632 ----a-w- c:\program files\posteriza.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp "= "stsystra.exe" [2005-03-23 339968]
"Run StartupMonitor "= "StartupMonitor.exe" [2000-05-20 86016]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"LELA "= "c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth "= "c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-07 202256]
"Carbonite Backup "= "c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2009-5-24 4364032]

c:\documents and settings\FRANK\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe [2008-3-18 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 13:50 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe "=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\SysInspector.exe "=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\SysRescue.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\EarthBrowser\\EarthBrowser.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Dual codec internet relative software\\J2000D_IRS.exe "=
"c:\\Program Files\\VideoViewer\\VideoViewer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP "= 443:TCP:SSL
"67:UDP "= 67:UDPHCP Discovery Service
"8000:TCP "= 8000:TCP:Security System

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-08-23 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]

2010-11-02 c:\windows\Tasks\ESET NOD32 Antivirus.job
- c:\progra~1\ESET\ESETNO~1\egui.exe [2009-05-14 19:47]

2010-11-01 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-11-01 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

2010-08-23 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-11-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2250409715-1330009-3737622282-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250409715-1330009-3737622282-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-11-02 c:\windows\Tasks\User_Feed_Synchronization-{B8F9C4A1-A141-408C-B5F1-27E6B7E92BDD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: eset.com\www
Trusted Zone: eset.eu\www
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 09:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-02 09:48:23
ComboFix-quarantined-files.txt 2010-11-02 13:48
ComboFix2.txt 2009-06-25 13:26

Pre-Run: 127,759,433,728 bytes free
Post-Run: 128,472,137,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 65934597CF346335EEE31B36E21F586D

broni · 2010/11/02

Not much showing, so far.

Please download Rootkit Unhooker . Save it to your desktop.

Now double-click on RKUnhookerLE.exe to run it.

Click the Report tab, then click Scan.

Checkmark Drivers, Stealth. Uncheck the rest. Click OK.

Wait till the scanner has finished and then click File, Save Report.

Save the report to some known location. Click Close.

Copy the entire content of the report and paste it in a reply here.

Note. You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay? "

seafoodshanty · 2010/11/04

Next report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF084000 C:\WINDOWS\System32\ati3duag.dll 2240512 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5FC5000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xF616F000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 897024 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF73C6000 iastor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xADC74000 C:\WINDOWS\system32\DRIVERS\eamon.sys 770048 bytes (ESET, Amon monitor)
0xF5F30000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xF72F0000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF2A7000 C:\WINDOWS\System32\ativvaxx.dll 479232 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xEBAAB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5E84000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEBBF7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAD9F6000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xADAC6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF04A000 C:\WINDOWS\System32\ati2cqag.dll 237568 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 229376 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF74E3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xADBF7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72C3000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEDAFB000 C:\WINDOWS\system32\drivers\sthda.sys 180224 bytes (SigmaTel, Inc., NDRC)
0xAC371000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEBB1B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6133000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEBBCF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF5F0A000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xEBBA9000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEDAD7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF610F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF60EC000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEBB46000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73A6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74B3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEBC83000 C:\WINDOWS\system32\DRIVERS\ehdrv.sys 118784 bytes (ESET, ESET Helper driver)
0xF72A9000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEBB90000 C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 102400 bytes (ESET, ESET Antivirus Network Redirector)
0xF749B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF737D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5EF3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAD491000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF615B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEBC50000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7394000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74D2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5EE2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAFE63000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7772000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76B2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7762000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xF7792000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAD5E6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76D2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7652000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAFEA3000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF77A2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7632000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF77C2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xEDAC7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7622000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77B2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7612000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77F2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77E2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7642000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB664C000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF624A000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF77D2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF625A000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAC5EC000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF626A000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xECD56000 C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys 32768 bytes
0xF79F2000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79D2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEB944000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF79E2000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF79BA000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7892000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xAFF6B000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xAFF5B000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF79FA000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xAFF63000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF78B2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xECD46000 C:\DOCUME~1\admin\LOCALS~1\Temp\mbr.sys 24576 bytes
0xF79EA000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF78C2000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF79DA000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79C2000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7A1A000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xF79CA000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78CA000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF789A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF795A000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Pure Networks, Inc., Address Resolution Protocol Driver)
0xF7A0A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7962000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Pure Networks, Inc., NDIS Relay Driver)
0xF78A2000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7A12000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7A02000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAF26A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB04D2000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xED4C0000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7265000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7AE2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB1B4F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB04D6000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7A22000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAFB7A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xED4CC000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6CAC000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xED4BC000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6CA0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF5DD2000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7BAA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB5740000 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 8192 bytes (GTek Technologies Ltd., Process Trigger Driver)
0xF7BA8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B12000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BAC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B4C000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF7BAE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B64000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B72000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B14000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C8D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D5F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C6E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BDA000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x03480000 Hidden Image-->LelaNetworkLib.dll [ EPROCESS 0x86170778 ] PID: 3824, 159744 bytes
0x05980000 Hidden Image-->LelaServices.dll [ EPROCESS 0x86170778 ] PID: 3824, 159744 bytes
0x8635CF53 Unknown page with executable code, 173 bytes
0x04DE0000 Hidden Image-->LelaNetwork.dll [ EPROCESS 0x86170778 ] PID: 3824, 208896 bytes
0x03D30000 Hidden Image-->Linksys EasyLink Advisor.resources.dll [ EPROCESS 0x86170778 ] PID: 3824, 2297856 bytes
0x03950000 Hidden Image-->LelaResource.dll [ EPROCESS 0x86170778 ] PID: 3824, 241664 bytes
0x03040000 Hidden Image-->log4net.dll [ EPROCESS 0x86170778 ] PID: 3824, 249856 bytes
0x034F0000 Hidden Image-->Interop.NetworkCore.dll [ EPROCESS 0x86170778 ] PID: 3824, 249856 bytes
0x04560000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x8685B8F0 ] PID: 2340, 28672 bytes
0x04EC0000 Hidden Image-->LelaNetwork.resources.dll [ EPROCESS 0x86170778 ] PID: 3824, 356352 bytes
0x863E8E44 Unknown page with executable code, 444 bytes
0x04440000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x8685B8F0 ] PID: 2340, 45056 bytes
0x863F0D66 Unknown page with executable code, 666 bytes
0x04680000 Hidden Image-->LelaResource.resources.dll [ EPROCESS 0x86170778 ] PID: 3824, 7393280 bytes
0x02E00000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x8685B8F0 ] PID: 2340, 77824 bytes

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

broni · 2010/11/04

Please download [color= "#CC0000"]The Avenger[/color] by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select Extract All...
- Follow the prompts and extract the avenger folder to your desktop

Double click on avenger.exe.
Click OK in pop-up window.

Avenger window will open.

Click on Execute button.
Click OK in two consecutive pop-up windows.

Your computer will re-boot now.

Upon re-boot, Notepad window will open.
Select all text, copy it, and paste it into next reply.

NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.

seafoodshanty · 2010/11/05

Avenger results

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

broni · 2010/11/05

It looks clean, but let's try another tool...

Download RootRepeal.zip (Mirror1, Mirror2) and unzip it to your Desktop.

Double click RootRepeal.exe to start the program

Click on the Report tab at the bottom of the program window

Click the Scan button

In the Select Scan dialog, check:

[*]Drivers
[*]Files
[*]Processes
[*]SSDT
[*]Stealth Objects
[*]Hidden Services

Click the OK button

In the next dialog, select all drives showing

Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running

When the scan is complete, the Save Report button will become available

Click this and save the report to your Desktop as RootRepeal.txt

Go to File, then Exit to close the program

Open RootRepeal.txt file with Notepad, copy, and paste all content into your next reply.

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

seafoodshanty · 2010/11/06

Rootrepeal

I may have done this incorrectly. It only took about 10 seconds to complete.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/06 08:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF0BA000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8635e580

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8635f100

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8635eb30

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8635dcc0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8635dfc0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8635e9c0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8635e860

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8635e6e0

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "<unknown>" at address 0x8635b700

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8635e420

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8635e2c0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8635de50

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8635e150

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8635ef50

==EOF==

broni · 2010/11/06

You did just fine

How is computer doing at the moment?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

seafoodshanty · 2010/11/06

Root Repeal

I reran the program and here are the results:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/06 08:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAFB2E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\admin\local settings\temp\~df10f1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\admin\local settings\temp\~df2283.tmp
Status: Allocation size mismatch (API: 65536, Raw: 16384)

Path: c:\documents and settings\office\local settings\temp\~df9c68.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\office\local settings\temp\~dfda29.tmp
Status: Allocation size mismatch (API: 28672, Raw: 16384)

Path: c:\documents and settings\office\local settings\temp\~df1784.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\office\local settings\temp\~df9fd1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\office\local settings\temp\~df26b5.tmp
Status: Allocation size mismatch (API: 32768, Raw: 16384)

Path: c:\documents and settings\office\local settings\temp\~dfc95c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\all users\application data\pure networks\log\logfile.nmsrvc_exe.txt
Status: Size mismatch (API: 54182, Raw: 53592)

Path: C:\Documents and Settings\Office\Local Settings\Apps\2.0\0W6Z8C3O.XHY\XDW5OZYP.KV1\manifests\interop.NetworkCore.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Office\Local Settings\Apps\2.0\0W6Z8C3O.XHY\XDW5OZYP.KV1\manifests\interop.NetworkCore.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Office\Local Settings\Apps\2.0\0W6Z8C3O.XHY\XDW5OZYP.KV1\manifests\Linksys EasyLink Advisor.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Office\Local Settings\Apps\2.0\0W6Z8C3O.XHY\XDW5OZYP.KV1\manifests\Linksys EasyLink Advisor.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8635e580

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8635f100

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8635eb30

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8635dcc0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8635dfc0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8635e9c0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8635e860

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8635e6e0

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "<unknown>" at address 0x8635b700

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8635e420

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8635e2c0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8635de50

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8635e150

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8635ef50

Log in or Sign up

Solved XP running very slowly

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

seafoodshanty Inactive Thread Starter

seafoodshanty Inactive Thread Starter

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

Share This Page

Log in or Sign up

Solved XP running very slowly

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

seafoodshanty Inactive Thread Starter

seafoodshanty Inactive Thread Starter

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

broni Moderator Malware Analyst

seafoodshanty Inactive Thread Starter

Share This Page

Useful Searches