Please go to the Control Panel to install and configure system components

Galton · 05-Aug-2012, 02:30 AM #1

I have disabled Autorun for years, recently I noticed that anytime I insert a Disc where in the autorun.inf calls for setup.exe to start
this message comes up:
_________________________________________________________
Windows XP Setup -------------------------------------------------------------------------(this is the Title Bar)
_________________________________________________________
Please go to the Control Panel to install and configure system components. ------- (this is the message)
_________________________________________________________
----------------------------------------- OK --------------------------------------------------(ok button to dismiss)
_________________________________________________________

This happens only if setup.exe is in the autorun.inf, if another executable name is in the autorun.inf nothing happens.

On investigating, seems that whenever setup.exe is called in the autorun.inf, Windows starts the
"C:\Windows\System32\setup.exe" instead of the one on the DISC.

I tried to delete the setup.exe is system32, but Windows automatically replaces with another copy from a cache.
I tried a copy from another computer without this problem, didn't work. I tried a repair install, didn't work. Tried a few registry edits, nothing seems to work.

I think I am missing some registry setting so that when the setup.exe starts refers to the one on the DISC, or a way to ignore it totally.

Please help!

Scan Results:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3071 Mb
Graphics Card: ATI Radeon X1050, 512 Mb
Hard Drives: C: Total - 45841 MB, Free - 18380 MB; D: Total - 360458 MB, Free - 296120 MB; E: Total - 11225 MB, Free - 9934 MB; F: Total - 20661 MB, Free - 13652 MB; G: Total - 30851 MB, Free - 14328 MB; H: Total - 21163 MB, Free - 10170 MB; I: Total - 20598 MB, Free - 13688 MB; J: Total - 132959 MB, Free - 72707 MB; K: Total - 418686 MB, Free - 265973 MB; L: Total - 266923 MB, Free - 16060 MB; M: Total - 662249 MB, Free - 88392 MB; N: Total - 4102 MB, Free - 1123 MB; Q: Total - 17108 MB, Free - 15613 MB; T: Total - 9287 MB, Free - 6683 MB;
Motherboard: ASUSTeK Computer INC., P5B-Deluxe
Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled

**Cookiegal** · 05-Aug-2012, 12:56 PM #2

There's probably an autorun.inf file in the root directory on the primary drive that it's reading instead of the one of the installation media.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following code box into the main text field:
Code:
```
:filelook
autorun.inf
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Galton · 05-Aug-2012, 04:57 PM #3

Just done as you suggested.

1. Run System Look.
2. Paste the code you posted.
3. Inserted a CD into the drive.
4. Message came up again.
5. Pressed Look button.

This is the result:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:49 on 05/08/2012 by Tony
Administrator - Elevation successful

Invalid Context: filelook

No Context: autorun.inf

-= EOF =-

**Cookiegal** · 05-Aug-2012, 05:13 PM #4

I'm sorry, my head must be on backwards. I gave you the wrong command. Please run it again with this script:

Code:

:filefind
autorun.inf

Galton · 06-Aug-2012, 01:13 AM #5

This is the result this time:

SystemLook 30.07.11 by jpshortstuff
Log created at 01:06 on 06/08/2012 by Tony
Administrator - Elevation successful

========== filefind ==========

Searching for "autorun.inf"
No files found.

-= EOF =-

This is the content of the autorun.inf on the CD:

[AutoRun]
open=setup.exe
icon=setup.exe,0

Along with the autorun.inf there is a SETUP.EXE in the root of the CD, this SETUP.EXE is the one that should start.

Instead the file that starts is the one located in "C:\Windows\system32\setup.exe"

**Cookiegal** · 06-Aug-2012, 06:15 PM #6

I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.

Galton · 07-Aug-2012, 10:21 AM #7

I just run your Mountpoints Diagnostic.bat and I am uploading the results.

I had a look in the file and I think the line that is correct is #1802 @="Z:\\setup.exe,0" this is my DVD drive and the disk in it is Windows XP Home, however the proper setup for the disk does not run instead I get this attached message. (see attachment).

Please go to the Control Panel to install and configure system components-xpsetuperror.jpg

**Cookiegal** · 07-Aug-2012, 04:50 PM #8

There is a suspicious entry in there which could be malware:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{47b9f06c-dbf0-11df-a108-001bfc0220aa}\ioe]
@="568756E257E656D62357E6C557E656D62357E6C537D6162776F62705D3E65607F6D70364 34332313239343034334D264432424D273145443D223132483D23423535353933344B7"

But let's run a couple of scans to see if anything comes up.

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

Open the ark.txt file and copy and paste the contents of the log here please.

**Cookiegal** · 07-Aug-2012, 04:52 PM #9

Quote:

Originally Posted by Galton

I just run your Mountpoints Diagnostic.bat and I am uploading the results.

I had a look in the file and I think the line that is correct is #1802 @="Z:\\setup.exe,0" this is my DVD drive and the disk in it is Windows XP Home, however the proper setup for the disk does not run instead I get this attached message. (see attachment).
Attachment 212731

What setup is it that you're trying to run?

Galton · 08-Aug-2012, 02:00 AM **#10**

Read the First Post please.
The message comes every time a CD is inserted in the drive that has a call for setup.exe in the autorun.inf file.

Instead of running setup.exe on the CD the one located in C:\Windows\system32\setup.exe will run giving the same message.

If in the autorun.inf the .exe has a different name nothing happens.

**Cookiegal** · 08-Aug-2012, 01:03 PM **#11**

Quote:

Originally Posted by Galton

Read the First Post please.
The message comes every time a CD is inserted in the drive that has a call for setup.exe in the autorun.inf file.

Yes, I understand that but was just curious as to which program you were trying to install from the CD.

You mentioned early on that you had disabled autorun. The only thing I can think to try is re-enable it and see if it runs the correct setup from the CD instead of the XP setup.

Galton · 08-Aug-2012, 11:20 PM **#12**

I do not use this drive to install much software, because most software is downloaded. However the last time I used this drive to install "Rosetta Stone", (this is a language learning program), it was then that I noticed this message coming up. The message may have appeared before but this is the last time when I noticed it.

The Installation went OK but another thing that now I remember was that after removing the disk from the drive a message came up, "Wrong Disk in Drive z:\" but Rosetta Stone does not require the disk in the drive since the whole thing is done through the web, and it has been working fine so far without asking for a disk again.

Thank you for your patience with me.

Attached here are the files you requested me.

**Cookiegal** · 09-Aug-2012, 06:40 PM **#13**

I'm posting the logs in the thread to make it easier to refer back to them. Please only attach logs if requested to do so.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
Run by Tony at 23:01:03 on 2012-08-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2398 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
G:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
G:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
G:\Program Files\SecurStar\DriveCrypt 5\DCRServ.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\System32\imapi.exe
G:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
C:\WINDOWS\system32\NLSSRV32.EXE
g:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
G:\Program Files\Quick PDF Tools\QuickPDFTCP0721.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\USBDLM\USBDLM.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Direct Folders\df.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Tray Wizard\TWizard.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
Q:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
G:\Programs Misc\DesktopTeleporter\Teleport.exe
C:\Program Files\Kalender\Kalender.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\HACE\Mmm\Mmm.exe
C:\Program Files\Rubber Ducky\RubberDucky.exe
Q:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
G:\Program Files\PC Magazine Utilities\Desktoplet\Desktoplet.exe
C:\Program Files\FileBX\FileBX.exe
C:\HibernateTrigger\HibernateTrigger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
Q:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
Q:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\FreeCommander\FreeCommander.exe
Q:\WINDOWmacros\MacrosRes.exe
Q:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files\ViOrb\ViOrb.exe
Q:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
Q:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
F:\Program Files\Microsoft ActiveSync\rapimgr.exe
Q:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar =
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - g:\progra~1\spybot~1\SDHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} -
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Teleporter] g:\programs misc\desktopteleporter\Teleport.exe
uRun: [Kalender] c:\program files\kalender\Kalender.exe
uRun: [SkinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe
uRun: [Mmm] "c:\program files\hace\mmm\Mmm.exe"
uRun: [AgataSoft_HotKey_Manger]
uRun: [Rubber Ducky Update Setup] c:\documents and settings\tony\local settings\application data\{f558f646-f9cf-47f2-96ca-07ba8eb6ea61}\rubber ducky.exe /updatesetup
uRun: [Rubber Ducky Update Setup for All Users] c:\documents and settings\all users\application data\{f558f646-f9cf-47f2-96ca-07ba8eb6ea61}\rubber ducky.exe /updatesetup
uRun: [MimarSinan Rubber Ducky] "c:\program files\rubber ducky\RubberDucky.exe"
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [DirectFolders] "c:\program files\direct folders\df.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Tray Wizard] c:\program files\tray wizard\TWizard.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
mRun: [ProcessTamer] q:\program files\processtamer\ProcessTamerTray.exe
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [<NO NAME>] Q:\!RunFromRegistry.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\!timeresynconstartup.lnk - c:\windows\system32\hstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\beyond tv.lnk - q:\program files\snapstream media\beyond tv\BTVAgent2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - g:\program files\pc magazine utilities\desktoplet\Desktoplet.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filebox extender.lnk - c:\program files\filebx\FileBX.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hibernate trigger.lnk - c:\hibernatetrigger\HibernateTrigger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\speed fan.lnk - c:\program files\speedfan\speedfan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\usb safely remove.lnk - c:\program files\usb safely remove\USBSafelyRemove.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: MaxRecentDocs = 11 (0xb)
mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
IE: Open with WordPerfect - h:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - f:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - f:\program files\microsoft activesync\INetRepl.dll
DPF: Microsoft XML Parser for Java
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340512155234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340512146781
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9395F856-BDF0-43FF-B680-9EC731E2D47D} : DhcpNameServer = 192.168.1.1
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: AutorunsDisabled\intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - g:\quicktax 2007\ic2007pp.dll
Handler: AutorunsDisabled\intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - g:\program files\quicktax 2008\ic2008pp.dll
Handler: AutorunsDisabled\intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - g:\program files\quicktax 2009\ic2009pp.dll
Handler: AutorunsDisabled\intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - g:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - g:\program files\quicktax 2009\ic2009pp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\symantec\winfax\WfxSeh32.Dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - f:\eudora\EUSHLEXT.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: Nitro PDF Professional - cscript //B "g:\program files\nitro pdf\professional\RemoveOldAddins.vbs"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tony\application data\mozilla\firefox\profiles\im0vnwsz.default\
FF - prefs.js: browser.startup.homepage - file:///c:\\Documents and Settings/Tony/Application Data/Mozilla/Firefox/Profiles/im0vnwsz.default/bookmarks.html
FF - prefs.js: network.proxy.ftp - 64.201.65.21
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 64.201.65.21
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 64.201.65.21
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 64.201.65.21
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 64.201.65.21
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\tony\application data\mozilla\firefox\profiles\im0vnwsz.default\extensions\optout@dubfire.ne t\lib\winnt\ff3\AbineComponent.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\windows\system32\npacrx.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: g:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: g:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: g:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: g:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: g:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: g:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: g:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: g:\program files\quicktime\plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [2011-10-30 187120]
R0 DCR;DCR;c:\windows\system32\drivers\DCR.sys [2012-6-29 294408]
R0 DCVP;DCVP;c:\windows\system32\drivers\DCVP.sys [2012-6-29 19624]
R0 Evdd;evdd;c:\windows\system32\drivers\evdd.sys [2011-10-30 16360]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2011-4-30 14080]
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2011-7-7 102728]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefrag Driver.sys [2011-6-11 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-13 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-13 353688]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2004-4-23 6144]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [2012-3-21 277576]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-20 532224]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;g:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2012-6-14 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-13 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-13 44808]
R2 CPMService;COMODO Programs Manager Service;g:\program files\comodo\comodo programs manager\CPMservice.exe [2011-9-5 105792]
R2 DriveCryptService;DriveCrypt Service;g:\program files\securstar\drivecrypt 5\DCRServ.exe [2012-6-29 96680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-8-8 13592]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;g:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2012-4-12 175624]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-4-12 69640]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2010-8-25 109168]
R2 QuickPDFTCPService0721;Quick PDF Tools Background Service;g:\program files\quick pdf tools\QuickPDFTCP0721.exe [2010-8-13 1918464]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-12-29 5554552]
R2 USBDLM;USBDLM;c:\usbdlm\USBDLM.exe [2011-10-23 332768]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2012-7-24 1005440]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [2010-8-28 72704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MAPMEM;MAPMEM; [x]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\ubsbm.sys --> c:\windows\system32\drivers\ubsbm.sys [?]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\ubumapi.sys --> c:\windows\system32\drivers\ubumapi.sys [?]
S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [2012-7-28 816672]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\A powersoft_AudioDevice.sys [2012-4-26 16640]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-6-6 23456]
S3 DSKACT2;DSKACT2; [x]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-4-9 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-4-9 8456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 FNSYS;FNSYS; [x]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVServer.exe [2009-8-10 823296]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenu m.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.s ys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-3-31 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-3-30 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-3-31 42752]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-3-31 23936]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys --> c:\windows\system32\drivers\psi_mf.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-22 27064]
S3 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-12-29 451960]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys --> c:\windows\system32\drivers\ubohci.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 BCMNTIO;BCMNTIO; [x]
S4 IObitUnlocker;IObitUnlocker;q:\program files\iobit\iobit unlocker\IObitUnlocker.sys [2012-7-6 27552]
S4 WS_Sfilter;WS_Sfilter;c:\windows\system32\drivers\wsfilter.sys [2012-6-27 26240]
.
=============== Created Last 30 ================
.
2012-08-08 18:52:03 -------- d-----w- c:\documents and settings\all users\application data\MaxSyncUp
2012-08-07 12:04:10 -------- d-----w- C:\setups
2012-08-07 10:19:08 -------- d-----w- C:\_This is C-Windows
2012-08-06 14:47:20 15620 ----a-w- c:\windows\system32\SystemRs120.f.SYS
2012-08-06 14:46:43 -------- d-----w- c:\windows\SysResources Manager
2012-08-06 05:00:40 23040 ----a-w- c:\windows\setup.exe
2012-08-06 04:37:40 -------- d-sh--r- C:\cmdcons
2012-08-06 04:37:30 -------- d-----w- c:\windows\setupupd
2012-08-04 01:43:30 -------- d-----w- c:\windows\setup.pss
2012-08-03 15:16:50 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-08-03 15:16:49 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-31 15:38:13 -------- d-----w- c:\program files\RosettaStoneLtdServices
2012-07-31 15:38:13 -------- d-----w- c:\documents and settings\all users\application data\RosettaStoneLtdServices
2012-07-29 05:17:39 -------- d-----w- c:\program files\Oracle
2012-07-29 05:17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-28 20:37:41 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2012-07-28 20:37:39 -------- d-----w- c:\program files\Cisco Systems
2012-07-28 20:37:37 816672 ---ha-w- c:\windows\system32\drivers\AM10XP.sys
2012-07-28 20:37:37 226592 ---ha-w- c:\windows\system32\RaCoInst.dll
2012-07-28 20:37:19 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
2012-07-25 19:44:30 -------- d-----w- c:\documents and settings\tony\local settings\application data\Abelssoft
2012-07-25 04:37:02 6538 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-07-24 06:14:13 -------- d-----w- c:\documents and settings\tony\application data\USBSRService
2012-07-24 06:14:10 -------- d-----w- c:\program files\USB Safely Remove
2012-07-24 05:42:06 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-07-24 05:42:06 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-07-24 05:19:57 -------- d-----w- c:\documents and settings\all users\application data\Rosetta Stone Backups
2012-07-24 05:19:57 -------- d-----w- c:\documents and settings\all users\application data\Rosetta Stone
2012-07-24 05:18:20 -------- d-----w- c:\program files\Rosetta Stone
2012-07-24 04:48:02 -------- d-----w- c:\program files\Rubber Ducky
2012-07-24 04:48:01 -------- dc-h--w- c:\documents and settings\all users\application data\{F558F646-F9CF-47F2-96CA-07BA8EB6EA61}
2012-07-24 04:43:55 -------- d-----w- c:\program files\Direct Folders
.
==================== Find3M ====================
.
2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-07-01 04:21:39 212670 ----a-w- c:\windows\RunSaver.scr
2012-06-30 03:29:43 1882904 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-06-29 20:37:56 294408 ----a-w- c:\windows\system32\drivers\DCR.sys
2012-06-29 20:37:56 19624 ----a-w- c:\windows\system32\drivers\DCVP.sys
2012-06-16 05:16:06 414 ----a-w- c:\windows\AeDebugSave.reg
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-27 00:05:13 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-05-24 15:48:23 828416 ----a-w- c:\documents and settings\tony\application data\Setup.exe
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2011-01-12 06:00:44 30208 ----a-w- c:\program files\common files\wmpinfo.dll
2011-01-12 06:00:42 240128 ----a-w- c:\program files\common files\dsfVorbisDecoder.dll
2011-01-12 06:00:42 195584 ----a-w- c:\program files\common files\dsfOggDemux2.dll
2011-01-12 06:00:42 146944 ----a-w- c:\program files\common files\dsfFLACDecoder.dll
2011-01-12 06:00:40 221184 ----a-w- c:\program files\common files\dsfFLACEncoder.dll
2011-01-12 06:00:40 204800 ----a-w- c:\program files\common files\dsfNativeFLACSource.dll
2010-12-17 01:39:36 302592 ----a-w- c:\program files\common files\webmmux.dll
2010-12-17 01:39:16 701440 ----a-w- c:\program files\common files\vp8encoder.dll
2010-12-17 01:39:16 412672 ----a-w- c:\program files\common files\vp8decoder.dll
2010-12-17 01:39:14 292352 ----a-w- c:\program files\common files\webmsplit.dll
2009-07-12 03:02:04 653120 ----a-w- c:\program files\common files\MSVCR90.dll
2009-07-12 03:02:02 569664 ----a-w- c:\program files\common files\MSVCP90.dll
2001-11-30 15:09:50 49152 ----a-r- c:\program files\common files\HDvAvi.dll
.
============= FINISH: 23:01:45.38 ===============

**Cookiegal** · 09-Aug-2012, 06:41 PM **#14**

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2004/04/23 13:17:47
System Uptime: 2012/08/08 21:39:03 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5B-Deluxe
Processor: Intel Pentium III Xeon processor | LGA 775 | 2933/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 45 GiB total, 16.428 GiB free.
D: is FIXED (NTFS) - 352 GiB total, 289.18 GiB free.
E: is FIXED (NTFS) - 11 GiB total, 9.704 GiB free.
F: is FIXED (NTFS) - 20 GiB total, 13.22 GiB free.
G: is FIXED (NTFS) - 30 GiB total, 13.966 GiB free.
H: is FIXED (NTFS) - 21 GiB total, 9.932 GiB free.
I: is FIXED (NTFS) - 20 GiB total, 13.368 GiB free.
J: is FIXED (NTFS) - 130 GiB total, 70.314 GiB free.
K: is FIXED (NTFS) - 409 GiB total, 259.575 GiB free.
L: is FIXED (NTFS) - 261 GiB total, 28.158 GiB free.
M: is FIXED (NTFS) - 647 GiB total, 86.33 GiB free.
N: is FIXED (NTFS) - 4 GiB total, 1.033 GiB free.
Q: is FIXED (NTFS) - 17 GiB total, 15.226 GiB free.
T: is FIXED (NTFS) - 9 GiB total, 6.526 GiB free.
Y: is CDROM ()
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Parallel port driver
Device ID: ROOT\LEGACY_PARPORT\0000
Manufacturer:
Name: Parallel port driver
PNP Device ID: ROOT\LEGACY_PARPORT\0000
Service: Parport
.
==== System Restore Points ===================
.
RP100: 2012/07/29 01:17:39 - Installed JavaFX 2.1.1
RP101: 2012/07/30 13:07:37 - System Checkpoint
RP102: 2012/07/31 11:35:22 - Removed Rosetta Stone TOTALe
RP103: 2012/07/31 11:38:07 - Removed Rosetta Stone TOTALe
RP104: 2012/07/31 11:38:12 - Removed Rosetta Stone Ltd Services
RP105: 2012/07/31 11:38:20 - Installed Rosetta Stone TOTALe
RP106: 2012/08/01 12:10:32 - System Checkpoint
RP107: 2012/08/02 13:15:20 - System Checkpoint
RP108: 2012/08/03 11:16:48 - Installed DirectX
RP109: 2012/08/05 00:43:55 - System Checkpoint
RP110: 2012/08/07 07:09:54 - System Checkpoint
RP111: 2012/08/08 15:45:44 - System Checkpoint
.
==== Installed Programs ======================
.
.
1st Page 2000 2.00 Free
A-PDF Restrictions Remover 1.6
A1Click Ultra PC Cleaner 1.01 (Registered Version)
Acronis*Disk Director Suite
Acronis*True*Image*Home
Active@ ISO File Manager v 3.2
ActivePerl 5.14.2 Build 1402
Add/Remove Pro (Freeware)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements
Adobe Photoshop Elements 8.0
Advanced Uninstaller PRO - Version 10
AgataSoft HotKey Manger
AllOff Version 3.5
AnVir Task Manager
AOpen FM56-PX Controllerless PCI Modem
APO Usb Autorun
Apple Application Support
ArcSoft PhotoBase 3
ArcSoft PhotoBase 4.5
ArcSoft PhotoBase 4.5 (Shared Components)
ArcSoft PhotoPrinter 5
ArcSoft PhotoStudio 6.0
ARPCache Viewer
Ashampoo Photo Commander 8 v.8.5.0
Ashampoo Photo Optimizer 3 v.3.13
Ashampoo Registry Cleaner v.1.00
Ashampoo Undeleter v.1.1.0
ASUS ATI Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Atomic Alarm Clock 5.61
Autodesk SketchBookExpress 2011
AutoHotkey 1.1.07.01
AutoStreamer
avast! Free Antivirus
AviSynth 2.5
AVIVO Codecs
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
AvsP
Bamboo
Bamboo Dock
BartPE Add-on for Acronis True Image 11 Home
Belarc Advisor 8.1
Beyond Sync 4.3.27.562
Bibbia italiana
Borland Database Engine Setup
Briefcase Plus version 2.0.3
BurstCopy v2.700
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 3.0
Canon MP640 series MP Drivers
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD-LabelPrint
CDBurnerXP
CDDRV_Installer
Choice Guard
CleanMem
Cleanse Uninstaller Pro 10.0
ClearTweak
ClearType Tuning Control Panel Applet
Clipboards 2.01
Color Efex Pro 3.0 Wacom Edition 3
COMODO Programs Manager
Compatibility Pack for the 2007 Office system
Contacts Geocoder
Corel Applications
Corel Graphics Suite 11
Corel WordPerfect Suite 8
CyberLink PowerDVD 8
Data Lifeguard Tools
DCE AutoEnhance 3.3
DCE Tools 1.0
DevConWin
Direct Folders
Disc Manager 1.04
Disk Pulse 2.7.14
DivX
DriveCrypt 5.4
Driver Genius Professional Edition
DVD-lab PRO 2.2
DVD-lab PRO 2.3
DVD-lab Studio 1.25
DVD Decrypter (Remove Only)
DVD Menu Studio 1.1
DVD Shrink 3.2
DVD slideshow GUI 0.9.4.1
DVDFab Decrypter 2.9.7.2
DVDFab Media Player 1.0.1.5 (27/07/2012)
e-Sword
EASEUS Partition Master 9.1.1 Home Edition
EditStudio 6.0.5
EncryptOnClick
EndItAll 2.0
erLT
ERUNT 1.1j
Eudora Pro Email
eWallet for Windows PCs
Exifer
ExifyMe version 1.0
FastStone Image Viewer 4.6
FastStone Photo Resizer 2.9
FBackup 4
ffdshow [rev 3029] [2009-07-10]
File Scavenger 3.1
FileBox eXtender
FileHippo.com Update Checker
FileMaker Pro 5.5
FileMenu Tools
FileTouch 2.1
Firesage MBRWizard
Flash File Recovery v2.0
Font Xplorer 1.2.2
FormatFactory 2.70
FormTool 6
Foxit Reader
Free Font Renamer 2.1
Free Launch Bar
Free Loan Calculator
Free Video to MP3 Converter version 5.0.2.1125
Free&Easy Font Viewer 2.0
FreeCommander 2009.02b
FreeCommander XE
freeTunes*3.0
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GeePeeEx Editor - 5 Waypoint TRIAL VERSION V1.3.2
GPL Ghostscript
GUI for dvdauthor 1.07
Hauppauge WinTV
Hauppauge WinTV Infrared Remote
Hauppauge WinTV IR Blaster
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
HDD Health v3.3 Beta
HHD Software Hex Editor
Hibernate Trigger
Hongsoft Free Video Converter version 2.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HotKey Detective (PC Magazine)
HP My Display
Icons from File 5.01
iDailyDiary 3.71
Idle Monitor 1.0
ImgBurn
InfoTag Magic 1.0
Intel RSX 3D
Intel(R) Rapid Storage Technology
InterVideo FilterSDK for Hauppauge
Investment And Loan Calculator v1.1
IrfanView (remove only)
Iron Key
IsoBuster 2.5
iView Catalog Reader (remove only)
Java(TM) 7 Update 5
JavaFX 2.1.1
JMicron JMB36X Driver
K-Lite Codec Pack 6.0.4 (Basic)
KhalInstallWrapper
Kingsoft Writer (8.1.0.3019)
Kremlin
Kremlin 2.21
Lernout & Hauspie TruVoice American English TTS Engine
LG USB Modem driver
LightScribe 1.4.42.1
LinkIconShim (32bit)
ListPro
LiveAdvisor (Symantec Corporation)
LiveUpdate
Logitech SetPoint
Lynx 2.8.5rel.1
Macromedia FreeHand MX
Magic ISO Maker v5.4 (build 0237)
MagicDisc 2.7.106
Malware Destroyer
Malwarebytes' Anti-Malware version 1.51.2.1300
Manual CanoScan 5000,5000F,8000F
Marvell Miniport Driver
MemoClip Pro 1.55
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Data Access Components KB870669
Microsoft Managed DirectX (1126)
Microsoft Outlook 2000
Microsoft Tool Web Package : SETX.EXE
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
MimarSinan Rubber Ducky
Mini Calculator
Mmm
Mobipocket Creator 4.0 - Home Edition
Mobipocket Creator 4.1
MobiPocket Publisher 3.0
MobiPocket Reader PC
Motorola Phone Tools
MozBackup 1.5.1
Mozilla Firefox 8.0.1 (x86 en-US)
Mp3tag v2.48
MSVCRT
MSXML 4.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
MyAlbum version 2.5.13
Nero Suite
NirSoft IconsExtract
Nitro Pro 7
Notepad++
Object Fix Zip
OpenOffice.org 3.4
OurSecret 2.5
Paragon Backup and Recovery™ 11 Compact
Paragon Migrate OS to SSD™ 2.0 Special Edition
PC Magazine Defrag-A-File 2.0.2
PC Magazine Desktoplet
PC Magazine DiskAction v2.4
PC Magazine File Utility Pack
PC Magazine StoreItAll 1.2
PC Magazine Top Stats
PC Probe II
PCMagazine HD HeartBeat Version 1.0
PDF Merge plug-in for TinyPDF 1.0.2
PDF Protector Splitter and Merger Pro
PdfBooklet 2.1
PE Builder 3.1.10a
Perfect Screen Ruler 3.0
Photo Explosion Deluxe
Photo2DVD Studio Build 4.9.0.0
Photolightning
PhotoStitcher 1.0
Pivot Software
PoiEdit
Pradis Do Not Remove
Pradis: NIV Holy Bible
PrinterShare 2.3.04
Process Tamer 2.11.01
Programmer's Notepad
PSPad editor
Pure Motion EditStudio 5
Quick PDF Tools 2.1.6.1
QuickTax 2003 Standard
QuickTax 2005
QuickTax 2008
QuickTax 2009
QuickVerse 6.0
QuickVerse Library
QuickVerse Library Book Manager
Recuva
RegVac Registry Cleaner 5.02 (Registered Version)
Renamer 1.1
Resco Audio Recorder
Resco Explorer 2003
Resco Picture Viewer
Resco Utility Package
Revo Uninstaller Pro 2.5.3
Roadkil's Unstoppable Copier Version 5.2
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Roxio Easy Media Creator 8 Suite
Rubber Ducky
SDK
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Segoe UI
Serif DrawPlus X5
Serif MoviePlus X5
Serif PagePlus X5
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Shell Tools
SIW version 2010.03.10
Skins
SlimComputer
Smart Defrag 2
SmartSound Quicktracks Plugin
SnapStream Beyond TV 4.9.3
SnapStream Firefly Mini 1.0.2
SoundMAX
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Startup Cop Pro 3.0
StartupMonitor
StepShot
SUPERAntiSpyware
Symantec WinFax PRO 10.0
SysResources Manager
System Scheduler 4.12
Task ForceQuit Pro version 1.0.2
TeraCopy 2.12
TextBridge Pro 98
The Ultimate Troubleshooter
ThunderSoft Flash Slideshow Factory (2.8.2.0)
Time Zone Data Update Tool for Microsoft Office Outlook
TinyPDF 2.0
TMPGEnc DVD Source Creator
Tray Wizard 4.03
TrueCrypt
TuneUp Utilities 2009
TurboTax 2010
Tweak UI
U.S. Robotics V.92 PCI Faxmodem
UK's Kalender 2.3.2
Ultima Steganography 1.6
Undelete Plus 2.98
Universal Viewer
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows XP (KB2718704)
Update Manager
USB Safely Remove 5.1
VBA (2627.01)
VectorVest 7
VideoReDo TVSuite Version 3.20.1.597
VideoReDo TVSuite Version 4.20.5.600
VideoReDo/Plus Version 2.5.6.512
ViOrb
ViStart
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual CD
Visual MP3 Splitter & Joiner 6.0
Visual Studio 2005 Redist Package
VLC media player 2.0.1
VSO CopyToDVD 4
VueScan
WD Diagnostics
WeatherEye
WebFldrs XP
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
WinBatch
Windows Automated Installation Kit
Windows Backup Utility
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Series TweakMP PowerToy
Windows Resource Kit Tools
WinRescue XP
WinZip 12.1
Wondershare Disk Manager Free(build 1.0.0)
Wondershare Video Converter Platinum(Build 5.2.3.2)
WordPerfect Office X3
WORDsearch
XML Paper Specification Shared Components Pack 1.0
XP Smoker 2.4
XP Smoker Free Edition 6.0
XUS Desktop x32 & x64 GOTD Edition 1.8.80
Xvid 1.1.3 final uninstall
XXConsole: Super Console Generator ver 0.96
YouSendIt Express
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
2012/08/08 15:27:46, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'ViOrb-OneStep01.exe' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
2012/08/07 07:44:30, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'cif.exe' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
2012/08/06 10:21:33, error: JRAID [9] - The device, \Device\Scsi\JRAID1, did not respond within the timeout period.
2012/08/03 11:16:48, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'system32' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
2012/08/03 01:32:59, error: Srv [2011] - The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.
2012/08/03 01:31:13, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'Cryptography' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
2012/08/03 01:31:11, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
2012/08/03 01:31:11, error: Service Control Manager [7002] - The Unibrain 1394 SBM Driver service depends on the UB1394 Miniport group and no member of this group started.
2012/08/03 01:31:11, error: Service Control Manager [7002] - The Unibrain 1394 FireAPI Driver service depends on the UB1394 Miniport group and no member of this group started.
2012/08/03 01:31:11, error: Service Control Manager [7000] - The Unibrain 1394 OHCI Driver service failed to start due to the following error: The system cannot find the file specified.
2012/08/03 01:31:11, error: Service Control Manager [7000] - The MAPMEM service failed to start due to the following error: The system cannot find the file specified.
2012/08/03 01:31:04, error: Print [23] - Printer Easy PDF Creator failed to initialize because a suitable Easy PDF Creator driver could not be found.
2012/08/03 00:08:14, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PVR that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9395F856-BDF0-43FF-B680. The master browser is stopping or an election is being forced.
2012/08/02 16:53:22, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
2012/08/02 01:56:59, error: Service Control Manager [7034] - The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

**Cookiegal** · 09-Aug-2012, 06:42 PM **#15**

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-08 23:04:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-AGIL rev.2.22
Running: vjp6tbmd.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\pwliapoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9FE5A162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9FE59FCD]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device iaStor.sys (Intel Rapid Storage Technology driver - x86/Intel Corporation)
Device jraid.sys (JMicron JMB36X RAID Driver/JMicron Technology Corp.)
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice cumon.sys (CRCMon System Filter Driver/Windows (R) Win 7 DDK provider)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 DCR.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 DCR.sys

---- EOF - GMER 1.0.15 ----

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Please go to the Control Panel to install and configure system components

Find the solution to your computer problem!

Find the solution to your
computer problem!