Tech Support banner

Status
Not open for further replies.
1 - 16 of 16 Posts

·
Registered
Joined
·
11 Posts
Discussion Starter · #1 ·
Please i need help,if any qute guy please help me!
When ever i open windows a message appears saying
The application failed to initialize properly error code(0xocooooo5)
It also happens when i try to right click trying to open properties.
This is the hijack log file.
PLEASE HELP MEEEE!!!
thanks


Deckard's System Scanner v20071014.68
Run by Nicole Collett on 2008-08-08 10:43:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
85: 2008-08-08 14:34:20 UTC - RP1055 - Deckard's System Scanner Restore Point
84: 2008-08-07 16:33:46 UTC - RP1054 - RegCure Backup
83: 2008-08-07 11:50:18 UTC - RP1053 - System Checkpoint
82: 2008-08-04 21:22:28 UTC - RP1052 - Installed Java(TM) 6 Update 7
81: 2008-08-04 20:59:53 UTC - RP1051 - RegCure Backup


-- First Restore Point --
1: 2008-07-29 00:32:10 UTC - RP971 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-08 10:45:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\agrsmmsg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\RPS.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\WINDOWS\system32\hphipm09.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Documents and Settings\Nicole Collett\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60316
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {47e16c6e-a1c8-c63a-c344-2218f70b656e} - {e656b07f-8122-443c-a36c-8c1ae6c61e74} - C:\WINDOWS\system32\eosupp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - blank (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: eosupp.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\hphipm09.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe


--
End of file - 15775 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - unable to read value
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 MMRTKRNL - c:\windows\system32\drivers\mmrtkrnl.sys <Not Verified; ALCATech; ALCATech Realtime Audio Kernel>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys <Not Verified; TOSHIBA; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; >
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 VaultClientUpgrade (Personal Vault Upgrade Service) - c:\program files\personal vault\vaultclientupgrade.exe <Not Verified; BELL; Backup Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\8A40361A23F61
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\8A40361A23F61
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-08-08 10:37:30 456 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-08-04 16:51:09 390 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-07-20 03:30:00 420 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job


-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-08 10:37:26 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-08-04 19:38:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:23:10 0 d-------- C:\Program Files\XoftSpySE
2008-08-04 16:28:33 0 d-------- C:\WINDOWS\RegCure
2008-08-04 16:28:33 0 d-------- C:\Program Files\RegCure
2008-08-03 20:30:35 100864 --a------ C:\WINDOWS\system32\qgrlhp.dll
2008-08-03 20:30:34 100864 --a------ C:\WINDOWS\system32\nwlrbwcc.dll
2008-08-03 20:28:51 90624 --a------ C:\WINDOWS\system32\vfediiaw.dll
2008-08-02 17:56:04 100864 --a------ C:\WINDOWS\system32\iaqleu.dll
2008-08-02 17:56:02 100864 --a------ C:\WINDOWS\system32\rfqsrrye.dll
2008-08-01 17:54:55 102400 --a------ C:\WINDOWS\system32\eosupp.dll
2008-08-01 17:54:54 102400 --a------ C:\WINDOWS\system32\lvqxixmi.dll
2008-08-01 17:51:55 90624 --a------ C:\WINDOWS\system32\eekmsxor.dll
2008-07-31 17:56:41 95232 --a------ C:\WINDOWS\system32\rtveun.dll
2008-07-31 17:56:40 95232 --a------ C:\WINDOWS\system32\evuwvmiv.dll
2008-07-31 17:50:41 90112 --a------ C:\WINDOWS\system32\eidxdfsa.dll
2008-07-30 17:51:32 95744 --a------ C:\WINDOWS\system32\aeybps.dll
2008-07-30 17:51:31 95744 --a------ C:\WINDOWS\system32\lrwqneac.dll
2008-07-30 17:49:21 89600 --a------ C:\WINDOWS\system32\npmmjyjx.dll
2008-07-29 09:11:34 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-29 08:41:09 94720 --a------ C:\WINDOWS\system32\cxjkps.dll
2008-07-29 08:41:08 94720 --a------ C:\WINDOWS\system32\erxhgasd.dll
2008-07-29 08:35:08 89600 --a------ C:\WINDOWS\system32\espobtfh.dll
2008-07-28 20:33:51 91136 --a------ C:\WINDOWS\system32\wjjihboc.dll
2008-07-28 19:56:42 0 d-------- C:\Program Files\Personal Vault
2008-07-28 19:55:41 0 d-------- C:\Program Files\Common Files\Authentium
2008-07-28 19:55:25 0 d-------- C:\Program Files\Raxco
2008-07-28 19:55:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-28 19:55:13 0 d-------- C:\Program Files\CA
2008-07-28 19:55:10 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-28 19:32:57 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\SoftwareDetectionScripts
2008-07-28 19:21:05 0 d-------- C:\Program Files\Common Files\PC Tools
2008-07-28 19:21:02 0 d-------- C:\Program Files\Bell
2008-07-28 19:12:13 0 d-------- C:\Program Files\Common Files\PC Tools(2)
2008-07-28 19:01:06 0 d-------- C:\Program Files\Bell(2)
2008-07-24 15:25:54 0 d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-24 15:25:51 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-07-22 10:12:33 0 d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-07-22 10:11:47 0 d-------- C:\Program Files\MSECache
2008-07-22 10:00:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-22 09:30:08 0 d-------- C:\Program Files\YPOPs
2008-07-19 11:58:35 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\GlarySoft


-- Find3M Report ---------------------------------------------------------------

2008-08-08 10:43:11 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\Skype
2008-08-04 20:04:34 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\uTorrent
2008-08-04 19:37:02 0 d-------- C:\Program Files\Downloads
2008-08-04 17:24:19 0 d-------- C:\Program Files\Java
2008-07-30 22:28:19 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\Mozilla
2008-07-29 08:52:45 0 d-------- C:\Program Files\VirtualDJ
2008-07-28 19:58:42 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\Bell
2008-07-28 19:55:41 0 d-------- C:\Program Files\Common Files
2008-07-28 19:54:59 1809 --a------ C:\Program Files\Sympatico Security Manager.lnk
2008-07-28 19:51:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 19:39:54 471 --a------ C:\Documents and Settings\Nicole Collett\Application Data\UpdateStore.xml
2008-07-28 19:39:54 1277 --a------ C:\Documents and Settings\Nicole Collett\Application Data\SoftwarePackageStore.xml
2008-07-28 19:39:54 518 --a------ C:\Documents and Settings\Nicole Collett\Application Data\EventStore.xml
2008-07-28 19:39:54 376 --a------ C:\Documents and Settings\Nicole Collett\Application Data\ConfigurationStore.xml
2008-07-28 19:39:54 48063 --a------ C:\Documents and Settings\Nicole Collett\Application Data\client_gateway.log
2008-07-28 19:39:54 475 --a------ C:\Documents and Settings\Nicole Collett\Application Data\CampaignStore.xml
2008-07-28 19:21:46 0 d-------- C:\Program Files\Spyware Doctor
2008-07-24 15:25:56 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-21 12:46:38 0 d-------- C:\Program Files\Setups
2008-07-07 11:51:45 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\ErrorSmart
2008-07-04 10:43:23 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-04 10:43:21 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\Webroot
2008-07-04 10:43:20 0 d-------- C:\Program Files\Webroot
2008-06-23 20:18:09 0 d-------- C:\Program Files\MPIO
2008-06-23 20:01:19 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\Creative
2008-06-22 15:35:00 0 d-------- C:\Documents and Settings\Nicole Collett\Application Data\LimeWire
2008-06-01 13:25:18 1083 --a------ C:\Program Files\INSTALL.LOG
2008-05-29 19:11:40 529 --a------ C:\Program Files\Shortcut to Registry Mechanic.lnk


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-08-08 10:46:41 ------------
 

Attachments

·
TSF-Emeritus
Joined
·
15,384 Posts
Re: Error message,application failed to initialize properly error(0xoc0000005)helpppp

Hello and welcome to TSF.:smile:

Sorry for the delay in reply. If you still need assistance, please post a fresh log as it has been a while since you posted.
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

Hi,

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #5 ·
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

Logfile of random's system information tool (written by random/random)
Run by Nicole Collett at 2008-08-28 16:27:16
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 32 GB (33%) free of 95 GB
Total RAM: 1014 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:28 PM, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\VirtualDJ\Main Program\virtualdj.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicole Collett\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole Collett.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {47e16c6e-a1c8-c63a-c344-2218f70b656e} - {e656b07f-8122-443c-a36c-8c1ae6c61e74} - C:\WINDOWS\system32\eosupp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - blank (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Nicole Collett"
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eosupp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 14470 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e656b07f-8122-443c-a36c-8c1ae6c61e74}]
C:\WINDOWS\system32\eosupp.dll [2008-08-01 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - blank []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-12-13 53248]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-12-01 671744]
"ZoomingHook"=C:\WINDOWS\SYSTEM32\ZoomingHook.exe [2005-06-06 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536]
"TCtryIOHook"=C:\WINDOWS\SYSTEM32\TCtrlIOHook.exe [2005-12-05 28672]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\SYSTEM32\TDispVol.exe [2005-12-27 73728]
"TPSMain"=C:\WINDOWS\SYSTEM32\TPSMain.exe [2005-05-31 282624]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-14 88203]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-01-05 40960]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 802816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe [2006-10-06 942080]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
"BellCanada_McciTrayApp"=C:\Program Files\BellCanada\McciTrayApp.exe [2007-08-09 930816]
"HPHmon03"=C:\WINDOWS\system32\hp [2007-06-02 1096844]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2006-01-13 196608]
"SSA.exe"=C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816]
"Sympatico Security Manager"=C:\Program Files\Bell\Security Manager\Rps.exe [2008-03-10 311024]
"-FreedomNeedsReboot"=C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe [2008-03-10 13552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Bell\Security Manager\IdxClnR.exe [2008-03-10 61168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Bell\Security Manager\IdxClnR.exe [2008-03-10 61168]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe [2007-11-26 55624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
C:\WINDOWS\system32\hp [2007-06-02 1096844]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nicole Collett^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-08-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eosupp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\SYSTEM32\Ati2evxx.dll [2005-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\SYSTEM32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.207.50/255.255.255.255:Enabled:ActiveSync RAPI Manager"
"C:\Documents and Settings\Nicole Collett\Desktop\Unused Desktop Shortcuts\utorrent.exe"="C:\Documents and Settings\Nicole Collett\Desktop\Unused Desktop Shortcuts\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicole Collett\Desktop\Unused\utorrent.exe"="C:\Documents and Settings\Nicole Collett\Desktop\Unused\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\NCH Swift Sound\Axon\axon.exe"="C:\Program Files\NCH Swift Sound\Axon\axon.exe:*:Disabled:axon"
"C:\Program Files\GlobalIPTel\softphone.exe"="C:\Program Files\GlobalIPTel\softphone.exe:*:Enabled:Softphone Application"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Nicole Collett\Desktop\utorrent.exe"="C:\Documents and Settings\Nicole Collett\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:paltalkScene"
"C:\Documents and Settings\Nicole Collett\Local Settings\Temp\Rar$EX06.235\Paltalk.exe"="C:\Documents and Settings\Nicole Collett\Local Settings\Temp\Rar$EX06.235\Paltalk.exe:*:Enabled:palTalk for Windows"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Anonymity Gateway\Anonymity Gateway.exe"="C:\Program Files\Anonymity Gateway\Anonymity Gateway.exe:*:Enabled:Anonymity Gateway"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Nicole Collett\Desktop\utorrent(3).exe"="C:\Documents and Settings\Nicole Collett\Desktop\utorrent(3).exe:*:Enabled:µTorrent"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine"
"C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"="C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe:*:Enabled:ConfigFree(TM) Tray"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

File associations

.js - edit -
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-08-28 16:27:16 ----D---- C:\rsit
2008-08-27 09:18:46 ----D---- C:\Program Files\Trend Micro
2008-08-08 10:34:20 ----D---- C:\WINDOWS\ERDNT
2008-08-08 10:33:31 ----D---- C:\Deckard
2008-08-04 19:38:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:23:10 ----D---- C:\Program Files\XoftSpySE
2008-08-04 17:24:27 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-04 17:24:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-04 17:24:26 ----A---- C:\WINDOWS\system32\java.exe
2008-08-04 17:11:28 ----A---- C:\jxpiinstall.exe
2008-08-04 16:28:33 ----D---- C:\WINDOWS\RegCure
2008-08-04 16:28:33 ----D---- C:\Program Files\RegCure
2008-08-03 20:30:35 ----A---- C:\WINDOWS\system32\qgrlhp.dll
2008-08-03 20:30:34 ----A---- C:\WINDOWS\system32\nwlrbwcc.dll
2008-08-03 20:28:51 ----A---- C:\WINDOWS\system32\vfediiaw.dll
2008-08-02 17:59:14 ----SH---- C:\WINDOWS\system32\lejbmbni.ini
2008-08-02 17:56:04 ----A---- C:\WINDOWS\system32\iaqleu.dll
2008-08-02 17:56:02 ----A---- C:\WINDOWS\system32\rfqsrrye.dll
2008-08-01 17:54:55 ----A---- C:\WINDOWS\system32\eosupp.dll
2008-08-01 17:54:54 ----A---- C:\WINDOWS\system32\lvqxixmi.dll
2008-08-01 17:51:55 ----A---- C:\WINDOWS\system32\eekmsxor.dll
2008-07-31 17:56:41 ----A---- C:\WINDOWS\system32\rtveun.dll
2008-07-31 17:56:40 ----A---- C:\WINDOWS\system32\evuwvmiv.dll
2008-07-31 17:53:42 ----SH---- C:\WINDOWS\system32\sujhxcmf.ini
2008-07-31 17:50:41 ----A---- C:\WINDOWS\system32\eidxdfsa.dll
2008-07-30 17:54:48 ----SH---- C:\WINDOWS\system32\yooiskfv.ini
2008-07-30 17:51:32 ----A---- C:\WINDOWS\system32\aeybps.dll
2008-07-30 17:51:31 ----A---- C:\WINDOWS\system32\lrwqneac.dll
2008-07-30 17:49:21 ----A---- C:\WINDOWS\system32\npmmjyjx.dll
2008-07-29 09:14:51 ----A---- C:\windows-kb890830-v2.0.exe
2008-07-29 09:11:34 ----D---- C:\Program Files\Microsoft Silverlight
2008-07-29 09:10:47 ----A---- C:\Silverlight.exe
2008-07-29 08:41:09 ----A---- C:\WINDOWS\system32\cxjkps.dll
2008-07-29 08:41:08 ----A---- C:\WINDOWS\system32\erxhgasd.dll
2008-07-29 08:38:11 ----SH---- C:\WINDOWS\system32\icwgougu.ini
2008-07-29 08:35:08 ----A---- C:\WINDOWS\system32\espobtfh.dll
2008-07-28 20:35:10 ----SH---- C:\WINDOWS\system32\vuawhkkx.ini
2008-07-28 20:33:51 ----A---- C:\WINDOWS\system32\wjjihboc.dll
2008-07-28 20:33:51 ----A---- C:\WINDOWS\pskt.ini
2008-07-28 20:33:51 ----A---- C:\WINDOWS\BM8ba00846.txt
2008-07-28 20:33:24 ----A---- C:\WINDOWS\system32\83b0ffa4-.txt
2008-07-28 19:56:42 ----D---- C:\Program Files\Personal Vault
2008-07-28 19:55:41 ----D---- C:\Program Files\Common Files\Authentium
2008-07-28 19:55:25 ----D---- C:\Program Files\Raxco
2008-07-28 19:55:25 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-28 19:55:13 ----D---- C:\Program Files\CA
2008-07-28 19:55:10 ----D---- C:\Program Files\Common Files\Scanner
2008-07-28 19:34:09 ----A---- C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe
2008-07-28 19:32:57 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\SoftwareDetectionScripts
2008-07-28 19:21:05 ----D---- C:\Program Files\Common Files\PC Tools
2008-07-28 19:21:02 ----D---- C:\Program Files\Bell
2008-07-28 19:12:13 ----D---- C:\Program Files\Common Files\PC Tools(2)
2008-07-28 19:01:06 ----D---- C:\Program Files\Bell(2)
2008-07-24 15:25:54 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-24 15:25:51 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-07-22 10:12:33 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2008-07-22 10:11:47 ----D---- C:\Program Files\MSECache
2008-07-22 10:11:07 ----A---- C:\OutlookConnector.exe
2008-07-22 10:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-22 09:30:08 ----D---- C:\Program Files\YPOPs
2008-07-19 14:11:41 ----A---- C:\plug_in.ini
2008-07-19 11:58:35 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\GlarySoft
2008-07-10 18:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-07 11:50:29 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\ErrorSmart
2008-07-04 10:43:21 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\Webroot
2008-07-04 10:43:20 ----D---- C:\Program Files\Webroot
2008-07-04 10:43:20 ----D---- C:\Program Files\Common Files\Webroot Shared
2008-07-04 10:43:20 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-04 10:42:51 ----A---- C:\WINDOWS\Unwash6.exe
2008-06-20 17:39:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-10 22:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-10 22:27:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-10 22:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-10 22:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-01 18:20:21 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\Creative
2008-06-01 18:12:52 ----N---- C:\WINDOWS\Ctregrun.exe
2008-06-01 18:10:50 ----D---- C:\Program Files\Audible
2008-06-01 18:09:22 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-01 18:08:12 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-01 18:08:12 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-01 18:07:56 ----D---- C:\Program Files\Creative
2008-06-01 18:07:48 ----D---- C:\Program Files\Common Files\Creative
2008-06-01 18:07:47 ----HD---- C:\Program Files\Creative Installation Information
2008-05-29 18:28:25 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-05-29 18:28:19 ----D---- C:\Program Files\Registry Mechanic
2008-05-29 18:27:27 ----A---- C:\Program Files\Registry mechanic.exe
2008-05-29 18:23:31 ----A---- C:\Program Files\rminstall.exe

List of drivers

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-12-01 11264]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-01-26 21425]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-07-09 834448]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-01-09 55296]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-14 1122656]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\system32\DRIVERS\hphid409.sys [2006-01-13 50800]
R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\system32\DRIVERS\hphipr09.sys [2006-01-13 16112]
R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2006-01-13 50211]
R3 Dot4Usb HPH09;Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [2006-01-13 18864]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-29 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\system32\drivers\ikfilesec.sys []
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MREMP50a64.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MRESP50a64.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-02 20648]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2007-12-01 42512]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-19 47360]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 snpstd2;USB PC Camera (SN9C103); C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 302720]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\Drivers\Tbiosdrv.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\system32\drivers\USBAAPL.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-21 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Ipfapavib;Ipfapavib; C:\WINDOWS\system32\drivers\Ipfapavib.sys []

List of services

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-07-09 177416]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2007-04-10 284176]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 303104]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 327680]
R2 RP_FWS;Sympatico Security Manager Firewall; C:\Program Files\Bell\Security Manager\Fws.exe [2008-03-10 303344]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-04-21 1174664]
R2 VaultClientUpgrade;Personal Vault Upgrade Service; C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
R3 Pml Driver;Pml Driver; C:\WINDOWS\system32\HP [2007-06-02 1096844]
R3 RPSUpdaterR;Sympatico Security Manager Update Service; C:\Program Files\Bell\Security Manager\rpsupdaterR.exe [2008-03-10 99568]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-03 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Radialpoint Security Services;Sympatico Security Manager; C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-04-04 747912]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-04-04 948616]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]

-----------------EOF-----------------
info.txt logfile of random's system information tool 2008-08-28 16:27:33

Uninstall list

-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Internet Check-Up-->C:\Program Files\BellCanada\bcunwise.exe
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011C-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PerfectDisk-->MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PPSDKRedistributables-->MsiExec.exe /I{C144C566-21EF-4F8C-9667-40CF19E6AED0}
RegCure-->"C:\WINDOWS\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml"
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
RPS Ad Blocker-->MsiExec.exe /I{05D0A02F-616D-4F2F-B143-1EDFD4954117}
RPS AntiFraud-->MsiExec.exe /I{33E42E0F-DE63-4527-80F6-C54F749D4F72}
RPS AntiSpyware-->MsiExec.exe /I{3A4EA99A-9CFB-4F21-8DBC-B55318791346}
RPS AntiVirus-->MsiExec.exe /I{2F645B95-2EE3-4D12-B1F1-92792A5A0475}
RPS App Detector-->MsiExec.exe /I{16F44008-A0B2-4F1D-8077-4EF3CECCF2A8}
RPS AsRealtime-->MsiExec.exe /I{D919664A-4246-4FC1-A781-84631737EBF3}
RPS Backup-->MsiExec.exe /I{A1A3D151-0707-4F6D-9DC1-8FAA6B8B152B}
RPS Burn-->MsiExec.exe /I{9ED8C15D-35E7-4A4B-B103-C234A9600CCB}
RPS Diagnostic Utility-->MsiExec.exe /I{17E8D1B6-A3B0-4F86-9D4B-B5B74FCE6CF8}
RPS Firewall-->MsiExec.exe /I{FF50571F-15FF-4435-97E1-7BB70EAA53A0}
RPS ParentalControl-->MsiExec.exe /I{EBCA18FC-A574-4EE1-B86B-87AB483C628C}
RPS Performance Tool-->MsiExec.exe /I{ED2E9BCD-B68A-40F7-AE60-A530F3D30370}
RPS PopupBlocker-->MsiExec.exe /I{B12897AC-1B80-41EE-B9A2-B965F766D157}
RPS Privacy Manager-->MsiExec.exe /I{2403195D-95B9-42ED-BE2E-EB2A5A6E1648}
RPS RpsCore-->MsiExec.exe /I{77A490DB-BBB8-4809-A0D5-37B592D76CED}
RPS Security Cleanup-->MsiExec.exe /I{E39707C3-A285-467E-BEDE-E63A1AFF32FC}
RPS Zip-->MsiExec.exe /I{AFE925E3-AEB4-4BBB-B97D-022135B50ED6}
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Sympatico Security Advisor 1.5.11-->"C:\Program Files\Bell\Sympatico Security Advisor\unins000.exe"
Sympatico Security Manager-->C:\Program Files\InstallShield Installation Information\{76AA8F37-51BD-445F-B355-293A72D6A291}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Zooming Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Window Washer-->C:\WINDOWS\Unwash6.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
YPOPs! 0.9.6-->"C:\Program Files\YPOPs\unins000.exe"
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009

Security center information

AV: Spyware Doctor with AntiVirus (disabled)
AV: Sympatico Security Manager Anti-Virus
FW: Sympatico Security Manager Firewall

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\;C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\;C:\Program Files\CA\PPRT\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

Hi,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide very carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #7 ·
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

ComboFix 08-08-29.02 - Nicole Collett 2008-08-29 20:45:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.598 [GMT -4:00]
Running from: C:\Documents and Settings\Nicole Collett\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicole Collett\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
ADS - system32: deleted 69767 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


.

C:\Documents and Settings\Nicole Collett\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Nicole Collett\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Nicole Collett\Application Data\inst.exe
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\bin.clearspring.com
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\interclick.com
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\interclick.com\ud.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\static.youku.com
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\static.youku.com\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\static.youku.com\v1.0.0219\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\static.youku.com\v1.0.0275\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\www.youku.com
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\#SharedObjects\LGK9WPKE\www.youku.com\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youku.com
C:\Documents and Settings\Nicole Collett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youku.com\settings.sol
C:\WINDOWS\BM8ba00846.txt
C:\WINDOWS\BM8ba00846.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aeybps.dll
C:\WINDOWS\system32\cxjkps.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eekmsxor.dll
C:\WINDOWS\system32\eidxdfsa.dll
C:\WINDOWS\system32\eosupp.dll
C:\WINDOWS\system32\erxhgasd.dll
C:\WINDOWS\system32\espobtfh.dll
C:\WINDOWS\system32\evuwvmiv.dll
C:\WINDOWS\system32\iaqleu.dll
C:\WINDOWS\system32\icwgougu.ini
C:\WINDOWS\system32\lejbmbni.ini
C:\WINDOWS\system32\lrwqneac.dll
C:\WINDOWS\system32\lvqxixmi.dll
C:\WINDOWS\system32\npmmjyjx.dll
C:\WINDOWS\system32\nwlrbwcc.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\qgrlhp.dll
C:\WINDOWS\system32\REGOBJ.DLL
C:\WINDOWS\system32\rfqsrrye.dll
C:\WINDOWS\system32\rtveun.dll
C:\WINDOWS\system32\sujhxcmf.ini
C:\WINDOWS\system32\vfediiaw.dll
C:\WINDOWS\system32\vuawhkkx.ini
C:\WINDOWS\system32\wjjihboc.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\yooiskfv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.

2008-08-28 16:27 . 2008-08-28 16:27 <DIR> d-------- C:\rsit
2008-08-27 09:18 . 2008-08-27 09:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 10:33 . 2008-08-08 10:33 <DIR> d-------- C:\Deckard
2008-08-04 19:38 . 2008-08-04 19:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:38 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-08-04 19:38 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 19:23 . 2008-08-04 19:32 <DIR> d-------- C:\Program Files\XoftSpySE
2008-08-04 17:11 . 2008-08-04 17:11 382,352 --a------ C:\jxpiinstall.exe
2008-08-04 16:28 . 2008-08-04 16:28 <DIR> d-------- C:\WINDOWS\RegCure
2008-08-04 16:28 . 2008-08-04 19:23 <DIR> d-------- C:\Program Files\RegCure
2008-07-29 09:14 . 2008-07-29 09:15 8,956,536 --a------ C:\windows-kb890830-v2.0.exe
2008-07-29 09:11 . 2008-07-29 09:11 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-29 09:10 . 2008-07-29 09:10 1,427,520 --a------ C:\Silverlight.exe
2008-07-28 19:56 . 2008-07-28 19:56 <DIR> d-------- C:\Program Files\Personal Vault
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\Raxco
2008-07-28 19:55 . 2008-08-01 22:04 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\CA
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-28 19:34 . 2008-07-28 19:34 1,338,384 --a------ C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe
2008-07-28 19:32 . 2008-07-28 19:32 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\SoftwareDetectionScripts
2008-07-28 19:21 . 2008-07-28 19:21 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-28 19:21 . 2008-07-28 19:54 <DIR> d-------- C:\Program Files\Bell
2008-07-28 19:12 . 2008-07-28 19:20 <DIR> d-------- C:\Program Files\Common Files\PC Tools(2)
2008-07-28 19:01 . 2008-07-28 19:21 <DIR> d-------- C:\Program Files\Bell(2)
2008-07-24 15:25 . 2008-07-24 15:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-07-24 15:25 . 2008-07-24 15:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-22 10:12 . 2008-07-22 10:12 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-07-22 10:11 . 2008-07-22 10:11 <DIR> d-------- C:\Program Files\MSECache
2008-07-22 10:11 . 2008-07-22 10:11 4,013,504 --a------ C:\OutlookConnector.exe
2008-07-22 10:00 . 2008-07-22 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-22 09:30 . 2008-07-30 21:00 <DIR> d-------- C:\Program Files\YPOPs
2008-07-19 14:11 . 2008-07-19 14:12 50 --a------ C:\plug_in.ini
2008-07-19 11:58 . 2008-07-19 11:58 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\GlarySoft
2008-07-09 17:28 . 2006-08-16 07:58 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-07 14:37 . 2003-08-11 22:48 54,684 -ra------ C:\WINDOWS\Alpine 7558S.TTF
2008-07-07 14:37 . 2004-02-22 17:32 39,284 -ra------ C:\WINDOWS\Hemi Head 426.TTF
2008-07-07 11:50 . 2008-07-07 11:51 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\ErrorSmart
2008-07-04 10:43 . 2008-07-04 10:43 <DIR> d-------- C:\Program Files\Webroot
2008-07-04 10:43 . 2008-07-04 10:43 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-04 10:43 . 2008-07-04 10:43 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\Webroot
2008-07-04 10:43 . 2008-07-04 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-04 10:42 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 00:52 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\Skype
2008-08-28 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-08-05 00:04 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\uTorrent
2008-08-04 23:37 --------- d-----w C:\Program Files\Downloads
2008-08-04 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 21:24 --------- d-----w C:\Program Files\Java
2008-08-02 00:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-29 12:52 --------- d-----w C:\Program Files\VirtualDJ
2008-07-28 23:58 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\Bell
2008-07-28 23:54 1,809 ----a-w C:\Program Files\Sympatico Security Manager.lnk
2008-07-28 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bell
2008-07-28 23:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 23:21 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-25 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-24 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-21 16:46 --------- d-----w C:\Program Files\Setups
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-01 17:25 1,083 ----a-w C:\Program Files\INSTALL.LOG
2008-05-29 23:11 529 ----a-w C:\Program Files\Shortcut to Registry Mechanic.lnk
2008-05-29 22:23 5,831,160 ----a-w C:\Program Files\rminstall.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-03 15:14 8,704 --sha-w C:\Program Files\Thumbs.db
2008-03-19 14:13 47,360 ----a-w C:\Documents and Settings\Nicole Collett\Application Data\pcouffin.sys
2008-02-20 13:29 219,952 ----a-w C:\Program Files\utorrent.exe
2007-11-04 15:35 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-10-03 23:05 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-03 01:03 28,981,233 ----a-w C:\Program Files\bricopack-vista-inspirat-ultimate-2-crystalxp.net-en-130.zip
2007-09-20 00:38 4,830,077 ----a-w C:\Program Files\LimeWire_Pro_4.14.10_[limewirepro.at.tt].zip
2007-09-13 18:10 77,312 ----a-w C:\Program Files\Registry mechanic.exe
2007-05-22 15:41 1,579,194 ----a-w C:\Program Files\ImageStatio.exe
2007-04-30 17:18 401,952 ----a-w C:\Program Files\3DwindowsXP.exe
2007-02-18 06:56 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2006-11-27 09:10 15,926,792 ----a-w C:\Program Files\DivXInstaller.exe
.
Code:
<pre>
----a-w           291,928 2007-01-07 06:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 06:14:24  C:\Program Files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Program Files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>

------- Sigcheck -------

2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-04 08:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-28 19:35 2015744 48472d224e1703882b4de0e28e205e9b C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 12:12 2017280 fa64f313f5237c53a909906113acae7d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 05:16 2028032 79fe19bdcc1be5375fe17009292fd817 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-04 08:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-28 20:02 2136064 25c36dbc46e8eff2a811769a60715ac5 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 12:49 2137600 57b9d140e1eb8b0ea06df927b63b0eee C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 05:53 2148352 742c5682fe63413ac6c68ad6c0db61da C:\WINDOWS\system32\ntoskrnl.exe

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 08:00 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 04:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 17:13 1207080]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 22:05 204288]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe" [2008-03-10 12:25 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 10:40 196608]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 20:28 53248]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 15:13 671744]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 20:13 122880]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 17:45 28672]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 16:25 73728]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 17:45 65536]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 19:34 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 20:04 802816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-10-06 10:21 942080]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"BellCanada_McciTrayApp"="C:\Program Files\BellCanada\McciTrayApp.exe" [2007-08-09 15:04 930816]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2006-01-13 02:46 311296]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 02:46 196608]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [2008-03-10 12:25 311024]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [2008-03-10 12:26 13552]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 13:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 18:50 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [N/A]
"TDispVol"="TDispVol.exe" [2005-12-27 20:34 73728 C:\WINDOWS\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 21:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 18:29 88203 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe" [2008-03-10 12:25 61168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2006-03-12 18:03:50 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eosupp.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicole Collett^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
--a------ 2006-01-13 02:46 311296 C:\WINDOWS\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 22:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.207.50/255.255.255.255:Enabled:ActiveSync RAPI Manager
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\Nicole Collett\\Desktop\\utorrent(3).exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Web Server
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-04 11:27]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 11:59]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 08:00]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 13:33]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 02:46]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 16:01]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51]
S3 Radialpoint Security Services;Sympatico Security Manager;C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 12:25]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9D9479E5-A1F0-2E52-1A34-4348F0E05F2B}]
C:\WINDOWS\system32:sys32.exe
.
Contents of the 'Scheduled Tasks' folder

2008-07-20 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart\ErrorSmart.exe []

2008-07-20 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart []

2008-08-30 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 04:20]

2008-08-04 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 04:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Nicole Collett\Application Data\Mozilla\Firefox\Profiles\oq1hyo4h.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://yahoo.ca
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 20:51:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\TDispVol.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
.
**************************************************************************
.
Completion time: 2008-08-29 21:16:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 01:16:19

Pre-Run: 32,888,811,520 bytes free
Post-Run: 32,792,584,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

369 --- E O F --- 2008-07-23 21:03:16
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #8 ·
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

Logfile of random's system information tool (written by random/random)
Run by Nicole Collett at 2008-08-29 21:23:56
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 31 GB (33%) free of 95 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:07 PM, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Bell\Security Manager\RPS.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Documents and Settings\Nicole Collett\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole Collett.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - blank (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eosupp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 13427 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - blank []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-12-13 53248]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-12-01 671744]
"ZoomingHook"=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536]
"TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2005-12-05 28672]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-14 88203]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-01-05 40960]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 802816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe [2006-10-06 942080]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
"BellCanada_McciTrayApp"=C:\Program Files\BellCanada\McciTrayApp.exe [2007-08-09 930816]
"HPHmon03"=C:\WINDOWS\system32\hp [2007-06-02 1096844]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2006-01-13 196608]
"SSA.exe"=C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816]
"Sympatico Security Manager"=C:\Program Files\Bell\Security Manager\Rps.exe [2008-03-10 311024]
"-FreedomNeedsReboot"=C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe [2008-03-10 13552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Bell\Security Manager\IdxClnR.exe [2008-03-10 61168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Bell\Security Manager\IdxClnR.exe [2008-03-10 61168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
C:\WINDOWS\system32\hp [2007-06-02 1096844]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nicole Collett^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-08-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eosupp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.207.50/255.255.255.255:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Nicole Collett\Desktop\utorrent(3).exe"="C:\Documents and Settings\Nicole Collett\Desktop\utorrent(3).exe:*:Enabled:µTorrent"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine"
"C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"="C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe:*:Enabled:ConfigFree(TM) Tray"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

File associations

.js - edit -

List of files/folders created in the last three months

2008-08-29 21:18:00 ----SHD---- C:\RECYCLER
2008-08-29 21:17:21 ----D---- C:\WINDOWS\temp
2008-08-29 21:17:07 ----A---- C:\ComboFix.txt
2008-08-29 20:45:20 ----A---- C:\Boot.bak
2008-08-29 20:45:11 ----D---- C:\cmdcons
2008-08-29 20:43:57 ----D---- C:\QooBox
2008-08-29 20:43:56 ----A---- C:\WINDOWS\zip.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\VFind.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\swxcacls.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\swsc.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\swreg.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\sed.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\Nircmd.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\grep.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\fdsv.exe
2008-08-28 16:27:16 ----D---- C:\rsit
2008-08-27 09:18:46 ----D---- C:\Program Files\Trend Micro
2008-08-08 10:34:20 ----D---- C:\WINDOWS\ERDNT
2008-08-08 10:33:31 ----D---- C:\Deckard
2008-08-04 19:38:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:23:10 ----D---- C:\Program Files\XoftSpySE
2008-08-04 17:24:27 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-04 17:24:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-04 17:24:26 ----A---- C:\WINDOWS\system32\java.exe
2008-08-04 17:11:28 ----A---- C:\jxpiinstall.exe
2008-08-04 16:28:33 ----D---- C:\WINDOWS\RegCure
2008-08-04 16:28:33 ----D---- C:\Program Files\RegCure
2008-07-29 09:14:51 ----A---- C:\windows-kb890830-v2.0.exe
2008-07-29 09:11:34 ----D---- C:\Program Files\Microsoft Silverlight
2008-07-29 09:10:47 ----A---- C:\Silverlight.exe
2008-07-28 20:33:24 ----A---- C:\WINDOWS\system32\83b0ffa4-.txt
2008-07-28 19:56:42 ----D---- C:\Program Files\Personal Vault
2008-07-28 19:55:41 ----D---- C:\Program Files\Common Files\Authentium
2008-07-28 19:55:25 ----D---- C:\Program Files\Raxco
2008-07-28 19:55:25 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-28 19:55:13 ----D---- C:\Program Files\CA
2008-07-28 19:55:10 ----D---- C:\Program Files\Common Files\Scanner
2008-07-28 19:34:09 ----A---- C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe
2008-07-28 19:32:57 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\SoftwareDetectionScripts
2008-07-28 19:21:05 ----D---- C:\Program Files\Common Files\PC Tools
2008-07-28 19:21:02 ----D---- C:\Program Files\Bell
2008-07-28 19:12:13 ----D---- C:\Program Files\Common Files\PC Tools(2)
2008-07-28 19:01:06 ----D---- C:\Program Files\Bell(2)
2008-07-24 15:25:54 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-24 15:25:51 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-07-22 10:12:33 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2008-07-22 10:11:47 ----D---- C:\Program Files\MSECache
2008-07-22 10:11:07 ----A---- C:\OutlookConnector.exe
2008-07-22 10:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-22 09:30:08 ----D---- C:\Program Files\YPOPs
2008-07-19 14:11:41 ----A---- C:\plug_in.ini
2008-07-19 11:58:35 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\GlarySoft
2008-07-10 18:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-07 11:50:29 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\ErrorSmart
2008-07-04 10:43:21 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\Webroot
2008-07-04 10:43:20 ----D---- C:\Program Files\Webroot
2008-07-04 10:43:20 ----D---- C:\Program Files\Common Files\Webroot Shared
2008-07-04 10:43:20 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-04 10:42:51 ----A---- C:\WINDOWS\Unwash6.exe
2008-06-20 17:39:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-10 22:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-10 22:27:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-10 22:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-10 22:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-01 18:20:21 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\Creative
2008-06-01 18:12:52 ----N---- C:\WINDOWS\Ctregrun.exe
2008-06-01 18:10:50 ----D---- C:\Program Files\Audible
2008-06-01 18:09:22 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-01 18:08:12 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-01 18:08:12 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-01 18:07:56 ----D---- C:\Program Files\Creative
2008-06-01 18:07:48 ----D---- C:\Program Files\Common Files\Creative
2008-06-01 18:07:47 ----HD---- C:\Program Files\Creative Installation Information

List of drivers

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-12-01 11264]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-01-26 21425]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-07-09 834448]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-01-09 55296]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-14 1122656]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\system32\DRIVERS\hphid409.sys [2006-01-13 50800]
R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\system32\DRIVERS\hphipr09.sys [2006-01-13 16112]
R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2006-01-13 50211]
R3 Dot4Usb HPH09;Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [2006-01-13 18864]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-29 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\system32\drivers\ikfilesec.sys []
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MREMP50a64.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MRESP50a64.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-02 20648]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-19 47360]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 snpstd2;USB PC Camera (SN9C103); C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 302720]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\Drivers\Tbiosdrv.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\system32\drivers\USBAAPL.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-21 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Ipfapavib;Ipfapavib; C:\WINDOWS\system32\drivers\Ipfapavib.sys []

List of services

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-07-09 177416]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2007-04-10 284176]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 303104]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 327680]
R2 RP_FWS;Sympatico Security Manager Firewall; C:\Program Files\Bell\Security Manager\Fws.exe [2008-03-10 303344]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-04-21 1174664]
R2 VaultClientUpgrade;Personal Vault Upgrade Service; C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
R3 RPSUpdaterR;Sympatico Security Manager Update Service; C:\Program Files\Bell\Security Manager\rpsupdaterR.exe [2008-03-10 99568]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-03 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver;Pml Driver; C:\WINDOWS\system32\HP [2007-06-02 1096844]
S3 Radialpoint Security Services;Sympatico Security Manager; C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-04-04 747912]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-04-04 948616]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]

-----------------EOF-----------------
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

Hi,

Before we continue with fixing, I would like to raise a few points of concern.

There are references to three different antivirus applications in the running processes and services. It Authentium, Symantec and a package by Bell. Alike firewalls, anti-virus programs have conflicts co-existing with each other & produce undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
Post a fresh HJT log when you have completed the above task.

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Bell\Security Manager\RPS.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
========================================

C:\Program Files\RegCure
We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

========================================

I see that you are using LimeWire and uTorrent , which are p2p file sharing programs. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove them from your system via Add/Remove Programs in Control Panel.

========================================

  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Code:
RenV::
----a-w           291,928 2007-01-07 06:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 06:14:24  C:\Program Files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Program Files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9D9479E5-A1F0-2E52-1A34-4348F0E05F2B}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
"C:\\Program Files\\uTorrent\\uTorrent.exe"=-
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log (only the HijackThis log, not the RSIT log).

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #10 ·
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

Hi there and thanks a lot for all the help.
I am having trouble uninstalling completly from the computer:
dvpapi antivirus from
symantek aswell
In the add remove software folder appears live update but no uninstall options.
i did in msconfig disabled dvpapi
this is the new log
Logfile of random's system information tool (written by random/random)
Run by Nicole Collett at 2008-08-30 20:19:03
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 31 GB (32%) free of 95 GB
Total RAM: 1014 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:06 PM, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicole Collett\Desktop\PC FIX FILES\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole Collett.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - blank (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eosupp.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 12736 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - blank []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-12-13 53248]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-12-01 671744]
"ZoomingHook"=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536]
"TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2005-12-05 28672]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-14 88203]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 802816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe [2006-10-06 942080]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
"BellCanada_McciTrayApp"=C:\Program Files\BellCanada\McciTrayApp.exe [2007-08-09 930816]
"HPHmon03"=C:\WINDOWS\system32\hp [2007-06-02 1096844]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2006-01-13 196608]
"SSA.exe"=C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816]
"Sympatico Security Manager"=C:\Program Files\Bell\Security Manager\Rps.exe [2008-03-10 311024]
"-FreedomNeedsReboot"=C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe [2008-03-10 13552]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Bell\Security Manager\IdxClnR.exe [2008-03-10 61168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Bell\Security Manager\IdxClnR.exe [2008-03-10 61168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
C:\WINDOWS\system32\hp [2007-06-02 1096844]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nicole Collett^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-08-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2
"dvpapi"=2
"Symantec Core LC"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eosupp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.207.50/255.255.255.255:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Nicole Collett\Desktop\utorrent(3).exe"="C:\Documents and Settings\Nicole Collett\Desktop\utorrent(3).exe:*:Enabled:µTorrent"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine"
"C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"="C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe:*:Enabled:ConfigFree(TM) Tray"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

File associations

.js - edit -

List of files/folders created in the last three months

2008-08-30 17:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-30 17:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-30 17:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-30 17:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-30 17:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-30 17:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-30 17:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-29 21:18:00 ----SHD---- C:\RECYCLER
2008-08-29 21:17:21 ----D---- C:\WINDOWS\temp
2008-08-29 21:17:07 ----A---- C:\ComboFix.txt
2008-08-29 20:45:20 ----A---- C:\Boot.bak
2008-08-29 20:45:11 ----D---- C:\cmdcons
2008-08-29 20:43:57 ----D---- C:\QooBox
2008-08-29 20:43:56 ----A---- C:\WINDOWS\zip.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\VFind.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\swxcacls.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\swsc.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\swreg.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\sed.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\Nircmd.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\grep.exe
2008-08-29 20:43:56 ----A---- C:\WINDOWS\fdsv.exe
2008-08-28 16:27:16 ----D---- C:\rsit
2008-08-27 09:18:46 ----D---- C:\Program Files\Trend Micro
2008-08-08 10:34:20 ----D---- C:\WINDOWS\ERDNT
2008-08-08 10:33:31 ----D---- C:\Deckard
2008-08-04 19:38:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:23:10 ----D---- C:\Program Files\XoftSpySE
2008-08-04 17:24:27 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-04 17:24:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-04 17:24:26 ----A---- C:\WINDOWS\system32\java.exe
2008-08-04 17:11:28 ----A---- C:\jxpiinstall.exe
2008-08-04 16:28:33 ----D---- C:\WINDOWS\RegCure
2008-07-29 09:14:51 ----A---- C:\windows-kb890830-v2.0.exe
2008-07-29 09:10:47 ----A---- C:\Silverlight.exe
2008-07-28 20:33:24 ----A---- C:\WINDOWS\system32\83b0ffa4-.txt
2008-07-28 19:56:42 ----D---- C:\Program Files\Personal Vault
2008-07-28 19:55:41 ----D---- C:\Program Files\Common Files\Authentium
2008-07-28 19:55:25 ----D---- C:\Program Files\Raxco
2008-07-28 19:55:25 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-28 19:55:13 ----D---- C:\Program Files\CA
2008-07-28 19:55:10 ----D---- C:\Program Files\Common Files\Scanner
2008-07-28 19:34:09 ----A---- C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe
2008-07-28 19:32:57 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\SoftwareDetectionScripts
2008-07-28 19:21:05 ----D---- C:\Program Files\Common Files\PC Tools
2008-07-28 19:21:02 ----D---- C:\Program Files\Bell
2008-07-28 19:12:13 ----D---- C:\Program Files\Common Files\PC Tools(2)
2008-07-28 19:01:06 ----D---- C:\Program Files\Bell(2)
2008-07-24 15:25:54 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-24 15:25:51 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-07-22 10:12:33 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2008-07-22 10:11:47 ----D---- C:\Program Files\MSECache
2008-07-22 10:11:07 ----A---- C:\OutlookConnector.exe
2008-07-22 10:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-22 09:30:08 ----D---- C:\Program Files\YPOPs
2008-07-19 14:11:41 ----A---- C:\plug_in.ini
2008-07-19 11:58:35 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\GlarySoft
2008-07-10 18:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-07 11:50:29 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\ErrorSmart
2008-06-20 17:39:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-10 22:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-10 22:27:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-10 22:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-10 22:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-01 18:20:21 ----D---- C:\Documents and Settings\Nicole Collett\Application Data\Creative
2008-06-01 18:12:52 ----N---- C:\WINDOWS\Ctregrun.exe
2008-06-01 18:10:50 ----D---- C:\Program Files\Audible
2008-06-01 18:09:22 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-01 18:08:12 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-01 18:08:12 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-01 18:07:56 ----D---- C:\Program Files\Creative
2008-06-01 18:07:48 ----D---- C:\Program Files\Common Files\Creative
2008-06-01 18:07:47 ----HD---- C:\Program Files\Creative Installation Information

List of drivers

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-12-01 11264]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-01-26 21425]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-07-09 834448]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-01-09 55296]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-14 1122656]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\system32\DRIVERS\hphid409.sys [2006-01-13 50800]
R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\system32\DRIVERS\hphipr09.sys [2006-01-13 16112]
R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2006-01-13 50211]
R3 Dot4Usb HPH09;Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [2006-01-13 18864]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-29 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 AIDA32Driver;AIDA32Driver; \??\C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\Rar$EX11.563\aida32.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MREMP50a64.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MRESP50a64.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-02 20648]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-19 47360]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 snpstd2;USB PC Camera (SN9C103); C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 302720]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\Drivers\Tbiosdrv.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\system32\drivers\USBAAPL.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-21 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Ipfapavib;Ipfapavib; C:\WINDOWS\system32\drivers\Ipfapavib.sys []

List of services

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-07-09 177416]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2007-04-10 284176]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 303104]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 327680]
R2 RP_FWS;Sympatico Security Manager Firewall; C:\Program Files\Bell\Security Manager\Fws.exe [2008-03-10 303344]
R2 VaultClientUpgrade;Personal Vault Upgrade Service; C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
R3 Pml Driver;Pml Driver; C:\WINDOWS\system32\HP [2007-06-02 1096844]
R3 RPSUpdaterR;Sympatico Security Manager Update Service; C:\Program Files\Bell\Security Manager\rpsupdaterR.exe [2008-03-10 99568]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-03 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Radialpoint Security Services;Sympatico Security Manager; C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-04-21 1174664]

-----------------EOF-----------------
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #11 ·
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

ComboFix 08-08-30.01 - Nicole Collett 2008-08-30 20:23:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.476 [GMT -4:00]
Running from: C:\Documents and Settings\Nicole Collett\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicole Collett\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-30 16:36 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 16:27 . 2008-08-28 16:27 <DIR> d-------- C:\rsit
2008-08-27 09:18 . 2008-08-27 09:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 10:33 . 2008-08-08 10:33 <DIR> d-------- C:\Deckard
2008-08-04 19:38 . 2008-08-04 19:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:38 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-08-04 19:38 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 19:23 . 2008-08-04 19:32 <DIR> d-------- C:\Program Files\XoftSpySE
2008-08-04 17:11 . 2008-08-04 17:11 382,352 --a------ C:\jxpiinstall.exe
2008-08-04 16:28 . 2008-08-04 16:28 <DIR> d-------- C:\WINDOWS\RegCure
2008-07-29 09:14 . 2008-07-29 09:15 8,956,536 --a------ C:\windows-kb890830-v2.0.exe
2008-07-29 09:10 . 2008-07-29 09:10 1,427,520 --a------ C:\Silverlight.exe
2008-07-28 19:56 . 2008-07-28 19:56 <DIR> d-------- C:\Program Files\Personal Vault
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\Raxco
2008-07-28 19:55 . 2008-08-01 22:04 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\CA
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-28 19:34 . 2008-07-28 19:34 1,338,384 --a------ C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe
2008-07-28 19:32 . 2008-07-28 19:32 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\SoftwareDetectionScripts
2008-07-28 19:21 . 2008-08-30 17:03 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-28 19:21 . 2008-07-28 19:54 <DIR> d-------- C:\Program Files\Bell
2008-07-28 19:12 . 2008-07-28 19:20 <DIR> d-------- C:\Program Files\Common Files\PC Tools(2)
2008-07-28 19:01 . 2008-07-28 19:21 <DIR> d-------- C:\Program Files\Bell(2)
2008-07-24 15:25 . 2008-07-24 15:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-07-24 15:25 . 2008-07-24 15:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-22 10:12 . 2008-07-22 10:12 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-07-22 10:11 . 2008-07-22 10:11 <DIR> d-------- C:\Program Files\MSECache
2008-07-22 10:11 . 2008-07-22 10:11 4,013,504 --a------ C:\OutlookConnector.exe
2008-07-22 10:00 . 2008-07-22 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-22 09:30 . 2008-07-30 21:00 <DIR> d-------- C:\Program Files\YPOPs
2008-07-19 14:11 . 2008-07-19 14:12 50 --a------ C:\plug_in.ini
2008-07-19 11:58 . 2008-07-19 11:58 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\GlarySoft
2008-07-09 17:28 . 2006-08-16 07:58 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-07 16:06 . 2008-07-07 16:06 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 14:37 . 2003-08-11 22:48 54,684 -ra------ C:\WINDOWS\Alpine 7558S.TTF
2008-07-07 14:37 . 2004-02-22 17:32 39,284 -ra------ C:\WINDOWS\Hemi Head 426.TTF
2008-07-07 11:50 . 2008-07-07 11:51 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\ErrorSmart

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 23:57 --------- d-----w C:\Program Files\Setups
2008-08-30 23:51 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\Skype
2008-08-30 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-30 21:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 20:51 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\uTorrent
2008-08-28 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-08-04 23:37 --------- d-----w C:\Program Files\Downloads
2008-08-04 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 21:24 --------- d-----w C:\Program Files\Java
2008-07-29 12:52 --------- d-----w C:\Program Files\VirtualDJ
2008-07-28 23:58 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\Bell
2008-07-28 23:54 1,809 ----a-w C:\Program Files\Sympatico Security Manager.lnk
2008-07-28 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bell
2008-07-28 23:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-07 20:06 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-01 17:25 1,083 ----a-w C:\Program Files\INSTALL.LOG
2008-05-29 23:11 529 ----a-w C:\Program Files\Shortcut to Registry Mechanic.lnk
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-03 15:14 8,704 --sha-w C:\Program Files\Thumbs.db
2008-03-19 14:13 47,360 ----a-w C:\Documents and Settings\Nicole Collett\Application Data\pcouffin.sys
2008-02-20 13:29 219,952 ----a-w C:\Program Files\utorrent.exe
2007-11-04 15:35 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-10-03 23:05 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-03 01:03 28,981,233 ----a-w C:\Program Files\bricopack-vista-inspirat-ultimate-2-crystalxp.net-en-130.zip
2007-09-20 00:38 4,830,077 ----a-w C:\Program Files\LimeWire_Pro_4.14.10_[limewirepro.at.tt].zip
2007-09-13 18:10 77,312 ----a-w C:\Program Files\Registry mechanic.exe
2007-05-22 15:41 1,579,194 ----a-w C:\Program Files\ImageStatio.exe
2007-04-30 17:18 401,952 ----a-w C:\Program Files\3DwindowsXP.exe
2007-02-18 06:56 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2006-11-27 09:10 15,926,792 ----a-w C:\Program Files\DivXInstaller.exe
.
Code:
<pre>
----a-w           291,928 2007-01-07 06:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 06:14:24  C:\Program Files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
</pre>

------- Sigcheck -------

2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-04 08:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-28 19:35 2015744 48472d224e1703882b4de0e28e205e9b C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 12:12 2017280 fa64f313f5237c53a909906113acae7d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 05:16 2028032 79fe19bdcc1be5375fe17009292fd817 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-04 08:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-28 20:02 2136064 25c36dbc46e8eff2a811769a60715ac5 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 12:49 2137600 57b9d140e1eb8b0ea06df927b63b0eee C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 05:53 2148352 742c5682fe63413ac6c68ad6c0db61da C:\WINDOWS\system32\ntoskrnl.exe

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 08:00 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
.
((((((((((((((((((((((((((((( [email protected]_21.08.37.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-29 14:10:05 251,272 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-08-30 21:05:46 250,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2007-09-03 13:14:10 578,848 ----a-w C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-24 02:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
+ 2007-08-29 03:06:16 467,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-29 03:06:44 7,990,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2008-04-29 14:10:05 251,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTPIA.DLL
- 2008-07-23 21:02:59 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-08-30 21:07:49 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-23 21:03:00 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-08-30 21:07:49 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-23 21:02:59 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-08-30 21:07:49 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-07-23 21:02:59 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-08-30 21:07:49 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-07-23 21:03:00 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-08-30 21:07:49 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-23 21:03:01 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-08-30 21:07:49 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-23 21:03:01 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-08-30 21:07:49 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-07-23 21:03:00 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-08-30 21:07:49 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-23 21:03:00 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-08-30 21:07:49 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-23 21:03:00 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-08-30 21:07:49 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-07-23 21:03:01 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-08-30 21:07:49 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-23 21:02:59 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-30 21:07:49 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-06-15 14:39:18 516,832 ----a-r C:\WINDOWS\system32\CapiCom.dll
+ 2007-04-11 19:11:20 511,328 ----a-w C:\WINDOWS\system32\capicom.dll
- 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-24 02:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 14:57:40 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-23 04:16:28 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-06-25 13:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 14:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-05-22 23:49:44 64,774 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-30 21:00:30 64,774 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-22 23:49:44 409,800 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-30 21:00:30 409,800 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 04:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 17:13 1207080]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 22:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 10:40 196608]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 20:28 53248]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 15:13 671744]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 20:13 122880]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 17:45 28672]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 16:25 73728]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 17:45 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 20:04 802816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-10-06 10:21 942080]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"BellCanada_McciTrayApp"="C:\Program Files\BellCanada\McciTrayApp.exe" [2007-08-09 15:04 930816]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2006-01-13 02:46 311296]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 02:46 196608]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [2008-03-10 12:25 311024]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [2008-03-10 12:26 13552]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 13:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 18:50 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [N/A]
"TDispVol"="TDispVol.exe" [2005-12-27 20:34 73728 C:\WINDOWS\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 21:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 18:29 88203 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2006-03-12 18:03:50 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicole Collett^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
--a------ 2006-01-13 02:46 311296 C:\WINDOWS\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 22:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)
"dvpapi"=2 (0x2)
"Symantec Core LC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.207.50/255.255.255.255:Enabled:ActiveSync RAPI Manager
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\Nicole Collett\\Desktop\\utorrent(3).exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Web Server
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-04 11:27]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 11:59]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 08:00]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 13:33]
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 02:46]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 16:01]
S3 AIDA32Driver;AIDA32Driver;C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\Rar$EX11.563\aida32.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51]
S3 Radialpoint Security Services;Sympatico Security Manager;C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 12:25]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]

*Newly Created Service* - CATCHME
*Newly Created Service* - CSS_DVP
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 20:26:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-08-30 20:29:33
ComboFix-quarantined-files.txt 2008-08-31 00:28:31
ComboFix2.txt 2008-08-30 01:17:07

Pre-Run: 32,376,647,680 bytes free
Post-Run: 32,391,491,584 bytes free

438 --- E O F --- 2008-08-30 21:08:10
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #12 ·
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

Hi again, i managed to disable dvpapi and symantek
this is the new log file
ComboFix 08-08-30.01 - Nicole Collett 2008-08-30 20:48:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502 [GMT -4:00]
Running from: C:\Documents and Settings\Nicole Collett\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-30 16:36 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 16:27 . 2008-08-28 16:27 <DIR> d-------- C:\rsit
2008-08-27 09:18 . 2008-08-27 09:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 10:33 . 2008-08-08 10:33 <DIR> d-------- C:\Deckard
2008-08-04 19:38 . 2008-08-04 19:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:38 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-08-04 19:38 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 19:23 . 2008-08-04 19:32 <DIR> d-------- C:\Program Files\XoftSpySE
2008-08-04 17:11 . 2008-08-04 17:11 382,352 --a------ C:\jxpiinstall.exe
2008-08-04 16:28 . 2008-08-04 16:28 <DIR> d-------- C:\WINDOWS\RegCure
2008-07-29 09:14 . 2008-07-29 09:15 8,956,536 --a------ C:\windows-kb890830-v2.0.exe
2008-07-29 09:10 . 2008-07-29 09:10 1,427,520 --a------ C:\Silverlight.exe
2008-07-28 19:56 . 2008-07-28 19:56 <DIR> d-------- C:\Program Files\Personal Vault
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\Raxco
2008-07-28 19:55 . 2008-08-01 22:04 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Program Files\CA
2008-07-28 19:55 . 2008-07-28 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-28 19:34 . 2008-07-28 19:34 1,338,384 --a------ C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe
2008-07-28 19:32 . 2008-07-28 19:32 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\SoftwareDetectionScripts
2008-07-28 19:21 . 2008-08-30 17:03 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-28 19:21 . 2008-07-28 19:54 <DIR> d-------- C:\Program Files\Bell
2008-07-28 19:12 . 2008-07-28 19:20 <DIR> d-------- C:\Program Files\Common Files\PC Tools(2)
2008-07-28 19:01 . 2008-07-28 19:21 <DIR> d-------- C:\Program Files\Bell(2)
2008-07-24 15:25 . 2008-07-24 15:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-07-24 15:25 . 2008-07-24 15:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-22 10:12 . 2008-07-22 10:12 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-07-22 10:11 . 2008-07-22 10:11 <DIR> d-------- C:\Program Files\MSECache
2008-07-22 10:11 . 2008-07-22 10:11 4,013,504 --a------ C:\OutlookConnector.exe
2008-07-22 10:00 . 2008-07-22 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-22 09:30 . 2008-07-30 21:00 <DIR> d-------- C:\Program Files\YPOPs
2008-07-19 14:11 . 2008-07-19 14:12 50 --a------ C:\plug_in.ini
2008-07-19 11:58 . 2008-07-19 11:58 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\GlarySoft
2008-07-09 17:28 . 2006-08-16 07:58 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-07 16:06 . 2008-07-07 16:06 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 14:37 . 2003-08-11 22:48 54,684 -ra------ C:\WINDOWS\Alpine 7558S.TTF
2008-07-07 14:37 . 2004-02-22 17:32 39,284 -ra------ C:\WINDOWS\Hemi Head 426.TTF
2008-07-07 11:50 . 2008-07-07 11:51 <DIR> d-------- C:\Documents and Settings\Nicole Collett\Application Data\ErrorSmart

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 00:48 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\Skype
2008-08-30 23:57 --------- d-----w C:\Program Files\Setups
2008-08-30 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-30 21:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 20:51 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\uTorrent
2008-08-28 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-08-04 23:37 --------- d-----w C:\Program Files\Downloads
2008-08-04 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 21:24 --------- d-----w C:\Program Files\Java
2008-07-29 12:52 --------- d-----w C:\Program Files\VirtualDJ
2008-07-28 23:58 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\Bell
2008-07-28 23:54 1,809 ----a-w C:\Program Files\Sympatico Security Manager.lnk
2008-07-28 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bell
2008-07-28 23:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-07 20:06 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-01 17:25 1,083 ----a-w C:\Program Files\INSTALL.LOG
2008-05-29 23:11 529 ----a-w C:\Program Files\Shortcut to Registry Mechanic.lnk
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-03 15:14 8,704 --sha-w C:\Program Files\Thumbs.db
2008-03-19 14:13 47,360 ----a-w C:\Documents and Settings\Nicole Collett\Application Data\pcouffin.sys
2008-02-20 13:29 219,952 ----a-w C:\Program Files\utorrent.exe
2007-11-04 15:35 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-10-03 23:05 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-03 01:03 28,981,233 ----a-w C:\Program Files\bricopack-vista-inspirat-ultimate-2-crystalxp.net-en-130.zip
2007-09-20 00:38 4,830,077 ----a-w C:\Program Files\LimeWire_Pro_4.14.10_[limewirepro.at.tt].zip
2007-09-13 18:10 77,312 ----a-w C:\Program Files\Registry mechanic.exe
2007-05-22 15:41 1,579,194 ----a-w C:\Program Files\ImageStatio.exe
2007-04-30 17:18 401,952 ----a-w C:\Program Files\3DwindowsXP.exe
2007-02-18 06:56 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2006-11-27 09:10 15,926,792 ----a-w C:\Program Files\DivXInstaller.exe
.
Code:
<pre>
----a-w           291,928 2007-01-07 06:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 06:14:24  C:\Program Files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
</pre>

------- Sigcheck -------

2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-04 08:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-28 19:35 2015744 48472d224e1703882b4de0e28e205e9b C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 12:12 2017280 fa64f313f5237c53a909906113acae7d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 05:16 2028032 79fe19bdcc1be5375fe17009292fd817 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-04 08:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-28 20:02 2136064 25c36dbc46e8eff2a811769a60715ac5 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 12:49 2137600 57b9d140e1eb8b0ea06df927b63b0eee C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 05:53 2148352 742c5682fe63413ac6c68ad6c0db61da C:\WINDOWS\system32\ntoskrnl.exe

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 08:00 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 04:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 17:13 1207080]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 22:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 10:40 196608]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 20:28 53248]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 15:13 671744]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 20:13 122880]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 17:45 28672]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 16:25 73728]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 17:45 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 20:04 802816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-10-06 10:21 942080]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"BellCanada_McciTrayApp"="C:\Program Files\BellCanada\McciTrayApp.exe" [2007-08-09 15:04 930816]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2006-01-13 02:46 311296]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 02:46 196608]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [2008-03-10 12:25 311024]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [2008-03-10 12:26 13552]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 13:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 18:50 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [N/A]
"TDispVol"="TDispVol.exe" [2005-12-27 20:34 73728 C:\WINDOWS\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 21:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 18:29 88203 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2006-03-12 18:03:50 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicole Collett^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
--a------ 2006-01-13 02:46 311296 C:\WINDOWS\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 22:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)
"dvpapi"=2 (0x2)
"Symantec Core LC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.207.50/255.255.255.255:Enabled:ActiveSync RAPI Manager
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\Nicole Collett\\Desktop\\utorrent(3).exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Web Server
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-04 11:27]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 11:59]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 08:00]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 13:33]
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 02:46]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 16:01]
S3 AIDA32Driver;AIDA32Driver;C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\Rar$EX11.563\aida32.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51]
S3 Radialpoint Security Services;Sympatico Security Manager;C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 12:25]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]

*Newly Created Service* - CATCHME
*Newly Created Service* - CSS_DVP
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Nicole Collett\Application Data\Mozilla\Firefox\Profiles\oq1hyo4h.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://yahoo.ca
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 20:49:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-30 20:50:59
ComboFix-quarantined-files.txt 2008-08-31 00:50:33
ComboFix2.txt 2008-08-31 00:29:34
ComboFix3.txt 2008-08-30 01:17:07

Pre-Run: 32,405,815,296 bytes free
Post-Run: 32,389,091,328 bytes free

255 --- E O F --- 2008-08-30 21:08:10
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Re: [SOLVED] Error message,application failed to initialize properly error(0xoc000000

Hi,

Have you removed LimeWire and uTorrent? If so, you can go ahead and delete their folders too.

C:\Program Files\LimeWire
C:\Program Files\uTorrent

Also delete utorrent(3).exe from your desktop ( please refer to my earlier warning about p2p file sharing programs)

====================================

Please scan with HijackThis and put a checkmark against the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - blank (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Search -
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O20 - AppInit_DLLs: eosupp.dll


The following activeX control( Downloaded Program File)will reinstall when(and if) you revisit that website,
UNLESS you know it is from a safe source, check to remove.

O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx

Close all browsers and windows other than HijackThis and click on "fix checked'.

=====================================

  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Code:
KILLALL::

RenV::
C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
C:\Program Files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=-
"KernelFaultCheck"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=-
"dvpapi"=-
"Symantec Core LC"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"=-
"C:\Program Files\LimeWire\LimeWire.exe"=-
"C:\Documents and Settings\Nicole Collett\Desktop\utorrent(3).exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]


Driver::
eeCtrl
Ipfapavib
symlcbrd
dvpapi
"Symantec Core LC"
"LiveUpdate Notice Service"
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


=====================

Restart your computer and run this online scanner

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.

  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log (not the whole RSIT log).

Post a fresh HijackThis log taken after a reboot, the Combofix.txt, and the Kaspersky report please. Also, let me know how the computer is running now.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #14 ·
Hi again!
I completly removed Limewire and bitorrent,
this is the hijack log file and the Kapersky scan.
The computer is a lot better, just ... when i right click on desktop it takes quite a long time to open(righclick)
Logfile of random's system information tool (written by random/random)
Run by Nicole Collett at 2008-09-01 21:46:13
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 31 GB (33%) free of 95 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:22 PM, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nicole Collett\Desktop\PC FIX FILES\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole Collett.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 01, 2008 23:43:34
Records in database: 1175988
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 109669
Threat name: 13
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 02:07:40


File name / Threat name / Threats count
C:\Documents and Settings\Nicole Collett\Desktop\Music\Metric - Calculation theme.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\QooBox\Quarantine\C\WINDOWS\system32\aeybps.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aema 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cxjkps.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cah 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eekmsxor.dll.vir Infected: Trojan.Win32.Monder.cbv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eidxdfsa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeqi 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eosupp.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.chs 1
C:\QooBox\Quarantine\C\WINDOWS\system32\erxhgasd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cah 1
C:\QooBox\Quarantine\C\WINDOWS\system32\espobtfh.dll.vir Infected: Trojan.Win32.Monder.bni 1
C:\QooBox\Quarantine\C\WINDOWS\system32\evuwvmiv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iaqleu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lrwqneac.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aema 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lvqxixmi.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.chs 1
C:\QooBox\Quarantine\C\WINDOWS\system32\npmmjyjx.dll.vir Infected: Trojan.Win32.Monder.bmc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nwlrbwcc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qgrlhp.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rfqsrrye.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rtveun.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vfediiaw.dll.vir Infected: Trojan.Win32.Monder.cmm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wjjihboc.dll.vir Infected: Trojan.Win32.Monder.bcb 1
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1

The selected area was scanned.
 

·
Registered
Joined
·
11 Posts
Discussion Starter · #15 ·
ComboFix 08-09-01.01 - Nicole Collett 2008-09-01 21:56:32.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.656 [GMT -4:00]
Running from: C:\Documents and Settings\Nicole Collett\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicole Collett\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DVPAPI
-------\Service_dvpapi


((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-08-30 16:36 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 16:27 . 2008-08-28 16:27 <DIR> d-------- C:\rsit
2008-08-27 09:18 . 2008-08-27 09:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-04 19:38 . 2008-08-04 19:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:38 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-08-04 19:38 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 19:23 . 2008-08-04 19:32 <DIR> d-------- C:\Program Files\XoftSpySE
2008-08-04 17:11 . 2008-08-04 17:11 382,352 --a------ C:\jxpiinstall.exe
2008-08-04 16:28 . 2008-08-04 16:28 <DIR> d-------- C:\WINDOWS\RegCure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 02:06 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\Skype
2008-09-01 21:04 --------- d-----w C:\Program Files\Setups
2008-09-01 21:01 --------- d-----w C:\Program Files\LimeWire
2008-08-30 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-30 21:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 21:03 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-08-30 20:51 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\uTorrent
2008-08-28 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-08-04 23:37 --------- d-----w C:\Program Files\Downloads
2008-08-04 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 21:24 --------- d-----w C:\Program Files\Java
2008-08-02 02:04 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-31 01:00 --------- d-----w C:\Program Files\YPOPs
2008-07-29 13:15 8,956,536 ----a-w C:\windows-kb890830-v2.0.exe
2008-07-29 13:10 1,427,520 ----a-w C:\Silverlight.exe
2008-07-29 12:52 --------- d-----w C:\Program Files\VirtualDJ
2008-07-28 23:58 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\Bell
2008-07-28 23:56 --------- d-----w C:\Program Files\Personal Vault
2008-07-28 23:55 --------- d-----w C:\Program Files\Raxco
2008-07-28 23:55 --------- d-----w C:\Program Files\Common Files\Authentium
2008-07-28 23:55 --------- d-----w C:\Program Files\CA
2008-07-28 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-28 23:54 1,809 ----a-w C:\Program Files\Sympatico Security Manager.lnk
2008-07-28 23:54 --------- d-----w C:\Program Files\Bell
2008-07-28 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bell
2008-07-28 23:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 23:34 1,338,384 ----a-w C:\Program Files\SympaticoSecurityAdvisor_setupSSM.exe
2008-07-28 23:32 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\SoftwareDetectionScripts
2008-07-28 23:21 --------- d-----w C:\Program Files\Bell(2)
2008-07-28 23:20 --------- d-----w C:\Program Files\Common Files\PC Tools(2)
2008-07-24 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-07-24 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-24 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-22 14:12 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector
2008-07-22 14:11 4,013,504 ----a-w C:\OutlookConnector.exe
2008-07-22 14:11 --------- d-----w C:\Program Files\MSECache
2008-07-22 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-19 15:58 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\GlarySoft
2008-07-07 20:06 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 15:51 --------- d-----w C:\Documents and Settings\Nicole Collett\Application Data\ErrorSmart
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-01 17:25 1,083 ----a-w C:\Program Files\INSTALL.LOG
2008-05-29 23:11 529 ----a-w C:\Program Files\Shortcut to Registry Mechanic.lnk
2008-04-03 15:14 8,704 --sha-w C:\Program Files\Thumbs.db
2008-03-19 14:13 47,360 ----a-w C:\Documents and Settings\Nicole Collett\Application Data\pcouffin.sys
2007-11-04 15:35 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-10-03 23:05 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-03 01:03 28,981,233 ----a-w C:\Program Files\bricopack-vista-inspirat-ultimate-2-crystalxp.net-en-130.zip
2007-09-20 00:38 4,830,077 ----a-w C:\Program Files\LimeWire_Pro_4.14.10_[limewirepro.at.tt].zip
2007-09-13 18:10 77,312 ----a-w C:\Program Files\Registry mechanic.exe
2007-05-22 15:41 1,579,194 ----a-w C:\Program Files\ImageStatio.exe
2007-04-30 17:18 401,952 ----a-w C:\Program Files\3DwindowsXP.exe
2007-02-18 06:56 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2006-11-27 09:10 15,926,792 ----a-w C:\Program Files\DivXInstaller.exe
.
Code:
<pre>
----a-w           291,928 2007-01-07 06:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 07:14:24  C:\Documents and Settings\Nicole Collett\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
----a-w           291,928 2007-01-07 06:14:24  C:\Program Files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
</pre>

------- Sigcheck -------

2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-04 08:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-28 19:35 2015744 48472d224e1703882b4de0e28e205e9b C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 12:12 2017280 fa64f313f5237c53a909906113acae7d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 05:16 2028032 79fe19bdcc1be5375fe17009292fd817 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-04 08:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-28 20:02 2136064 25c36dbc46e8eff2a811769a60715ac5 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 12:49 2137600 57b9d140e1eb8b0ea06df927b63b0eee C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 05:53 2148352 742c5682fe63413ac6c68ad6c0db61da C:\WINDOWS\system32\ntoskrnl.exe

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 08:00 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 04:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 17:13 1207080]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 22:05 204288]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe" [2008-03-10 12:25 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 10:40 196608]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 20:28 53248]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 15:13 671744]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 20:13 122880]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 17:45 28672]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 16:25 73728]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 17:45 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 20:04 802816]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-10-06 10:21 942080]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"BellCanada_McciTrayApp"="C:\Program Files\BellCanada\McciTrayApp.exe" [2007-08-09 15:04 930816]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2006-01-13 02:46 311296]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 02:46 196608]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [2008-03-10 12:25 311024]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [2008-03-10 12:26 13552]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 13:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 18:50 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [N/A]
"TDispVol"="TDispVol.exe" [2005-12-27 20:34 73728 C:\WINDOWS\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 21:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 18:29 88203 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe" [2008-03-10 12:25 61168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2006-03-12 18:03:50 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicole Collett^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
--a------ 2006-01-13 02:46 311296 C:\WINDOWS\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 22:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.207.50/255.255.255.255:Enabled:ActiveSync RAPI Manager
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Web Server
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-04 11:27]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 11:59]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 08:00]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 13:33]
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 02:46]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 16:01]
S3 AIDA32Driver;AIDA32Driver;C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\Rar$EX11.563\aida32.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 17:51]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 17:51]
S3 Radialpoint Security Services;Sympatico Security Manager;C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 12:25]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]

*Newly Created Service* - DVPAPI
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 22:03:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\JET74AE.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\TDispVol.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\hphipm09.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
.
**************************************************************************
.
Completion time: 2008-09-01 22:22:21 - machine was rebooted [Nicole Collett]
ComboFix-quarantined-files.txt 2008-09-02 02:21:53
ComboFix2.txt 2008-09-01 21:52:12
ComboFix3.txt 2008-08-31 00:50:59
ComboFix4.txt 2008-08-31 00:29:34
ComboFix5.txt 2008-09-02 01:55:24

Pre-Run: 32,499,601,408 bytes free
Post-Run: 32,516,722,688 bytes free

272 --- E O F --- 2008-08-30 21:08:10
 

·
TSF-Emeritus
Joined
·
15,384 Posts
Hi,

Please delete the following file from your desktop. It's identified as a trojan downloader. :

C:\Documents and Settings\Nicole Collett\Desktop\Music\Metric - Calculation theme.mp3

===============================

I completly removed Limewire and bitorrent,
Well done.

The computer is a lot better, just ... when i right click on desktop it takes quite a long time to open(righclick)
That would be a an issue to take up with our XP Support forum. I found the following links that may give you an idea what it is about though.

http://windowsxp.mvps.org/rcdelay.htm
http://windowsxp.mvps.org/slowrightclick.htm
http://www.jfitz.com/tips/rclick_custom.html
http://www.tech-archive.net/Archive/WinXP/microsoft.public.windowsxp.general/2006-05/msg10981.html

=============================

Looks like you missed to have this fixed with HijackThis:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
This is used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out

==============================


Open notepad. It must be notepad, not wordpad.
Copy and paste the text inside the code box below into notepad, including the blank line at the end. Make sure that wordwrap is turned off in notepad - click the format menu and uncheck wordwrap.
Choose file save as and set file type to all files.
Type fixreg.reg in the file name and save it to your desktop. It should look like this:


REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the fixreg.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer yes.

Reboot your computer. Let me know how all that went and how the computer is running now.
 
1 - 16 of 16 Posts
Status
Not open for further replies.
Top