1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please go to the Control Panel to install and configure system components

Discussion in 'Windows XP' started by Galton, Aug 5, 2012.

Thread Status:
Not open for further replies.
  1. Galton

    Galton Thread Starter

    Aug 5, 2012
    I have disabled Autorun for years, recently I noticed that anytime I insert a Disc where in the autorun.inf calls for setup.exe to start
    this message comes up:
    Windows XP Setup
    -------------------------------------------------------------------------(this is the Title Bar)
    Please go to the Control Panel to install and configure system components. -------
    (this is the message)
    ----------------------------------------- OK --------------------------------------------------(ok button to dismiss)

    This happens only if setup.exe is in the autorun.inf, if another executable name is in the autorun.inf nothing happens.

    On investigating, seems that whenever setup.exe is called in the autorun.inf, Windows starts the
    "C:\Windows\System32\setup.exe" instead of the one on the DISC.

    I tried to delete the setup.exe is system32, but Windows automatically replaces with another copy from a cache.
    I tried a copy from another computer without this problem, didn't work. I tried a repair install, didn't work. Tried a few registry edits, nothing seems to work.

    I think I am missing some registry setting so that when the setup.exe starts refers to the one on the DISC, or a way to ignore it totally.

    Please help!

    Scan Results:

    Tech Support Guy System Info Utility version
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 3071 Mb
    Graphics Card: ATI Radeon X1050, 512 Mb
    Hard Drives: C: Total - 45841 MB, Free - 18380 MB; D: Total - 360458 MB, Free - 296120 MB; E: Total - 11225 MB, Free - 9934 MB; F: Total - 20661 MB, Free - 13652 MB; G: Total - 30851 MB, Free - 14328 MB; H: Total - 21163 MB, Free - 10170 MB; I: Total - 20598 MB, Free - 13688 MB; J: Total - 132959 MB, Free - 72707 MB; K: Total - 418686 MB, Free - 265973 MB; L: Total - 266923 MB, Free - 16060 MB; M: Total - 662249 MB, Free - 88392 MB; N: Total - 4102 MB, Free - 1123 MB; Q: Total - 17108 MB, Free - 15613 MB; T: Total - 9287 MB, Free - 6683 MB;
    Motherboard: ASUSTeK Computer INC., P5B-Deluxe
    Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    There's probably an autorun.inf file in the root directory on the primary drive that it's reading instead of the one of the installation media.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following code box into the main text field:
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  3. Galton

    Galton Thread Starter

    Aug 5, 2012
    Just done as you suggested.

    1. Run System Look.
    2. Paste the code you posted.
    3. Inserted a CD into the drive.
    4. Message came up again.
    5. Pressed Look button.

    This is the result:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:49 on 05/08/2012 by Tony
    Administrator - Elevation successful

    Invalid Context: filelook

    No Context: autorun.inf

    -= EOF =-
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    I'm sorry, my head must be on backwards. I gave you the wrong command. Please run it again with this script:
  5. Galton

    Galton Thread Starter

    Aug 5, 2012
    This is the result this time:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 01:06 on 06/08/2012 by Tony
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "autorun.inf"
    No files found.

    -= EOF =-

    This is the content of the autorun.inf on the CD:


    Along with the autorun.inf there is a SETUP.EXE in the root of the CD, this SETUP.EXE is the one that should start.

    Instead the file that starts is the one located in "C:\Windows\system32\setup.exe"
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.

    Attached Files:

  7. Galton

    Galton Thread Starter

    Aug 5, 2012
    I just run your Mountpoints Diagnostic.bat and I am uploading the results.

    I had a look in the file and I think the line that is correct is #1802 @="Z:\\setup.exe,0" this is my DVD drive and the disk in it is Windows XP Home, however the proper setup for the disk does not run instead I get this attached message. (see attachment).

    Attached Files:

  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    There is a suspicious entry in there which could be malware:


    But let's run a couple of scans to see if anything comes up.

    Please download DDS by sUBs to your desktop from one of the following locations:


    Double-click the DDS.scr to run the tool.

    When DDS has finished scanning, it will open two logs named as follows:


    Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.

    Please download GMER from: http://gmer.net/index.php

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    What setup is it that you're trying to run?
  10. Galton

    Galton Thread Starter

    Aug 5, 2012
    Read the First Post please.
    The message comes every time a CD is inserted in the drive that has a call for setup.exe in the autorun.inf file.

    Instead of running setup.exe on the CD the one located in C:\Windows\system32\setup.exe will run giving the same message.

    If in the autorun.inf the .exe has a different name nothing happens.
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    Yes, I understand that but was just curious as to which program you were trying to install from the CD.

    You mentioned early on that you had disabled autorun. The only thing I can think to try is re-enable it and see if it runs the correct setup from the CD instead of the XP setup.
  12. Galton

    Galton Thread Starter

    Aug 5, 2012
    I do not use this drive to install much software, because most software is downloaded. However the last time I used this drive to install "Rosetta Stone", (this is a language learning program), it was then that I noticed this message coming up. The message may have appeared before but this is the last time when I noticed it.

    The Installation went OK but another thing that now I remember was that after removing the disk from the drive a message came up, "Wrong Disk in Drive z:\" but Rosetta Stone does not require the disk in the drive since the whole thing is done through the web, and it has been working fine so far without asking for a disk again.

    Thank you for your patience with me.

    Attached here are the files you requested me.

    Attached Files:

  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    I'm posting the logs in the thread to make it easier to refer back to them. Please only attach logs if requested to do so.

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
    Run by Tony at 23:01:03 on 2012-08-08
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2398 [GMT -4:00]
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *Enabled*
    ============== Running Processes ===============
    C:\Program Files\USB Safely Remove\USBSRService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    G:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    G:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
    G:\Program Files\SecurStar\DriveCrypt 5\DCRServ.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    G:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
    g:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    G:\Program Files\Quick PDF Tools\QuickPDFTCP0721.exe
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Direct Folders\df.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Tray Wizard\TWizard.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    Q:\Program Files\ProcessTamer\ProcessTamerTray.exe
    C:\Program Files\Bamboo Dock\BambooCore.exe
    G:\Programs Misc\DesktopTeleporter\Teleport.exe
    C:\Program Files\Kalender\Kalender.exe
    C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    C:\Program Files\HACE\Mmm\Mmm.exe
    C:\Program Files\Rubber Ducky\RubberDucky.exe
    Q:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
    G:\Program Files\PC Magazine Utilities\Desktoplet\Desktoplet.exe
    C:\Program Files\FileBX\FileBX.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
    Q:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    Q:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\FreeCommander\FreeCommander.exe
    Q:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
    C:\Program Files\ViOrb\ViOrb.exe
    Q:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
    Q:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    F:\Program Files\Microsoft ActiveSync\rapimgr.exe
    Q:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.ca/
    uSearch Bar =
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=%s
    uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - g:\progra~1\spybot~1\SDHelper.dll
    BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} -
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Teleporter] g:\programs misc\desktopteleporter\Teleport.exe
    uRun: [Kalender] c:\program files\kalender\Kalender.exe
    uRun: [SkinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe
    uRun: [Mmm] "c:\program files\hace\mmm\Mmm.exe"
    uRun: [AgataSoft_HotKey_Manger]
    uRun: [Rubber Ducky Update Setup] c:\documents and settings\tony\local settings\application data\{f558f646-f9cf-47f2-96ca-07ba8eb6ea61}\rubber ducky.exe /updatesetup
    uRun: [Rubber Ducky Update Setup for All Users] c:\documents and settings\all users\application data\{f558f646-f9cf-47f2-96ca-07ba8eb6ea61}\rubber ducky.exe /updatesetup
    uRun: [MimarSinan Rubber Ducky] "c:\program files\rubber ducky\RubberDucky.exe"
    mRun: [Run StartupMonitor] StartupMonitor.exe
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [DirectFolders] "c:\program files\direct folders\df.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [Tray Wizard] c:\program files\tray wizard\TWizard.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
    mRun: [ProcessTamer] q:\program files\processtamer\ProcessTamerTray.exe
    mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
    mRun: [<NO NAME>] Q:\!RunFromRegistry.exe
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\!timeresynconstartup.lnk - c:\windows\system32\hstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\beyond tv.lnk - q:\program files\snapstream media\beyond tv\BTVAgent2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - g:\program files\pc magazine utilities\desktoplet\Desktoplet.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filebox extender.lnk - c:\program files\filebx\FileBX.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hibernate trigger.lnk - c:\hibernatetrigger\HibernateTrigger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\speed fan.lnk - c:\program files\speedfan\speedfan.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\usb safely remove.lnk - c:\program files\usb safely remove\USBSafelyRemove.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: MaxRecentDocs = 11 (0xb)
    mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
    IE: Open with WordPerfect - h:\program files\wordperfect office x3\programs\WPLauncher.hta
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - f:\program files\microsoft activesync\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - f:\program files\microsoft activesync\INetRepl.dll
    DPF: Microsoft XML Parser for Java
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340512155234
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340512146781
    DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
    DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
    TCP: DhcpNameServer =
    TCP: Interfaces\{9395F856-BDF0-43FF-B680-9EC731E2D47D} : DhcpNameServer =
    Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: AutorunsDisabled\intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - g:\quicktax 2007\ic2007pp.dll
    Handler: AutorunsDisabled\intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - g:\program files\quicktax 2008\ic2008pp.dll
    Handler: AutorunsDisabled\intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - g:\program files\quicktax 2009\ic2009pp.dll
    Handler: AutorunsDisabled\intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - g:\program files\turbotax 2010\ic2010pp.dll
    Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - g:\program files\quicktax 2009\ic2009pp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\symantec\winfax\WfxSeh32.Dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - f:\eudora\EUSHLEXT.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: Nitro PDF Professional - cscript //B "g:\program files\nitro pdf\professional\RemoveOldAddins.vbs"
    Hosts: www.spywareinfo.com
    ================= FIREFOX ===================
    FF - ProfilePath - c:\documents and settings\tony\application data\mozilla\firefox\profiles\im0vnwsz.default\
    FF - prefs.js: browser.startup.homepage - file:///c:\\Documents and Settings/Tony/Application Data/Mozilla/Firefox/Profiles/im0vnwsz.default/bookmarks.html
    FF - prefs.js: network.proxy.ftp -
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher -
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http -
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks -
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl -
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 2
    FF - component: c:\documents and settings\tony\application data\mozilla\firefox\profiles\im0vnwsz.default\extensions\[email protected]\lib\winnt\ff3\AbineComponent.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
    FF - plugin: c:\windows\system32\npacrx.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    FF - plugin: g:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: g:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: g:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: g:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: g:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: g:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: g:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: g:\program files\quicktime\plugins\npqtplugin7.dll
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    ============= SERVICES / DRIVERS ===============
    R0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [2011-10-30 187120]
    R0 DCR;DCR;c:\windows\system32\drivers\DCR.sys [2012-6-29 294408]
    R0 DCVP;DCVP;c:\windows\system32\drivers\DCVP.sys [2012-6-29 19624]
    R0 Evdd;evdd;c:\windows\system32\drivers\evdd.sys [2011-10-30 16360]
    R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2011-4-30 14080]
    R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2011-7-7 102728]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-11 13496]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-13 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-13 353688]
    R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2004-4-23 6144]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [2012-3-21 277576]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-20 532224]
    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;g:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2012-6-14 169312]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-13 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-13 44808]
    R2 CPMService;COMODO Programs Manager Service;g:\program files\comodo\comodo programs manager\CPMservice.exe [2011-9-5 105792]
    R2 DriveCryptService;DriveCrypt Service;g:\program files\securstar\drivecrypt 5\DCRServ.exe [2012-6-29 96680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-8-8 13592]
    R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;g:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2012-4-12 175624]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-4-12 69640]
    R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2010-8-25 109168]
    R2 QuickPDFTCPService0721;Quick PDF Tools Background Service;g:\program files\quick pdf tools\QuickPDFTCP0721.exe [2010-8-13 1918464]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2012-6-19 1646608]
    R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-12-29 5554552]
    R2 USBDLM;USBDLM;c:\usbdlm\USBDLM.exe [2011-10-23 332768]
    R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2012-7-24 1005440]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [2010-8-28 72704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\ubsbm.sys --> c:\windows\system32\drivers\ubsbm.sys [?]
    S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\ubumapi.sys --> c:\windows\system32\drivers\ubumapi.sys [?]
    S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [2012-7-28 816672]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-4-26 16640]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-6-6 23456]
    S3 DSKACT2;DSKACT2; [x]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-4-9 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-4-9 8456]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
    S3 FNSYS;FNSYS; [x]
    S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVServer.exe [2009-8-10 823296]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-3-31 19712]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-3-30 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-3-31 42752]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-3-31 23936]
    S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys --> c:\windows\system32\drivers\psi_mf.sys [?]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-22 27064]
    S3 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-12-29 451960]
    S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys --> c:\windows\system32\drivers\ubohci.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 IObitUnlocker;IObitUnlocker;q:\program files\iobit\iobit unlocker\IObitUnlocker.sys [2012-7-6 27552]
    S4 WS_Sfilter;WS_Sfilter;c:\windows\system32\drivers\wsfilter.sys [2012-6-27 26240]
    =============== Created Last 30 ================
    2012-08-08 18:52:03 -------- d-----w- c:\documents and settings\all users\application data\MaxSyncUp
    2012-08-07 12:04:10 -------- d-----w- C:\setups
    2012-08-07 10:19:08 -------- d-----w- C:\_This is C-Windows
    2012-08-06 14:47:20 15620 ----a-w- c:\windows\system32\SystemRs120.f.SYS
    2012-08-06 14:46:43 -------- d-----w- c:\windows\SysResources Manager
    2012-08-06 05:00:40 23040 ----a-w- c:\windows\setup.exe
    2012-08-06 04:37:40 -------- d-sh--r- C:\cmdcons
    2012-08-06 04:37:30 -------- d-----w- c:\windows\setupupd
    2012-08-04 01:43:30 -------- d-----w- c:\windows\setup.pss
    2012-08-03 15:16:50 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2012-08-03 15:16:49 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2012-07-31 15:38:13 -------- d-----w- c:\program files\RosettaStoneLtdServices
    2012-07-31 15:38:13 -------- d-----w- c:\documents and settings\all users\application data\RosettaStoneLtdServices
    2012-07-29 05:17:39 -------- d-----w- c:\program files\Oracle
    2012-07-29 05:17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-28 20:37:41 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
    2012-07-28 20:37:39 -------- d-----w- c:\program files\Cisco Systems
    2012-07-28 20:37:37 816672 ---ha-w- c:\windows\system32\drivers\AM10XP.sys
    2012-07-28 20:37:37 226592 ---ha-w- c:\windows\system32\RaCoInst.dll
    2012-07-28 20:37:19 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
    2012-07-25 19:44:30 -------- d-----w- c:\documents and settings\tony\local settings\application data\Abelssoft
    2012-07-25 04:37:02 6538 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-07-24 06:14:13 -------- d-----w- c:\documents and settings\tony\application data\USBSRService
    2012-07-24 06:14:10 -------- d-----w- c:\program files\USB Safely Remove
    2012-07-24 05:42:06 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2012-07-24 05:42:06 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2012-07-24 05:19:57 -------- d-----w- c:\documents and settings\all users\application data\Rosetta Stone Backups
    2012-07-24 05:19:57 -------- d-----w- c:\documents and settings\all users\application data\Rosetta Stone
    2012-07-24 05:18:20 -------- d-----w- c:\program files\Rosetta Stone
    2012-07-24 04:48:02 -------- d-----w- c:\program files\Rubber Ducky
    2012-07-24 04:48:01 -------- dc-h--w- c:\documents and settings\all users\application data\{F558F646-F9CF-47F2-96CA-07BA8EB6EA61}
    2012-07-24 04:43:55 -------- d-----w- c:\program files\Direct Folders
    ==================== Find3M ====================
    2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-01 04:21:39 212670 ----a-w- c:\windows\RunSaver.scr
    2012-06-30 03:29:43 1882904 ----a-w- c:\windows\system32\AutoPartNt.exe
    2012-06-29 20:37:56 294408 ----a-w- c:\windows\system32\drivers\DCR.sys
    2012-06-29 20:37:56 19624 ----a-w- c:\windows\system32\drivers\DCVP.sys
    2012-06-16 05:16:06 414 ----a-w- c:\windows\AeDebugSave.reg
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-27 00:05:13 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
    2012-05-24 15:48:23 828416 ----a-w- c:\documents and settings\tony\application data\Setup.exe
    2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-01-12 06:00:44 30208 ----a-w- c:\program files\common files\wmpinfo.dll
    2011-01-12 06:00:42 240128 ----a-w- c:\program files\common files\dsfVorbisDecoder.dll
    2011-01-12 06:00:42 195584 ----a-w- c:\program files\common files\dsfOggDemux2.dll
    2011-01-12 06:00:42 146944 ----a-w- c:\program files\common files\dsfFLACDecoder.dll
    2011-01-12 06:00:40 221184 ----a-w- c:\program files\common files\dsfFLACEncoder.dll
    2011-01-12 06:00:40 204800 ----a-w- c:\program files\common files\dsfNativeFLACSource.dll
    2010-12-17 01:39:36 302592 ----a-w- c:\program files\common files\webmmux.dll
    2010-12-17 01:39:16 701440 ----a-w- c:\program files\common files\vp8encoder.dll
    2010-12-17 01:39:16 412672 ----a-w- c:\program files\common files\vp8decoder.dll
    2010-12-17 01:39:14 292352 ----a-w- c:\program files\common files\webmsplit.dll
    2009-07-12 03:02:04 653120 ----a-w- c:\program files\common files\MSVCR90.dll
    2009-07-12 03:02:02 569664 ----a-w- c:\program files\common files\MSVCP90.dll
    2001-11-30 15:09:50 49152 ----a-r- c:\program files\common files\HDvAvi.dll
    ============= FINISH: 23:01:45.38 ===============
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    DDS (Ver_2011-08-26.01)
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2004/04/23 13:17:47
    System Uptime: 2012/08/08 21:39:03 (2 hours ago)
    Motherboard: ASUSTeK Computer INC. | | P5B-Deluxe
    Processor: Intel Pentium III Xeon processor | LGA 775 | 2933/266mhz
    ==== Disk Partitions =========================
    A: is Removable
    C: is FIXED (NTFS) - 45 GiB total, 16.428 GiB free.
    D: is FIXED (NTFS) - 352 GiB total, 289.18 GiB free.
    E: is FIXED (NTFS) - 11 GiB total, 9.704 GiB free.
    F: is FIXED (NTFS) - 20 GiB total, 13.22 GiB free.
    G: is FIXED (NTFS) - 30 GiB total, 13.966 GiB free.
    H: is FIXED (NTFS) - 21 GiB total, 9.932 GiB free.
    I: is FIXED (NTFS) - 20 GiB total, 13.368 GiB free.
    J: is FIXED (NTFS) - 130 GiB total, 70.314 GiB free.
    K: is FIXED (NTFS) - 409 GiB total, 259.575 GiB free.
    L: is FIXED (NTFS) - 261 GiB total, 28.158 GiB free.
    M: is FIXED (NTFS) - 647 GiB total, 86.33 GiB free.
    N: is FIXED (NTFS) - 4 GiB total, 1.033 GiB free.
    Q: is FIXED (NTFS) - 17 GiB total, 15.226 GiB free.
    T: is FIXED (NTFS) - 9 GiB total, 6.526 GiB free.
    Y: is CDROM ()
    Z: is CDROM ()
    ==== Disabled Device Manager Items =============
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Parallel port driver
    Name: Parallel port driver
    Service: Parport
    ==== System Restore Points ===================
    RP100: 2012/07/29 01:17:39 - Installed JavaFX 2.1.1
    RP101: 2012/07/30 13:07:37 - System Checkpoint
    RP102: 2012/07/31 11:35:22 - Removed Rosetta Stone TOTALe
    RP103: 2012/07/31 11:38:07 - Removed Rosetta Stone TOTALe
    RP104: 2012/07/31 11:38:12 - Removed Rosetta Stone Ltd Services
    RP105: 2012/07/31 11:38:20 - Installed Rosetta Stone TOTALe
    RP106: 2012/08/01 12:10:32 - System Checkpoint
    RP107: 2012/08/02 13:15:20 - System Checkpoint
    RP108: 2012/08/03 11:16:48 - Installed DirectX
    RP109: 2012/08/05 00:43:55 - System Checkpoint
    RP110: 2012/08/07 07:09:54 - System Checkpoint
    RP111: 2012/08/08 15:45:44 - System Checkpoint
    ==== Installed Programs ======================
    1st Page 2000 2.00 Free
    A-PDF Restrictions Remover 1.6
    A1Click Ultra PC Cleaner 1.01 (Registered Version)
    Acronis*Disk Director Suite
    Active@ ISO File Manager v 3.2
    ActivePerl 5.14.2 Build 1402
    Add/Remove Pro (Freeware)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Photoshop Elements
    Adobe Photoshop Elements 8.0
    Advanced Uninstaller PRO - Version 10
    AgataSoft HotKey Manger
    AllOff Version 3.5
    AnVir Task Manager
    AOpen FM56-PX Controllerless PCI Modem
    APO Usb Autorun
    Apple Application Support
    ArcSoft PhotoBase 3
    ArcSoft PhotoBase 4.5
    ArcSoft PhotoBase 4.5 (Shared Components)
    ArcSoft PhotoPrinter 5
    ArcSoft PhotoStudio 6.0
    ARPCache Viewer
    Ashampoo Photo Commander 8 v.8.5.0
    Ashampoo Photo Optimizer 3 v.3.13
    Ashampoo Registry Cleaner v.1.00
    Ashampoo Undeleter v.1.1.0
    ASUS ATI Driver
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control & Encoder
    Atomic Alarm Clock 5.61
    Autodesk SketchBookExpress 2011
    avast! Free Antivirus
    AviSynth 2.5
    AVIVO Codecs
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Bamboo Dock
    BartPE Add-on for Acronis True Image 11 Home
    Belarc Advisor 8.1
    Beyond Sync
    Bibbia italiana
    Borland Database Engine Setup
    Briefcase Plus version 2.0.3
    BurstCopy v2.700
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon CanoScan Toolbox 4.1
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon G.726 WMP-Decoder
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 3.0
    Canon MP640 series MP Drivers
    Canon My Printer
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Solution Menu
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Choice Guard
    Cleanse Uninstaller Pro 10.0
    ClearType Tuning Control Panel Applet
    Clipboards 2.01
    Color Efex Pro 3.0 Wacom Edition 3
    COMODO Programs Manager
    Compatibility Pack for the 2007 Office system
    Contacts Geocoder
    Corel Applications
    Corel Graphics Suite 11
    Corel WordPerfect Suite 8
    CyberLink PowerDVD 8
    Data Lifeguard Tools
    DCE AutoEnhance 3.3
    DCE Tools 1.0
    Direct Folders
    Disc Manager 1.04
    Disk Pulse 2.7.14
    DriveCrypt 5.4
    Driver Genius Professional Edition
    DVD-lab PRO 2.2
    DVD-lab PRO 2.3
    DVD-lab Studio 1.25
    DVD Decrypter (Remove Only)
    DVD Menu Studio 1.1
    DVD Shrink 3.2
    DVD slideshow GUI
    DVDFab Decrypter
    DVDFab Media Player (27/07/2012)
    EASEUS Partition Master 9.1.1 Home Edition
    EditStudio 6.0.5
    EndItAll 2.0
    ERUNT 1.1j
    Eudora Pro Email
    eWallet for Windows PCs
    ExifyMe version 1.0
    FastStone Image Viewer 4.6
    FastStone Photo Resizer 2.9
    FBackup 4
    ffdshow [rev 3029] [2009-07-10]
    File Scavenger 3.1
    FileBox eXtender
    FileHippo.com Update Checker
    FileMaker Pro 5.5
    FileMenu Tools
    FileTouch 2.1
    Firesage MBRWizard
    Flash File Recovery v2.0
    Font Xplorer 1.2.2
    FormatFactory 2.70
    FormTool 6
    Foxit Reader
    Free Font Renamer 2.1
    Free Launch Bar
    Free Loan Calculator
    Free Video to MP3 Converter version
    Free&Easy Font Viewer 2.0
    FreeCommander 2009.02b
    FreeCommander XE
    Garmin Communicator Plugin
    Garmin POI Loader
    Garmin USB Drivers
    Garmin WebUpdater
    GeePeeEx Editor - 5 Waypoint TRIAL VERSION V1.3.2
    GPL Ghostscript
    GUI for dvdauthor 1.07
    Hauppauge WinTV
    Hauppauge WinTV Infrared Remote
    Hauppauge WinTV IR Blaster
    Hauppauge WinTV Scheduler
    Hauppauge WinTV TV Services
    HDD Health v3.3 Beta
    HHD Software Hex Editor
    Hibernate Trigger
    Hongsoft Free Video Converter version 2.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HotKey Detective (PC Magazine)
    HP My Display
    Icons from File 5.01
    iDailyDiary 3.71
    Idle Monitor 1.0
    InfoTag Magic 1.0
    Intel RSX 3D
    Intel(R) Rapid Storage Technology
    InterVideo FilterSDK for Hauppauge
    Investment And Loan Calculator v1.1
    IrfanView (remove only)
    Iron Key
    IsoBuster 2.5
    iView Catalog Reader (remove only)
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    JMicron JMB36X Driver
    K-Lite Codec Pack 6.0.4 (Basic)
    Kingsoft Writer (
    Kremlin 2.21
    Lernout & Hauspie TruVoice American English TTS Engine
    LG USB Modem driver
    LinkIconShim (32bit)
    LiveAdvisor (Symantec Corporation)
    Logitech SetPoint
    Lynx 2.8.5rel.1
    Macromedia FreeHand MX
    Magic ISO Maker v5.4 (build 0237)
    MagicDisc 2.7.106
    Malware Destroyer
    Malwarebytes' Anti-Malware version
    Manual CanoScan 5000,5000F,8000F
    Marvell Miniport Driver
    MemoClip Pro 1.55
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Calculator Plus
    Microsoft Data Access Components KB870669
    Microsoft Managed DirectX (1126)
    Microsoft Outlook 2000
    Microsoft Tool Web Package : SETX.EXE
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XML Parser
    MimarSinan Rubber Ducky
    Mini Calculator
    Mobipocket Creator 4.0 - Home Edition
    Mobipocket Creator 4.1
    MobiPocket Publisher 3.0
    MobiPocket Reader PC
    Motorola Phone Tools
    MozBackup 1.5.1
    Mozilla Firefox 8.0.1 (x86 en-US)
    Mp3tag v2.48
    MSXML 4.0
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Musicmatch® Jukebox
    MyAlbum version 2.5.13
    Nero Suite
    NirSoft IconsExtract
    Nitro Pro 7
    Object Fix Zip
    OpenOffice.org 3.4
    OurSecret 2.5
    Paragon Backup and Recovery™ 11 Compact
    Paragon Migrate OS to SSD™ 2.0 Special Edition
    PC Magazine Defrag-A-File 2.0.2
    PC Magazine Desktoplet
    PC Magazine DiskAction v2.4
    PC Magazine File Utility Pack
    PC Magazine StoreItAll 1.2
    PC Magazine Top Stats
    PC Probe II
    PCMagazine HD HeartBeat Version 1.0
    PDF Merge plug-in for TinyPDF 1.0.2
    PDF Protector Splitter and Merger Pro
    PdfBooklet 2.1
    PE Builder 3.1.10a
    Perfect Screen Ruler 3.0
    Photo Explosion Deluxe
    Photo2DVD Studio Build
    PhotoStitcher 1.0
    Pivot Software
    Pradis Do Not Remove
    Pradis: NIV Holy Bible
    PrinterShare 2.3.04
    Process Tamer 2.11.01
    Programmer's Notepad
    PSPad editor
    Pure Motion EditStudio 5
    Quick PDF Tools
    QuickTax 2003 Standard
    QuickTax 2005
    QuickTax 2008
    QuickTax 2009
    QuickVerse 6.0
    QuickVerse Library
    QuickVerse Library Book Manager
    RegVac Registry Cleaner 5.02 (Registered Version)
    Renamer 1.1
    Resco Audio Recorder
    Resco Explorer 2003
    Resco Picture Viewer
    Resco Utility Package
    Revo Uninstaller Pro 2.5.3
    Roadkil's Unstoppable Copier Version 5.2
    Rosetta Stone Ltd Services
    Rosetta Stone TOTALe
    Roxio Easy Media Creator 8 Suite
    Rubber Ducky
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2675157)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2699988)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Segoe UI
    Serif DrawPlus X5
    Serif MoviePlus X5
    Serif PagePlus X5
    Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
    Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
    Shell Tools
    SIW version 2010.03.10
    Smart Defrag 2
    SmartSound Quicktracks Plugin
    SnapStream Beyond TV 4.9.3
    SnapStream Firefly Mini 1.0.2
    SpeedFan (remove only)
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    Startup Cop Pro 3.0
    Symantec WinFax PRO 10.0
    SysResources Manager
    System Scheduler 4.12
    Task ForceQuit Pro version 1.0.2
    TeraCopy 2.12
    TextBridge Pro 98
    The Ultimate Troubleshooter
    ThunderSoft Flash Slideshow Factory (
    Time Zone Data Update Tool for Microsoft Office Outlook
    TinyPDF 2.0
    TMPGEnc DVD Source Creator
    Tray Wizard 4.03
    TuneUp Utilities 2009
    TurboTax 2010
    Tweak UI
    U.S. Robotics V.92 PCI Faxmodem
    UK's Kalender 2.3.2
    Ultima Steganography 1.6
    Undelete Plus 2.98
    Universal Viewer
    Unlocker 1.9.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Windows XP (KB2718704)
    Update Manager
    USB Safely Remove 5.1
    VBA (2627.01)
    VectorVest 7
    VideoReDo TVSuite Version
    VideoReDo TVSuite Version
    VideoReDo/Plus Version
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Visual CD
    Visual MP3 Splitter & Joiner 6.0
    Visual Studio 2005 Redist Package
    VLC media player 2.0.1
    VSO CopyToDVD 4
    WD Diagnostics
    WebFldrs XP
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Automated Installation Kit
    Windows Backup Utility
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009
    Windows Installer Clean Up
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 9 Series TweakMP PowerToy
    Windows Resource Kit Tools
    WinRescue XP
    WinZip 12.1
    Wondershare Disk Manager Free(build 1.0.0)
    Wondershare Video Converter Platinum(Build
    WordPerfect Office X3
    XML Paper Specification Shared Components Pack 1.0
    XP Smoker 2.4
    XP Smoker Free Edition 6.0
    XUS Desktop x32 & x64 GOTD Edition 1.8.80
    Xvid 1.1.3 final uninstall
    XXConsole: Super Console Generator ver 0.96
    YouSendIt Express
    ==== Event Viewer Messages From Past Week ========
    2012/08/08 15:27:46, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'ViOrb-OneStep01.exe' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
    2012/08/07 07:44:30, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'cif.exe' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
    2012/08/06 10:21:33, error: JRAID [9] - The device, \Device\Scsi\JRAID1, did not respond within the timeout period.
    2012/08/03 11:16:48, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'system32' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
    2012/08/03 01:32:59, error: Srv [2011] - The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.
    2012/08/03 01:31:13, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'Cryptography' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
    2012/08/03 01:31:11, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
    2012/08/03 01:31:11, error: Service Control Manager [7002] - The Unibrain 1394 SBM Driver service depends on the UB1394 Miniport group and no member of this group started.
    2012/08/03 01:31:11, error: Service Control Manager [7002] - The Unibrain 1394 FireAPI Driver service depends on the UB1394 Miniport group and no member of this group started.
    2012/08/03 01:31:11, error: Service Control Manager [7000] - The Unibrain 1394 OHCI Driver service failed to start due to the following error: The system cannot find the file specified.
    2012/08/03 01:31:11, error: Service Control Manager [7000] - The MAPMEM service failed to start due to the following error: The system cannot find the file specified.
    2012/08/03 01:31:04, error: Print [23] - Printer Easy PDF Creator failed to initialize because a suitable Easy PDF Creator driver could not be found.
    2012/08/03 00:08:14, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PVR that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9395F856-BDF0-43FF-B680. The master browser is stopping or an election is being forced.
    2012/08/02 16:53:22, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
    2012/08/02 01:56:59, error: Service Control Manager [7034] - The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).
    ==== End Of File ===========================
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    GMER - http://www.gmer.net
    Rootkit quick scan 2012-08-08 23:04:07
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-AGIL rev.2.22
    Running: vjp6tbmd.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\pwliapoc.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9FE5A162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9FE59FCD]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device iaStor.sys (Intel Rapid Storage Technology driver - x86/Intel Corporation)
    Device jraid.sys (JMicron JMB36X RAID Driver/JMicron Technology Corp.)
    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice cumon.sys (CRCMon System Filter Driver/Windows (R) Win 7 DDK provider)

    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 DCR.sys
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 DCR.sys

    ---- EOF - GMER 1.0.15 ----
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063880