Solved Need help fixing PC performance malware

Status
Not open for further replies.
Hi Bobbye, I changed the cookie settings and downloaded the adblock. I think my system is running ok, I haven't noticed anything else unusual so thank you very much for your help! You mentioned in one of the earlier posts that I have many things running at startup that are unnecessary. Is there a resource where I can find what I need to remove or any tips? I've tried looking through it, but it's way over my head. I am so grateful for your help removing the malware. Thank you so much!
 
I'm glad to have helped. About stopping unnecessary processes from starting on boot and running in the background: Basically there are 3 parts to this:

Stopping unnecessary startups
1. Unchecking on Startup using the msconfig utility.
2. Disabling Active X objects
3. Changing Startup type for Services

What you should know:
1. Basically every program you install is going to put itself on the Startup menu.
2. Any Service for #1 will set to Automatic Startup type.

What you need to start on boot and run in the background:
1. The antivirus program
2. The firewall is you use a 3rd party firewall like Zone Alarm or Comodo
3. The touchpad process if on a laptop
4. Network process if you use a program like NetworkMagic/Pure Networks/Cisco
---------------------------------------------------
Nothing else!
-------------------------------------------------
Printers, scanners, cameras, media players, burning software can all be started when needed. They do not need to run in the background.
=================================================
Use Autoruns to find the Startups:

Please download Autoruns from HERE

  1. [1]. Extract the Autoruns Zip file contents to your Desktop.
    (Right click and choose Extract All)
    [2]. Double-click the "Autoruns.exe".
    [3]. Click on the "Everything" tab
    [4]. Remove any entries that mention "File Not Found" by right-clicking the entry and select Delete.
    [5]. Go to File then to Export As.
    [6]. Save AutoRuns.txt file to know location.
    [7]. Paste into to your next reply

When I see this list, I will give you instructions for using msconfig, stopping addons and resetting Services.
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "avgnt" "Avira System Tray Tool" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avgnt.exe"
+ "CognizanceTS" "Terminal Services Virtual Channel Client" "Cognizance Corporation" "c:\program files\bioscrypt\verisoft\bin\astsvcc.dll"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HP Health Check Scheduler" "HP Health Check Scheduler" "Hewlett-Packard" "c:\program files\hewlett-packard\hp health check\hphc_scheduler.exe"
+ "HP Software Update" "Hewlett-Packard Product Assistant" "Hewlett-Packard Co." "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "hpWirelessAssistant" "HPWAMain Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp wireless assistant\hpwamain.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files\intel\intel(r) rapid storage technology\iastoricon.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QlbCtrl.exe" "Quick Launch Buttons" " Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe"
+ "QPService" "HP QuickPlay Resident Program" "CyberLink Corp." "c:\program files\hp\quickplay\qpservice.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe"
+ "SMSERIAL" "SM56 Modem Helper" "Motorola Inc." "c:\program files\motorola\smserial\sm56hlpr.exe"
+ "SunJavaUpdateSched" "Java(TM) Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "Launcher" "Launcher" "soft thinks" "c:\windows\sminst\launcher.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
"C:\Users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote Table Of Contents.onetoc2" "" "" "c:\users\fran\appdata\roaming\microsoft\windows\start menu\programs\startup\onenote table of contents.onetoc2"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "VeriSoft Access Manager" "SSO IE Listener" "Bioscrypt Inc." "c:\program files\bioscrypt\verisoft\bin\itieaddin.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\HP Health Check" "HP Health Check Scheduler" "Hewlett-Packard" "c:\program files\hewlett-packard\hp health check\hphc_scheduler.exe"
+ "\HPCeeScheduleForfran" "CEEment" "Hewlett-Packard" "c:\program files\hewlett-packard\sdp\ceement\hpcee.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Signature Update" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\WindowsCalendar\Reminders - fran" "Windows Calendar" "Microsoft Corporation" "c:\program files\windows calendar\wincal.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\{19D3C86D-A31C-4D15-8DB2-CAAE4850A45D}" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe"
+ "\{D1A8B13F-176E-4886-A27B-F255C35E60FB}" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avguard.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "ASBroker" "VeriSoft client integration service." "Cognizance Corporation" "c:\program files\bioscrypt\verisoft\bin\aswlnpkg.dll"
+ "ASChannel" "Provides local VeriSoft desktop server functionality." "Cognizance Corporation" "c:\program files\bioscrypt\verisoft\bin\aschnl.dll"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Com4QLBEx" "Com for QLB application" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp quick launch buttons\com4qlbex.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files\wildtangent games\app\gamesappservice.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "HP Health Check Service" "HP Health Check Service" "Hewlett-Packard" "c:\program files\hewlett-packard\hp health check\hphc_service.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\shared\hpqwmiex.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "QPCapSvc" "Provides background buffering, recording and burning functionality for QuickPlay Capturing" "" "c:\program files\hp\quickplay\kernel\tv\qpcapsvc.exe"
+ "QPSched" "Enables a user to configure and schedule a automated task for QuickPlay Scheduling" "" "c:\program files\hp\quickplay\kernel\tv\qpsched.exe"
+ "RoxMediaDB9" "Roxio RoxMediaDB9 Service" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files\spybot - search & destroy\sdwinsec.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "avgntflt" "Avira mini-filter driver" "Avira GmbH" "c:\windows\system32\drivers\avgntflt.sys"
+ "avipbb" "Avira Security Enhancement Driver" "Avira GmbH" "c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr" "Avira Manager Driver" "Avira GmbH" "c:\windows\system32\drivers\avkmgr.sys"
+ "BCM43XV" "BCM 802.11g Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "E100B" "Intel(R) PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "E1G60" "Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HBtnKey" "HP Tablet PC Key Button HID Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\cpqbttn.sys"
+ "HpqKbFiltr" "HpqKbFiltr Keyboard Filter Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\hpqkbfiltr.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys"
+ "ialm" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x86" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "IntcAzAudAddService" "Realtek(r) High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "NETw3v32" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\netw3v32.sys"
+ "NETw4v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw4v32.sys"
+ "NETw5v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v32.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "rimmptsk" "RICOH SD Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "RTL8169" "Realtek 8101E/8168/8169 NDIS6 32-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rtlh86.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smserial" "Motorola SM56 Modem WDM Driver" "Motorola Inc." "c:\windows\system32\drivers\smserial.sys"
+ "ssmdrv" "Avira Snapshot Driver" "Avira GmbH" "c:\windows\system32\drivers\ssmdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CL Dvb Subtitle Decoder" "CLDvbSub" "CyberLink_DE" "c:\program files\hp\quickplay\kernel\tv\pcmrdvbsub.ax"
+ "CL_EVRWindow" "CLEvr" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrevr.dll"
+ "CyberLink ATSC Parental Control" "Null-In-Place Filter (Sample)" "Microsoft Corporation" "c:\program files\hp\quickplay\kernel\tv\pcmratscparentalcontrol.ax"
+ "CyberLink Audio Decoder (HomeNetwork)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\dmp\claud.ax"
+ "CyberLink Audio Decoder (QP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\hp\quickplay\kernel\tv\pcmraudfx.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\hp\quickplay\kernel\karaoke\claudfx.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmraunrwrapper.ax"
+ "CyberLink Audio Spectrum Analyzer (HomeNetwork)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\dmp\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD (CD+G) Filter" "CyberLink AudioCD (CD+G) Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\karaoke\claudiocd.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claudiocd.ax"
+ "CyberLink CD+G Decoder" "CyberLink CD+G Decoder" "" "c:\program files\hp\quickplay\kernel\karaoke\clcdgdecoder.ax"
+ "CyberLink CD+G Source" "CyberLink CD+G Source Filter" "" "c:\program files\hp\quickplay\kernel\karaoke\clcdgsource.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrdemuxer.ax"
+ "CyberLink Demultiplexer(NoneScramble)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\dmp\cldemuxer.ax"
+ "CyberLink DVD Navigator (QP3)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clnavx.ax"
+ "CyberLink EPG Decoder" "EPGDec" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrepgdec.ax"
+ "CyberLink File Map Sink" "CyberLink File Map Sink" "Cyberlink Corporation." "c:\program files\hp\quickplay\kernel\tv\pcmrfmsnk.ax"
+ "CyberLink File Map Source" "CyberLink File Map Source" "CyberLink File Map Source" "c:\program files\hp\quickplay\kernel\tv\pcmrfmsrc.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrline21.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrdtvcc.ax"
+ "CyberLink Line21 Decoder Filter (QP)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clline21.ax"
+ "CyberLink MP3 Wrapper-PCM" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrmp3wrap.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clsplter.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\clsplter.ax"
+ "CyberLink MPEG Splitter(Scramble)" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\dmp\clsplter.ax"
+ "CyberLink MPEGV Analyzer" "CLMPEGAnalysis" "CyberLink" "c:\program files\hp\quickplay\kernel\tv\pcmrmpegvanalyzer.ax"
+ "CyberLink Pipe Switch" "CyberLink Pipe Switch" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrpipswch.ax"
+ "CyberLink PTS Regulator" "CyberLink PTS Regulator " "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmptsreg.ax"
+ "CyberLink Push-Mode CLStream" "CLStream" "CyberLink" "c:\program files\hp\quickplay\kernel\dmp\clstream(pushmode).ax"
+ "CyberLink SBE Filter" "CLSBE" "CyberLink" "c:\program files\hp\quickplay\kernel\tv\pcmrsbe.ax"
+ "CyberLink SBE Source Filter" "CLSBESrc" "CyberLink" "c:\program files\hp\quickplay\kernel\tv\pcmrsbesrc.ax"
+ "Cyberlink Streamming Filter" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\dmp\clstream.ax"
+ "CyberLink Teletext Decoder Filter" "Teletext Renderer Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrttxdec.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clauts.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrauts.ax"
+ "Cyberlink TS Filter Filter" "TSFF" "Cyberlink" "c:\program files\hp\quickplay\kernel\tv\pcmrtsff.ax"
+ "Cyberlink TS Information" "CLTSInfo" "Cyberlink" "c:\program files\hp\quickplay\kernel\tv\pcmrtsinfo.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\hp\quickplay\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\dmp\clvsd.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clvsd.ax"
+ "CyberLink WMV/WMA Demultiplexer" "WMV/WMA Demux" "CyberLink" "c:\program files\hp\quickplay\kernel\dmp\clwmfdemux.ax"
+ "CyberLink XDS Codec" "CyberLink XDS Codec" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrxdscodec.ax"
+ "DivX Decoder Filter" "DivX (TM) Decoder Filter" "DivXNetworks, Inc." "c:\windows\system32\divxdec.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "HP VTK Frame Grabber Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK MPEG-1 Encoder" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Resize Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Rotate Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "KsProperty Interface Null" "Null-In-Place Filter (Sample)" "Microsoft Corporation" "c:\program files\hp\quickplay\kernel\tv\pcmrkspropertynull.ax"
+ "LVMWriter" "LVMWriter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\lvmwriter.ax"
+ "MainConcept (Sonic) DV Video Decoder" "DirectShow DV Video Encoder and Decoder" "MainConcept AG (Sonic)" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\sonicmcdsdv.ax"
+ "MainConcept (Sonic) DV Video Encoder" "DirectShow DV Video Encoder and Decoder" "MainConcept AG (Sonic)" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\sonicmcdsdv.ax"
+ "Media Analyser" "analyse Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\mediaanalyser.ax"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "PSI Parser" "" "" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\psiparser.ax"
+ "QuickPlay Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmraudx.ax"
+ "QuickPlay Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmraudenc.ax"
+ "QuickPlay Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmraursmpl.ax"
+ "QuickPlay Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\cldemuxer.ax"
+ "QuickPlay Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrdump.ax"
+ "QuickPlay MPEG Muxer" "MpgMux" "CyberLink" "c:\program files\hp\quickplay\kernel\tv\pcmrmpgmux.ax"
+ "QuickPlay MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files\hp\quickplay\kernel\tv\pcmrmpgvenc.ax"
+ "QuickPlay MPEG Video Encoder 2" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files\hp\quickplay\kernel\tv\pcmrmpgvenc2.ax"
+ "QuickPlay MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrm2splter.ax"
+ "QuickPlay SnapShotTIP Filter" "CLSShot" "CyberLink" "c:\program files\hp\quickplay\kernel\tv\pcmrsshot.ax"
+ "QuickPlay Video Effect" "CLVidFx" "CyberLink" "c:\program files\hp\quickplay\kernel\tv\pcmrvidfx.ax"
+ "QuickPlay Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files\hp\quickplay\kernel\tv\pcmrresample.ax"
+ "QuickPlay Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\tv\pcmrvsd80.ax"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ReTimeStamp Filter" "Direct Show Filter" "Empia Technology Inc." "c:\program files\hp\quickplay\kernel\tv\retimestamp.ax"
+ "Roxio Audio Decoder (DVD)" "ROXIO Audio Decoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiodvdaudio.dll"
+ "ROXIO Audio Source 3.0" "VW Audio Source" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\audiosrc.ax"
+ "ROXIO Audio VCFChunker 3.0" "Chunker Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\chunker.ax"
+ "ROXIO Audio VCFLooper 3.0" "Looper Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\looper.ax"
+ "ROXIO AudioConvert 3.0" "AudioConvert Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\audconv.ax"
+ "ROXIO AudioGrabber 3.0" "VideoWave Frame Grabber" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\thumbnailgraber.ax"
+ "ROXIO ColorSpace Converter 3.0" "ROXIO Color Space Converter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\colorspconv.dll"
+ "ROXIO CrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\crossgraphex.ax"
+ "ROXIO CrossGraphEx Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\crossgraphex.ax"
+ "roxio DCFilters Audio Sync Filter 2" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters Dragons Lair" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters DVD Muxer" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters DVDStream Reader" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters DVDStream Splitter" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters Mpeg I/II Decoder" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters Smart Resizer" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters Subpicture Mixer" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "ROXIO Deinterlace 3.0" "Video Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\deinter.ax"
+ "ROXIO DVDCrossGraphEx Renderer 3.0" "DVDCrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\dvdcrossgraphex.ax"
+ "ROXIO DVDCrossGraphEx Source 3.0" "DVDCrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\dvdcrossgraphex.ax"
+ "ROXIO Image/Colour Source 3.0" "Colour Frame Source" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\imagesource.ax"
+ "ROXIO ListImage Source 3.0" "ListFrameSource" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\listimagesource.ax"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\lpcmsyncfilter.dll"
+ "Roxio LVM File Source (Async.)" "LVMAsync" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\lvmasync.ax"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegprop.dll"
+ "Roxio MPEG Stream Analyzer" "Roxio MPEG Stream Splitter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpegstreamanalyzer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxioaudioenc.dll"
+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1vidcodec.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1muxer.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegdemuxer.dll"
+ "Roxio MPEG2 Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio MPEG2 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2muxer.dll"
+ "Roxio MPEG2 Video Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO Pan Zoom 3.0" "Video Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\panzoom.ax"
+ "ROXIO Pin Tee" "" "" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\roxioinftee.ax"
+ "Roxio Plasma CrossGraph Renderer" "MGICGFilter.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\plasmacgfilter.ax"
+ "Roxio Plasma CrossGraph Source" "MGICGFilter.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\plasmacgfilter.ax"
+ "ROXIO QT Source" "QuickTime Loader" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\qtsource.ax"
+ "ROXIO QuickGrabber 3.0" "VideoWave Frame Grabber" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\thumbnailgraber.ax"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mgirawwriter.dll"
+ "Roxio Repack Filter" "Repack Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\repackfilter.dll"
+ "ROXIO Scene Detector 3.0" "Video Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\scenedetector.ax"
+ "ROXIO SceneRecorder 1.0" "DVR support filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\scenerecorderfilt.ax"
+ "ROXIO Simple Dump 3.0" "Simple Dump Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\rxsimpledump.ax"
+ "Roxio Smart Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio Smart Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO SpyPos 3.0" "Null-In-Place (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\mginullip.ax"
+ "ROXIO ThumbnailGrabber 3.0" "VideoWave Frame Grabber" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\thumbnailgraber.ax"
+ "Roxio Transport Stream Source" "ListFrameSource" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\tsmpegsource.dll"
+ "ROXIO VCFAudioMixer 3.0" "AudioFlt Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\audmf.ax"
+ "ROXIO VCFDvrSupport 3.0" "DVR support filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\dvrsupportfilt.ax"
+ "ROXIO VCFDVSceneDetect 1.0" "DVR support filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\dvscenedetectfilt.ax"
+ "ROXIO VCFLatency 3.0" "Latency Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\latency.ax"
+ "ROXIO VCFpeakmeter 3.0" "Peakmeter Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\peakmeter.ax"
+ "ROXIO VCFVideoCutList 3.0" "Video CutList Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\vcutlist.ax"
+ "ROXIO VCFWaveform 1.0" "Waveform Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\waveform.ax"
+ "ROXIO Video Resampler 3.0" "Video Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\vresamfilt.ax"
+ "ROXIO Video VCFLooper 3.0" "Video Looper Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\vlooper.ax"
+ "ROXIO VideoCombine 3.0" "Video Effect Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\videocombine.ax"
+ "Roxio VOB Formatter" "VOBFormatter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\vobformatter.ax"
+ "Roxio Vob Loader" "VOBLoader" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\vobloader.ax"
+ "ROXIO WAV Dest 3.0" "MGI Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\wavhead.ax"
+ "Sewer" "MVWcDSutil" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\mvwcdsutil.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic MPEG Audio Decoder" "MPEG Video and Audio Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicdsmpeg.ax"
+ "Sonic MPEG Video Decoder" "MPEG Video and Audio Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicdsmpeg.ax"
+ "Sonic MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "Sonic Solutions Inc" "c:\program files\common files\sonic shared\sonicmc01\sonicm2vd.ax"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\subpictenc.dll"
+ "Time Regulator" "TimeRegulator" "cyberlink" "c:\program files\hp\quickplay\kernel\tv\pcmravi_audtr.ax"
+ "VCG Null Renderer 3.0" "" "" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\videocompositing.ax"
+ "VCG Video Mixer 3.0" "" "" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\videocompositing.ax"
+ "VCGImageSource" "" "" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\videocompositing.ax"
+ "VMR9 Wrapper 3.0" "" "" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\videocompositing.ax"
+ "VW Input Selector" "Video Effect Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\inputselector.ax"
+ "VW Input Selector 2" "Video Effect Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd basic v9\videocore 9\inputselector.ax"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "{1AD512C6-24AF-4395-82B4-2D3CF21F44A2}" "Roxio MP3 Encoder Dynamic Link Library" "Roxio" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiostreamwriter.ax"
+ "{472C92F0-5438-423D-9B30-FD2932EA44EE}" "Roxio Audio Source Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiosource.ax"
+ "{58FF69ED-8388-483B-B9AC-3EB04BBEB913}" "Roxio Audio Stream Reader Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiostreamreader.ax"
+ "{B7CCDD5D-DFE7-47ED-AE9A-18A40F7FCBBF}" "Roxio MP3 Encoder Dynamic Link Library" "Roxio" "c:\program files\common files\roxio shared\9.0\sharedcom\rxdsmp3encoder.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\WINDOWS\System32\APSHook.dll" "Application Protection Hook" "Cognizance Corporation" "c:\windows\system32\apshook.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "CredProvider Class" "Taskbar Notification Icon" "Cognizance Corporation" "c:\program files\bioscrypt\verisoft\bin\trayicon.dll"
+ "PswCredProvider Class" "Taskbar Notification Icon" "Cognizance Corporation" "c:\program files\bioscrypt\verisoft\bin\trayicon.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" ""
+ "ProviderFilter Class" "Taskbar Notification Icon" "Cognizance Corporation" "c:\program files\bioscrypt\verisoft\bin\trayicon.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LIDIL hpzll5ha" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll5ha.dll"
+ "LIDIL hpzll64X" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll64x.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "CognizanceCredMgr" "VeriSoft Access Manager" "Cognizance Corporation" "c:\program files\bioscrypt\verisoft\bin\aswlnpkg.dll"
"C:\Users\fran\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Calendar" "Browse the days of the calendar." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml"
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\Gadget.xml"
+ "Notes" "Capture ideas, notes, and reminders in a quick and easy way." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"
 
Okay, this is from the 'Everything' tab and the Microsoft processes are showing:

Look at the first line: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""

And processes are listed below it such as:
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
Is there a box with a check in it, followed by an icon after the + sign, before the first word- in this case Abobe?

Click on the Internet Explorer tab. Does that cut down to your addons like Google, Java, other with the check box and icon before the entry?

If you click on any line, do you see information about it at the bottom of Window?
If you click on any line to highlight it, then click on the paper with the check on it in the top of the Window, does it open a Properties Windows for you?

This is just to familiarize you with the screen. Do not click on the red X at the top to delete anything at this point.
================================================
Please Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

This will help me to see what has started on boot.
 
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
Is there a box with a check in it, followed by an icon after the + sign, before the first word- in this case Abobe?
yes

Click on the Internet Explorer tab. Does that cut down to your addons like Google, Java, other with the check box and icon before the entry?

yes

If you click on any line, do you see information about it at the bottom of Window?

yes

If you click on any line to highlight it, then click on the paper with the check on it in the top of the Window, does it open a Properties Windows for you?

yes
 
Okay! How about running HijackThis for me- it will help find all the running programs and I can use it for Autoruns:

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
I'm sorry Bobbye, I didn't see the second part of your directions. Here's the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:06:25 PM, on 11/17/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\fran\Desktop\HijackThis(2)\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9246 bytes
 
No problem! I think this will be easier for you to stop the entry using HJT, then remove the entry using the msconfig utility, then reset Services startup type:

Part one: Stopping the running entries:

Please print these instructions as you will need to refer to them:

I have sectioned the HJT log in 3 parts> it is still just one log.
The first part is the Running Processes. (I am including a short description of each below- this does not appear in the HJT log itself- it's just FYI.
The second part is processes related to the programs, started from the Registry or a Service.
The third are Services which will be reset from Automatic to Manual.
====================================
Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

C:\WINDOWS\System32\igfxtray.exe >> Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets
C:\Windows\system32\igfxsrvc.exe >> Added by the AUTORUN-BPQ WORM!
C:\WINDOWS\System32\hkcmd.exe >> Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics.
C:\WINDOWS\System32\igfxpers.exe >> Installed with the graphics drivers for Intel desktop and mobile motherboard chipsets with integrated graphics.
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe >> Related to Intel® Rapid Storage Technology
C:\Program Files\HP\QuickPlay\QPService.exe >> HP QuickPlay - "brings your favorite music and movies to life with the touch of a button"
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe >> Wireless application bundled with HP computers that allows you to control different settings
C:\Program Files\iTunes\iTunesHelper.exe >> Installed with Apple's iTunes media management software.
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe >> HP software updates.
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe >> Realtek HD Audio Manager, installed with the Vista/7 drivers for on-board Realtek HD audio codecs.
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe >> HP Quick Launch Buttons control center on their laptops
C:\Program Files\Common Files\Java\Java Update\jusched.exe >> auto-updater
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe >> System Tray access to HP Director.
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE >> "HP Wireless Assistant is a user application that provides a method for controlling the enablement of individual wireless devices
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe >> HpqToaster.exe is a support program used by HP. It's exact function is unknown. Some adware, spyware, and virus sometimes disguise themselves as this program. It is unknown what the consequences are of stopping or removing this program.http://www.neuber.com/taskmanager/process/hpqtoaster.exe.html
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe >> part of HP Digital Imaging
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe >> Part of Windows Search. High resource user, not needed.
-------------------------------
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
--------------------------------------------------
Services:
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe >> InstallDriver Table Manager
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


Close all Windows except HijackThis and click on "Fix Checked."
============================================
Part Two: taking processes off of the Startup Menu
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

How to use MSCONFIG in Windows Vista
  1. Click on the Vista start icon
    4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_47.png
    in the bottom left corner of your screen.
  2. Type MSCONFIG> press enter
  3. Vista asks permission to use this account:
    admin_user_account_control.gif
  4. Follow the on-screen prompts to give Vista permission to continue.
  5. When finished with UAC, Microsoft's System Configuration Utility will display
    vista_msconfig.gif

    Note: change from image> check Selective Startup
  6. Click on the Startup tab.
  7. Vista loads essential programs through "Windows Services" so what you see here are optional.
  8. Uncheck the box for each process that you do not want to start on boot:
    Use the process names from the first 2 sections of the HJT log. Example of only a few:
    You can safely check the following:
    reader_sl.exe
    AdobeUpdater.exe
    iTunesHelper.exe.
    ALL processes for HP Digital Imaging
  9. Click on OK
Stay in Safe Mode
===================================
Part Three: Changing the Startup type for Services:
Click on Start> Run> type in services.msc> enter

The Services are the 023 entries in the HJT log. For any Service that you checked to stop in the HJT log, you will double click on the Service to open> change the Startup type to Manual (if it is set to Automatic)

When finished, exit Services and reboot back into Normal Mode:
Note 1:If this box displays, click the box by message 'don't show this message again', then click Restart:
Note 2. If you get a message about being in a diagnostic mode [Selective Start up) with the above, stay in Selective Startup to keep the changes...
restart_box_vista.gif

All images courtesy netsquirrel.com
=============================
Take your time. Once this is done, it's done. You haven't removed any programs- only told them when you don't want them to run!

-----------
 
Thanks Bobbye! I was so nervous doing that! I just knew I would break something lol. I appreciate all your help. Everything seems to be running well now!
 
You're welcome! You were a good 'student'. If you can handle one more scan, I'd like you to have you run the Eset scan and make sure it's clean. Just follow the direction in my Reply #3 for the scan- update it before running.

If that is clean, I have you remove] the cleaning tools and logs. Then I will give you some security tips to keep on hand.
========================================
It may be helpful to you in the future to keep the information in my Reply #23:

Stopping unnecessary startups
1. Unchecking on Startup using the msconfig utility.> with instructions.
2. Disabling Active X objects> with instructions
3. Changing Startup type for Services> with instructions

What you should know: ( this is a basic for computer using a Windows system)
1. Basically every program you install is going to put itself on the Startup menu.
2. Any Service for #1 will set to Automatic Startup type.

What you need to start on boot and run in the background:
1. The antivirus program
2. The firewall is you use a 3rd party firewall like Zone Alarm or Comodo
3. The touchpad process if on a laptop
4. Network process if you use a program like NetworkMagic/Pure Networks/Cisco
 
Hi Bobbye no threats were found in the Eset scan, but while I was running it my Avira popped up with notices of viruses and malware found. I think there were 3 separate instances of malware found and 2 viruses. I wasn't surfing the web while it was running, I found the notices popped up when I would come to check on it, I thought that was odd, but the Eset returned no results.
 
What happened to McAfee?

AV: McAfee Anti-Virus and Anti-Spyware
FW: McAfee Firewall
SP: McAfee Anti-Virus and Anti-Spyware
Why are you now using Avira?

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
"my Avira popped up with notices of viruses and malware found."
----------------------------------------------------
All of the following were removed in Combofix. Entries found by the AV will be proceeded by Qoobox
c:\programdata\1kAlMiG2Kb7FzP.exe
c:\users\fran\AppData\Roaming\EurekaLog
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\system32\AutoRun.inf
"c:\programdata\1kAlMiG2Kb7FzP.exe"

System Volume
Entries that were on the system when a restore point was set, shows at this location until we drop the old restore points.

Neither Qoobox nor System Volume entries are active in the system, Qoobox files wll be removed when you uninstall Combofix and old restore points will be dropped at the end of cleaning and a new, clean restore point will be set.

Unfortunately, antivirus programs don't know how to distiguish location.

If Eset was clean, I would guess that what Avira showed was either or both of the above.
.
 
mcafee was expiring so I had to find a new option. My brother said the free programs were just as good so I chose avira. Is this bad? I didn't want to renew macafee.
 
What you did was okay, but since we were still in progress, you should have let me know.

Did you understand what I said regarding the location of AV scan entries? You can check the Avira log to verify this if you would like.

Have we resolved all of the problems? Are you comfortable with my explanation of Avira/location?

You system should be clean and lean now. You can remove the cleaning tools:

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

Let me know if you have any questions.
 
Ok, restore point completed. I'm sorry I didn't let you know about the avira, I didn't realize it was significant.
 
No problem. Just keep in mind when we help clean a system that we view the entries in the logs.

Have a Happy and Peaceful Holiday!
peace_dove_bigger_normal.jpg
 
Status
Not open for further replies.
Back