Fixed it by downloading new IE sry if used anyones time

virusuck · Aug 17, 2007

Right when i boot up i get an error saying IE has had a problem and needs to close when i click send/don't send(either) my entire screen goes black to just my backround then about 5-10 seconds later everything pops up and after that my computer is lagy and i cant install or play any of the games i was playing like a week ago. here is the information inside the file it says is having a problem help me fix.

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="616960" CHECKSUM="0x8E9BCF02" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0DE4" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:23" UPTO_LINK_DATE="08/04/2004 07:56:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="280064" CHECKSUM="0xB8240DF1" BIN_FILE_VERSION="5.1.2600.2818" BIN_PRODUCT_VERSION="5.1.2600.2818" PRODUCT_VERSION="5.1.2600.2818" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2818 (xpsp_sp2_gdr.051228-1427)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4D0D0" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2818" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2818" LINK_DATE="12/29/2005 02:54:35" UPTO_LINK_DATE="12/29/2005 02:54:35" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="984064" CHECKSUM="0xF12E1D4A" BIN_FILE_VERSION="5.1.2600.2945" BIN_PRODUCT_VERSION="5.1.2600.2945" PRODUCT_VERSION="5.1.2600.2945" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF724D" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2945" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2945" LINK_DATE="07/05/2006 10:55:00" UPTO_LINK_DATE="07/05/2006 10:55:00" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="708096" CHECKSUM="0x9D20568" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF2F7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1285120" CHECKSUM="0xA38DDD0E" BIN_FILE_VERSION="5.1.2600.2726" BIN_PRODUCT_VERSION="5.1.2600.2726" PRODUCT_VERSION="5.1.2600.2726" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13DC6B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2726" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2726" LINK_DATE="07/26/2005 04:39:47" UPTO_LINK_DATE="07/26/2005 04:39:47" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="553472" CHECKSUM="0x4155D7D" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.2180" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x96957" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:57:39" UPTO_LINK_DATE="08/04/2004 07:57:39" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8453632" CHECKSUM="0xB7D7C772" BIN_FILE_VERSION="6.0.2900.2951" BIN_PRODUCT_VERSION="6.0.2900.2951" PRODUCT_VERSION="6.00.2900.2951" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2951 (xpsp_sp2_gdr.060713-0009)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x816C54" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2951" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2951" LINK_DATE="07/13/2006 13:33:24" UPTO_LINK_DATE="07/13/2006 13:33:24" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="577024" CHECKSUM="0xE2FA2429" BIN_FILE_VERSION="5.1.2600.2622" BIN_PRODUCT_VERSION="5.1.2600.2622" PRODUCT_VERSION="5.1.2600.2622" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9505C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2622" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2622" LINK_DATE="03/02/2005 18:09:29" UPTO_LINK_DATE="03/02/2005 18:09:29" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="664576" CHECKSUM="0x17BDDFA3" BIN_FILE_VERSION="6.0.2900.3020" BIN_PRODUCT_VERSION="6.0.2900.3020" PRODUCT_VERSION="6.00.2900.3020" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.3020 (xpsp.061023-0222)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB2247" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.3020" UPTO_BIN_PRODUCT_VERSION="6.0.2900.3020" LINK_DATE="10/23/2006 15:34:22" UPTO_LINK_DATE="10/23/2006 15:34:22" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows(TM) Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="svchostw.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="svchostw.dll" SIZE="23552" CHECKSUM="0x707CC519" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="04/06/2007 09:27:09" UPTO_LINK_DATE="04/06/2007 09:27:09" />
</EXE>
</DATABASE>

virusuck · Aug 17, 2007

here is the hijackthis scan results

Logfile of HijackThis v1.99.1
Scan saved at 7:36:55 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\scvhast.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\drivers\uzcx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pristontale.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\auditusr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\MyPrograms\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Avira Antivir PE] antivir.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [scvhast.exe] scvhast.exe
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O4 - HKLM\..\RunServices: [Avira Antivir PE] antivir.exe
O4 - HKLM\..\RunServices: [scvhast.exe] scvhast.exe
O4 - HKCU\..\Run: [Weather] E:\Programs\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares ultra] "E:\Ares\Ares Ultra\Ares Ultra.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\MyPrograms\Aim\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40443.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122820764656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://216.32.89.203/activex/vogweb29.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CES.Off
O17 - HKLM\Software\..\Telephony: DomainName = CES.Off
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CES.Off
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CES.Off
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - E:\Ares\Ares Ultra\chatServer.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Insorak · Aug 18, 2007

At a glance, there are a few bad things in here... give me a second to get back to you on this.

Insorak · Aug 18, 2007

Infostealer.Monstres is a Trojan horse that may steal sensitive information from the compromised computer and targets Monster.com users when they post data online.
Click to expand...

Please change all the passwords to your sensitive information (email, bank account, etc) on a DIFFERENT uninfected computer.

Open HijackThis, click "Do system scan only", checkmark following:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\auditusr.dll
O4 - HKLM\..\Run: [Avira Antivir PE] antivir.exe
O4 - HKLM\..\Run: [scvhast.exe] scvhast.exe
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O4 - HKLM\..\RunServices: [Avira Antivir PE] antivir.exe
O4 - HKLM\..\RunServices: [scvhast.exe] scvhast.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://216.32.89.203/activex/vogweb29.cab

Make sure you have not checked anything that isn't on that list. Close ALL windows other than HijackThis and press "Fix Checked".

There are quite a few things in your log that I'm not sure about - I want to research them more before telling you to fix anything.

Please copy ALL of the text in the codebox (starting with @ECHO OFF) into a blank NOTEPAD document:

@ECHO OFF
if exist C:\WINDOWS\System32\ntos.exe DEL C:\WINDOWS\System32\ntos.exe
if exist C:\WINDOWS\System32\auditusr.dll DEL C:\WINDOWS\System32\auditusr.dll
if exist C:\WINDOWS\System32\antivir.exe DEL C:\WINDOWS\System32\antivir.exe
if exist C:\WINDOWS\System32\scvhast.exe DEL C:\WINDOWS\System32\scvhast.exe
if exist C:\WINDOWS\System32\uzcx.exe DEL C:\WINDOWS\System32\uzcx.exe
if exist C:\WINDOWS\System32\ntos.exe ECHO ntos.exe not deleted>C:\log.txt
if exist C:\WINDOWS\System32\auditusr.dll ECHO auditusr.dll not deleted>>C:\log.txt
if exist C:\WINDOWS\System32\antivir.exe ECHO antivir.exe not deleted>>C:\log.txt
if exist C:\WINDOWS\System32\scvhast.exe ECHO scvhast.exe not deleted>>C:\log.txt
start C:\log.txt
del killfile.bat
Click to expand...

Press ctrl-S. Under "Save as type" make sure "All files" is selected. Save the name as killfile.bat and save it to desktop.

Reboot into Safe Mode:
1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode using the arrow keys.
4. Then press enter on your keyboard to boot into Safe Mode.

Double click on killfile.bat. A window will flash for a second then disappear. Killfile.bat will be deleted and a notepad window will open. If it is blank then ignore it, if there is text copy the text into your reply.

Please download Deckard's System Scanner (formerly ComboScan) from the link provided. Save it to your Desktop.

Note: This program will clear your temporary files.

Please do a scan with dss.exe. It will only take about five minutes. If it cannot find HijackThis on your computer, it will prompt you to look for it. Please press "yes" and tell the scanner where it is located. If the scanner asks you to download HijackThis, please answer "yes" to that as well. During the scan, your firewall may warn you about a .exe file attempting to connect to the Internet; please allow it. Your antivirus may also detect Deckard's System Scanner as a Possible Threat or RiskTool; it may be better for you to temporarily disable your antivirus.

Once the scan is done, it will produce two logfiles for you: a "main.txt" (which you see) and an "extra.txt" (which is minimized). Please copy the contents of both these logfiles into your next reply.

virusuck · Aug 19, 2007

ok here's the results of the killfile.bat
ntos.exe not deleted
scvhast.exe not deleted

here's the results of the dss scan
(main.txt)
Deckard's System Scanner v20070809.63
Run by sean.lambert on 2007-08-19 at 00:50:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
9: 2007-08-19 07:50:48 UTC - RP686 - Deckard's System Scanner Restore Point
8: 2007-08-19 05:35:47 UTC - RP685 - Installed Zune software
7: 2007-08-18 19:48:33 UTC - RP684 - Installed Zune software
6: 2007-08-18 04:57:42 UTC - RP683 - Installed Zune software
5: 2007-08-18 04:54:10 UTC - RP682 - Installed Zune software

-- First Restore Point --
1: 2007-08-17 23:11:57 UTC - RP678 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.37 GiB (less than 15%) free.

-- HijackThis (run as sean.lambert.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:34 AM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Ares\Ares.exe
E:\Programs\WeatherBug\Weather.exe
D:\games\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\sean.lambert.CES\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\sean.lambert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pristontale.com/
F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\MyPrograms\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchostw.exe /s
O4 - HKLM\..\Run: [WindowsUpdateR] C:\WINDOWS\System\regserv.exe /s
O4 - HKLM\..\Run: [svchctrl] c:\windows\system\svchctrl.exe
O4 - HKCU\..\Run: [Weather] E:\Programs\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [svchctrl] c:\windows\system\svchctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares ultra] "E:\Ares\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKUS\S-1-5-21-2430877206-107005662-2750996006-1110\..\Run: [AIM] D:\MYPROG~1\Aim\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-2430877206-107005662-2750996006-1110\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2430877206-107005662-2750996006-1113\..\Run: [AIM] C:\MYPROG~1\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-2430877206-107005662-2750996006-500\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\MyPrograms\Aim\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40443.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122820764656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CES.Off
O17 - HKLM\Software\..\Telephony: DomainName = CES.Off
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CES.Off
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CES.Off
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - E:\Ares\Ares Ultra\chatServer.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11419 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070818-224819-107 O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\auditusr.dll
backup-20070818-224819-178 O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://216.32.89.203/activex/vogweb29.cab
backup-20070818-224819-190 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
backup-20070818-224819-480 O4 - HKLM\..\Run: [Avira Antivir PE] antivir.exe
backup-20070818-224819-512 O4 - HKLM\..\RunServices: [Avira Antivir PE] antivir.exe
backup-20070818-224819-690 O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
backup-20070818-224819-780 O4 - HKLM\..\RunServices: [scvhast.exe] scvhast.exe
backup-20070818-224819-876 O4 - HKLM\..\Run: [scvhast.exe] scvhast.exe
backup-20070818-224819-978 O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
backup-20070819-003554-502 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
backup-20070819-003554-699 O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
R2 npkcrypt - d:\games\pristontale\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 dbustrcm - c:\docume~1\seanla~1.ces\locals~1\temp\dbustrcm.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 hitmanpro2 (Hitman Pro 2 Driver) - c:\program files\hitman pro\hitmanpro2.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 XDva005 - c:\windows\system32\xdva005.sys (file missing)
S3 XDva011 - c:\windows\system32\xdva011.sys (file missing)
S3 XDva015 - c:\windows\system32\xdva015.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S3 AresChatServer (Ares Chatroom server) - e:\ares\ares ultra\chatserver.exe <Not Verified; Ares Development Group; Ares p2p for windows>
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Zune
Device ID: USB\VID_045E&PID_0710\059CDB7B_-_0AEDA34E_-_80BD1FF8_-_8EE00652
Manufacturer:
Name: Zune
PNP Device ID: USB\VID_045E&PID_0710\059CDB7B_-_0AEDA34E_-_80BD1FF8_-_8EE00652
Service:

-- Files created between 2007-07-19 and 2007-08-19 -----------------------------

2007-08-18 22:49:51 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-08-18 22:43:10 0 d-------- C:\Program Files\Trend Micro
2007-08-17 19:36:38 0 d-------- C:\HJT
2007-08-16 22:07:45 0 d-------- C:\Program Files\XoftSpySE

-- Find3M Report ---------------------------------------------------------------

2007-08-19 00:49:57 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-19 00:43:42 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-08-18 13:06:24 0 d-------- C:\Program Files\Symantec AntiVirus
2007-08-16 14:39:32 0 d-------- C:\Documents and Settings\sean.lambert.CES\Application Data\WeatherBug
2007-08-12 13:00:34 0 d-------- C:\Program Files\AIM6
2007-08-12 13:00:29 0 d-------- C:\Documents and Settings\sean.lambert.CES\Application Data\Mozilla
2007-07-18 20:02:03 0 d-------- C:\Program Files\Spyware Doctor
2007-07-18 19:33:28 0 d-------- C:\Program Files\Hitman Pro
2007-07-18 18:40:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-18 11:09:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-03 23:49:26 82774 --a------ C:\WINDOWS\Uninstall Jade Empire.exe <Not Verified; BioWare Corp.; Jade Empire>
2007-06-28 22:35:51 0 d--h----- C:\Program Files\InstallShield Installation Information

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [12/01/2004 12:54 AM C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 03:52 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04/17/2005 12:30 PM]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"iTunesHelper"="D:\MyPrograms\iTunes\iTunesHelper.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/15/2006 01:29 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"@"="" []
"@"="" []
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="E:\Programs\WeatherBug\Weather.exe" [06/07/2005 01:58 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/2006 08:29 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe" []
"Steam"="d:\games\steam\steam.exe" [06/30/2007 01:08 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"ares ultra"="E:\Ares\Ares Ultra\Ares Ultra.exe" []
"userinit"="C:\WINDOWS\system32\ntos.exe" [08/04/2004 05:00 AM]
"@"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Weather"=C:\Program Files\WeatherBug\Weather.exe 1
"AIM"=D:\MyPrograms\Aim\aim.exe -cnetwait.odl
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"userinit"=C:\WINDOWS\system32\ntos.exe
"Steam"="D:\Games\Steam\Steam.exe" -silent

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
PS2 Keyboard English Edition.lnk - C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe [4/13/2006 5:36:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\ZuneSetup.exe

-- End of Deckard's System Scanner: finished at 2007-08-19 at 00:54:35 ---------

and the other
(extra.txt)
Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3000+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1023.48 MiB / 582.09 MiB
Pagefile Memory (total/avail): 2460 MiB / 2062.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1957.7 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 2.37 GiB free.
D: is Fixed (NTFS) - 28.58 GiB total, 13.4 GiB free.
E: is Fixed (NTFS) - 28.57 GiB total, 28.39 GiB free.
G: is CDROM (CDFS)

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\MyPrograms\\Steam\\Steam.exe"="C:\\MyPrograms\\Steam\\Steam.exe:*isabled:Steam"
"C:\\Games\\Rose Online\\TRose.exe"="C:\\Games\\Rose Online\\TRose.exe:*isabled:Client"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\MyPrograms\\aim.exe"="C:\\MyPrograms\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe"="C:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe:*isabled:Half-Life Launcher"
"D:\\Steam\\Steam.exe"="D:\\Steam\\Steam.exe:*isabled:Steam"
"D:\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe"="D:\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe:*isabled:Half-Life Launcher"
"D:\\Games\\Rose Online\\TRose.exe"="D:\\Games\\Rose Online\\TRose.exe:*isabled:Client"
"C:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\counter-strike\\hl.exe"="C:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\counter-strike\\hl.exe:*isabled:Half-Life Launcher"
"D:\\Games\\Gunbound\\softnyx\\GunboundWC\\GunBound.gme"="D:\\Games\\Gunbound\\softnyx\\GunboundWC\\GunBound.gme:*isabled:GunBound"
"D:\\Games\\Ground Control Op. Exodus\\gcii.exe"="D:\\Games\\Ground Control Op. Exodus\\gcii.exe:*isabled:Ground Control II"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*isabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*isabled:Yahoo! Messenger"
"D:\\Games\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"="D:\\Games\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*isabled:Blizzard Downloader"
"D:\\MyPrograms\\WimMx\\WinMX\\WinMX.exe"="D:\\MyPrograms\\WimMx\\WinMX\\WinMX.exe:*isabled:WinMX Application"
"D:\\Games\\Little Fighter 2\\lf2.exe"="D:\\Games\\Little Fighter 2\\lf2.exe:*isabled:lf2"
"D:\\Games\\Rakion\\Rakion\\Bin\\Rakion.bin"="D:\\Games\\Rakion\\Rakion\\Bin\\Rakion.bin:*isabled:Rakion"
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"="C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe:*isabled:lf2"
"D:\\Games\\GunZ\\Gunz.exe"="D:\\Games\\GunZ\\Gunz.exe:*isabled:Gunz"
"D:\\Games\\RollerCoasterTycoon\\rct.exe"="D:\\Games\\RollerCoasterTycoon\\rct.exe:*isabled:rct"
"D:\\MyPrograms\\Steam\\Steam.exe"="D:\\MyPrograms\\Steam\\Steam.exe:*isabled:Steam"
"D:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe"="D:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe:*isabled:Half-Life Launcher"
"D:\\Games\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe"="D:\\Games\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*isabled:Blizzard Downloader"
"C:\\Program Files\\VINCO\\VOG2\\vogshell.exe"="C:\\Program Files\\VINCO\\VOG2\\vogshell.exe:*isabled:VOG Shell"
"D:\\MyPrograms\\Aim\\aim.exe"="D:\\MyPrograms\\Aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\\MyPrograms\\Aim\\aim.exe"="D:\\MyPrograms\\Aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\\Games\\LOR battle for middler-earth\\game.dat"="D:\\Games\\LOR battle for middler-earth\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"D:\\MyPrograms\\iTunes\\iTunes.exe"="D:\\MyPrograms\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Games\\LOTR\\game.dat"="D:\\Games\\LOTR\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\system32\\wupdate.exe"="C:\\WINDOWS\\system32\\wupdate.exe:*:Enabled:Windows Secure Update"
""=":*:Enabled:Avira Antivir PE"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"D:\\Games\\Steam\\steamapps\\hrmarine\\counter-strike source\\hl2.exe"="D:\\Games\\Steam\\steamapps\\hrmarine\\counter-strike source\\hl2.exe:*isabled:hl2"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\sean.lambert.CES\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CES-WRKSTN-03
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\sean.lambert.CES
LOGONSERVER=\\CES-DC1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SEANLA~1.CES\LOCALS~1\Temp
TMP=C:\DOCUME~1\SEANLA~1.CES\LOCALS~1\Temp
USERDNSDOMAIN=CES.OFF
USERDOMAIN=CES
USERNAME=sean.lambert
USERPROFILE=C:\Documents and Settings\sean.lambert.CES
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

bob.mcjunkin (admin)
Camille.lambert (admin)
sean.lambert.CES (admin)
sean.lambert (admin)
system.admin (admin)
bob (admin, profile directory not found)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5ADA9741-0570-4096-B5FE-1D55E57537D4}
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot G3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE99B4DC-754E-4D40-AFA6-AB43248231EC}
Canon PowerShot S45 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{938DB54D-B302-4594-A782-32219F1734AB}
Canon Utilities File Viewer Utility 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB3AC39D-9915-435D-ACC4-9881E75326BC}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Carmen Sandiego Word Detective v1.0.1 --> C:\WINDOWS\uninst.exe -f"d:\games\carmen sandiego\cs word\DeIsL1.isu"
Condition Zero --> "D:\Games\Steam\steam.exe" steam://uninstall/80
Condition Zero Deleted Scenes --> "D:\Games\Steam\steam.exe" steam://uninstall/100
Counter-Strike: Source --> "D:\Games\Steam\steam.exe" steam://uninstall/240
D-Link DWL-120 11Mbps WLAN Card --> C:\WINDOWS\uninst.exe -f"C:\Program Files\D-Link Corporation\D-Link DWL-120 11Mbps WLAN Card\DeIsL3.isu" -cC:\PROGRA~1\D-LINK~1\D-LINK~1\_ISREG32.DLL
Day of Defeat: Source --> "D:\Games\Steam\steam.exe" steam://uninstall/300
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fahrenheit --> MsiExec.exe /I{BA10AC78-E687-4523-8B93-540428FC256F}
Fraps (remove only) --> "D:\Games\World of Warcraft\Fraps\uninstall.exe"
Ground Control II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21C41BAF-6F62-469D-A43B-DDF01628346E}\setup.exe" -l0x9
Gunbound Revolution --> "D:\Games\Gunbound\ENGLISH\Gunbound Revolution\unins000.exe"
Half-Life 2 --> "D:\Games\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "D:\Games\Steam\steam.exe" steam://uninstall/320
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jade Empire --> C:\WINDOWS\Uninstall Jade Empire.exe
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Master Of Defense Free Trial --> "D:\Games\New Folder\MasterOfDefense_at\unins000.exe"
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (1.0.6) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.6 (en-US)"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Myst for Windows 95 --> C:\WINDOWS\uninst.exe -fd:\games\myst\DeIsL1.isu
Net MD Simple Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}\setup.exe" -l0x9 UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 3.2-03-02-21-08 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-17-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-17-02\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\setup.exe" -l0x9 UNINSTALL
Panty Raider --> C:\PANTYR~1\UNWISE.EXE C:\PANTYR~1\INSTALL.LOG
Postal 2 Demo --> C:\WINDOWS\unvise32.exe C:\Program Files\Postal 2 Demo\uninstal.log
PristonTale --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B4799D-4E8D-4DC6-9C50-060EE5F8AA9C}\Setup.exe" -l0x9
PS2 Keyboard English Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5748DC5-261F-11D6-B510-0050BA40E0EC}\Setup.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roll --> C:\WINDOWS\UniFish3.exe D:\Games\RollerCoasterTycoon\RollerCoaster Tycoon.log
Rome - Total War(TM) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
SeaStorm 3D Screensaver (remove only) --> "C:\Program Files\SeaStorm 3D Screensaver\Uninstall.exe"
SimCity 4 Deluxe --> D:\Games\Sim City\EAUninstall.exe
Softnyx Launcher --> "D:\Games\Rakion\Launcher\unins000.exe"
SonicStage 1.5.53 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steam(TM) --> C:\MYPROG~1\Steam\UNWISE.EXE C:\MYPROG~1\Steam\INSTALL.LOG
Symantec AntiVirus --> MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Ultimate Game Pak --> C:\WINDOWS\iun506.exe D:\Games\Ultimate Game pak 1.0\Ultimate Game Pak\irunin.ini
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WeatherBug --> C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
Where in the World is Carmen Sandiego? --> C:\WINDOWS\UNINST.EXE -f"d:\games\CARMEN~1\CSWORL~1\DeIsL1.isu"
Where in Time is Carmen Sandiego? v3.0 Demo --> C:\WINDOWS\uninst.exe -f"d:\games\carmen sandiego\DeIsL2.isu"
Windows Key 7.5 Demo --> C:\Program Files\Passware\demos\un-winkeyd.exe
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Winferno Registry Power Cleaner --> "C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Worms2 --> C:\WINDOWS\IsUninst.exe -f"d:\games\worms 2\Uninst.isu"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL

-- Application Event Log -------------------------------------------------------

Event ID #1445: Error
Event Submitted/Written: 08/19/2007 00:50:40 AM
Event Source: Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1443: Error
Event Submitted/Written: 08/19/2007 00:50:18 AM
Event Source: AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event ID #1440: Error
Event Submitted/Written: 08/19/2007 00:49:39 AM
Event Source: Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module svchostw.dll, version 0.0.0.0, fault address 0x00001290.
Processing media-specific event for [explorer.exe!ws!]

Event ID #1439: Error
Event Submitted/Written: 08/19/2007 00:49:20 AM
Event Source: Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event ID #1438: Error
Event Submitted/Written: 08/19/2007 00:49:18 AM
Event Source: Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event ID #18288: Error
Event Submitted/Written: 08/19/2007 00:52:07 AM
Event Source: Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event ID #18287: Error
Event Submitted/Written: 08/19/2007 00:52:07 AM
Event Source: Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Event ID #18278: Error
Event Submitted/Written: 08/19/2007 00:51:11 AM
Event Source: Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event ID #18277: Error
Event Submitted/Written: 08/19/2007 00:51:10 AM
Event Source: Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Event ID #18272: Error
Event Submitted/Written: 08/19/2007 00:50:42 AM
Event Source: Service Control Manager
Event Description:
The Automatic Updates service terminated with the following error:
%%126

-- End of Deckard's System Scanner: finished at 2007-08-19 at 00:54:35 ---------

virusuck · Aug 19, 2007

the killfile results
ntos.exe not deleted
scvhast.exe not deleted

dss main file results
Deckard's System Scanner v20070809.63
Run by sean.lambert on 2007-08-19 at 00:50:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
9: 2007-08-19 07:50:48 UTC - RP686 - Deckard's System Scanner Restore Point
8: 2007-08-19 05:35:47 UTC - RP685 - Installed Zune software
7: 2007-08-18 19:48:33 UTC - RP684 - Installed Zune software
6: 2007-08-18 04:57:42 UTC - RP683 - Installed Zune software
5: 2007-08-18 04:54:10 UTC - RP682 - Installed Zune software

-- First Restore Point --
1: 2007-08-17 23:11:57 UTC - RP678 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.37 GiB (less than 15%) free.

-- HijackThis (run as sean.lambert.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:34 AM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Ares\Ares.exe
E:\Programs\WeatherBug\Weather.exe
D:\games\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\sean.lambert.CES\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\sean.lambert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pristontale.com/
F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\MyPrograms\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchostw.exe /s
O4 - HKLM\..\Run: [WindowsUpdateR] C:\WINDOWS\System\regserv.exe /s
O4 - HKLM\..\Run: [svchctrl] c:\windows\system\svchctrl.exe
O4 - HKCU\..\Run: [Weather] E:\Programs\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [svchctrl] c:\windows\system\svchctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares ultra] "E:\Ares\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKUS\S-1-5-21-2430877206-107005662-2750996006-1110\..\Run: [AIM] D:\MYPROG~1\Aim\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-2430877206-107005662-2750996006-1110\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2430877206-107005662-2750996006-1113\..\Run: [AIM] C:\MYPROG~1\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-2430877206-107005662-2750996006-500\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\MyPrograms\Aim\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40443.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122820764656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CES.Off
O17 - HKLM\Software\..\Telephony: DomainName = CES.Off
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CES.Off
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CES.Off
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - E:\Ares\Ares Ultra\chatServer.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11419 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070818-224819-107 O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\auditusr.dll
backup-20070818-224819-178 O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://216.32.89.203/activex/vogweb29.cab
backup-20070818-224819-190 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
backup-20070818-224819-480 O4 - HKLM\..\Run: [Avira Antivir PE] antivir.exe
backup-20070818-224819-512 O4 - HKLM\..\RunServices: [Avira Antivir PE] antivir.exe
backup-20070818-224819-690 O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
backup-20070818-224819-780 O4 - HKLM\..\RunServices: [scvhast.exe] scvhast.exe
backup-20070818-224819-876 O4 - HKLM\..\Run: [scvhast.exe] scvhast.exe
backup-20070818-224819-978 O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
backup-20070819-003554-502 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
backup-20070819-003554-699 O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
R2 npkcrypt - d:\games\pristontale\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 dbustrcm - c:\docume~1\seanla~1.ces\locals~1\temp\dbustrcm.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 hitmanpro2 (Hitman Pro 2 Driver) - c:\program files\hitman pro\hitmanpro2.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 XDva005 - c:\windows\system32\xdva005.sys (file missing)
S3 XDva011 - c:\windows\system32\xdva011.sys (file missing)
S3 XDva015 - c:\windows\system32\xdva015.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S3 AresChatServer (Ares Chatroom server) - e:\ares\ares ultra\chatserver.exe <Not Verified; Ares Development Group; Ares p2p for windows>
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Zune
Device ID: USB\VID_045E&PID_0710\059CDB7B_-_0AEDA34E_-_80BD1FF8_-_8EE00652
Manufacturer:
Name: Zune
PNP Device ID: USB\VID_045E&PID_0710\059CDB7B_-_0AEDA34E_-_80BD1FF8_-_8EE00652
Service:

-- Files created between 2007-07-19 and 2007-08-19 -----------------------------

2007-08-18 22:49:51 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-08-18 22:43:10 0 d-------- C:\Program Files\Trend Micro
2007-08-17 19:36:38 0 d-------- C:\HJT
2007-08-16 22:07:45 0 d-------- C:\Program Files\XoftSpySE

-- Find3M Report ---------------------------------------------------------------

2007-08-19 00:49:57 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-08-19 00:43:42 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-08-18 13:06:24 0 d-------- C:\Program Files\Symantec AntiVirus
2007-08-16 14:39:32 0 d-------- C:\Documents and Settings\sean.lambert.CES\Application Data\WeatherBug
2007-08-12 13:00:34 0 d-------- C:\Program Files\AIM6
2007-08-12 13:00:29 0 d-------- C:\Documents and Settings\sean.lambert.CES\Application Data\Mozilla
2007-07-18 20:02:03 0 d-------- C:\Program Files\Spyware Doctor
2007-07-18 19:33:28 0 d-------- C:\Program Files\Hitman Pro
2007-07-18 18:40:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-18 11:09:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-03 23:49:26 82774 --a------ C:\WINDOWS\Uninstall Jade Empire.exe <Not Verified; BioWare Corp.; Jade Empire>
2007-06-28 22:35:51 0 d--h----- C:\Program Files\InstallShield Installation Information

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [12/01/2004 12:54 AM C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 03:52 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04/17/2005 12:30 PM]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"iTunesHelper"="D:\MyPrograms\iTunes\iTunesHelper.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/15/2006 01:29 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"@"="" []
"@"="" []
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="E:\Programs\WeatherBug\Weather.exe" [06/07/2005 01:58 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/2006 08:29 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe" []
"Steam"="d:\games\steam\steam.exe" [06/30/2007 01:08 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"ares ultra"="E:\Ares\Ares Ultra\Ares Ultra.exe" []
"userinit"="C:\WINDOWS\system32\ntos.exe" [08/04/2004 05:00 AM]
"@"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Weather"=C:\Program Files\WeatherBug\Weather.exe 1
"AIM"=D:\MyPrograms\Aim\aim.exe -cnetwait.odl
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"userinit"=C:\WINDOWS\system32\ntos.exe
"Steam"="D:\Games\Steam\Steam.exe" -silent

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
PS2 Keyboard English Edition.lnk - C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe [4/13/2006 5:36:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\ZuneSetup.exe

-- End of Deckard's System Scanner: finished at 2007-08-19 at 00:54:35 ---------

dss extra file results
Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3000+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1023.48 MiB / 582.09 MiB
Pagefile Memory (total/avail): 2460 MiB / 2062.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1957.7 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 2.37 GiB free.
D: is Fixed (NTFS) - 28.58 GiB total, 13.4 GiB free.
E: is Fixed (NTFS) - 28.57 GiB total, 28.39 GiB free.
G: is CDROM (CDFS)

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\MyPrograms\\Steam\\Steam.exe"="C:\\MyPrograms\\Steam\\Steam.exe:*isabled:Steam"
"C:\\Games\\Rose Online\\TRose.exe"="C:\\Games\\Rose Online\\TRose.exe:*isabled:Client"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\MyPrograms\\aim.exe"="C:\\MyPrograms\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe"="C:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe:*isabled:Half-Life Launcher"
"D:\\Steam\\Steam.exe"="D:\\Steam\\Steam.exe:*isabled:Steam"
"D:\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe"="D:\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe:*isabled:Half-Life Launcher"
"D:\\Games\\Rose Online\\TRose.exe"="D:\\Games\\Rose Online\\TRose.exe:*isabled:Client"
"C:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\counter-strike\\hl.exe"="C:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\counter-strike\\hl.exe:*isabled:Half-Life Launcher"
"D:\\Games\\Gunbound\\softnyx\\GunboundWC\\GunBound.gme"="D:\\Games\\Gunbound\\softnyx\\GunboundWC\\GunBound.gme:*isabled:GunBound"
"D:\\Games\\Ground Control Op. Exodus\\gcii.exe"="D:\\Games\\Ground Control Op. Exodus\\gcii.exe:*isabled:Ground Control II"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*isabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*isabled:Yahoo! Messenger"
"D:\\Games\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"="D:\\Games\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*isabled:Blizzard Downloader"
"D:\\MyPrograms\\WimMx\\WinMX\\WinMX.exe"="D:\\MyPrograms\\WimMx\\WinMX\\WinMX.exe:*isabled:WinMX Application"
"D:\\Games\\Little Fighter 2\\lf2.exe"="D:\\Games\\Little Fighter 2\\lf2.exe:*isabled:lf2"
"D:\\Games\\Rakion\\Rakion\\Bin\\Rakion.bin"="D:\\Games\\Rakion\\Rakion\\Bin\\Rakion.bin:*isabled:Rakion"
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"="C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe:*isabled:lf2"
"D:\\Games\\GunZ\\Gunz.exe"="D:\\Games\\GunZ\\Gunz.exe:*isabled:Gunz"
"D:\\Games\\RollerCoasterTycoon\\rct.exe"="D:\\Games\\RollerCoasterTycoon\\rct.exe:*isabled:rct"
"D:\\MyPrograms\\Steam\\Steam.exe"="D:\\MyPrograms\\Steam\\Steam.exe:*isabled:Steam"
"D:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe"="D:\\MyPrograms\\Steam\\SteamApps\\reloadedxbox\\condition zero\\hl.exe:*isabled:Half-Life Launcher"
"D:\\Games\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe"="D:\\Games\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*isabled:Blizzard Downloader"
"C:\\Program Files\\VINCO\\VOG2\\vogshell.exe"="C:\\Program Files\\VINCO\\VOG2\\vogshell.exe:*isabled:VOG Shell"
"D:\\MyPrograms\\Aim\\aim.exe"="D:\\MyPrograms\\Aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"D:\\MyPrograms\\Aim\\aim.exe"="D:\\MyPrograms\\Aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\\Games\\LOR battle for middler-earth\\game.dat"="D:\\Games\\LOR battle for middler-earth\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"D:\\MyPrograms\\iTunes\\iTunes.exe"="D:\\MyPrograms\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Games\\LOTR\\game.dat"="D:\\Games\\LOTR\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\system32\\wupdate.exe"="C:\\WINDOWS\\system32\\wupdate.exe:*:Enabled:Windows Secure Update"
""=":*:Enabled:Avira Antivir PE"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"D:\\Games\\Steam\\steamapps\\hrmarine\\counter-strike source\\hl2.exe"="D:\\Games\\Steam\\steamapps\\hrmarine\\counter-strike source\\hl2.exe:*isabled:hl2"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\sean.lambert.CES\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CES-WRKSTN-03
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\sean.lambert.CES
LOGONSERVER=\\CES-DC1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SEANLA~1.CES\LOCALS~1\Temp
TMP=C:\DOCUME~1\SEANLA~1.CES\LOCALS~1\Temp
USERDNSDOMAIN=CES.OFF
USERDOMAIN=CES
USERNAME=sean.lambert
USERPROFILE=C:\Documents and Settings\sean.lambert.CES
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

bob.mcjunkin (admin)
Camille.lambert (admin)
sean.lambert.CES (admin)
sean.lambert (admin)
system.admin (admin)
bob (admin, profile directory not found)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5ADA9741-0570-4096-B5FE-1D55E57537D4}
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot G3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE99B4DC-754E-4D40-AFA6-AB43248231EC}
Canon PowerShot S45 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{938DB54D-B302-4594-A782-32219F1734AB}
Canon Utilities File Viewer Utility 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB3AC39D-9915-435D-ACC4-9881E75326BC}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Carmen Sandiego Word Detective v1.0.1 --> C:\WINDOWS\uninst.exe -f"d:\games\carmen sandiego\cs word\DeIsL1.isu"
Condition Zero --> "D:\Games\Steam\steam.exe" steam://uninstall/80
Condition Zero Deleted Scenes --> "D:\Games\Steam\steam.exe" steam://uninstall/100
Counter-Strike: Source --> "D:\Games\Steam\steam.exe" steam://uninstall/240
D-Link DWL-120 11Mbps WLAN Card --> C:\WINDOWS\uninst.exe -f"C:\Program Files\D-Link Corporation\D-Link DWL-120 11Mbps WLAN Card\DeIsL3.isu" -cC:\PROGRA~1\D-LINK~1\D-LINK~1\_ISREG32.DLL
Day of Defeat: Source --> "D:\Games\Steam\steam.exe" steam://uninstall/300
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fahrenheit --> MsiExec.exe /I{BA10AC78-E687-4523-8B93-540428FC256F}
Fraps (remove only) --> "D:\Games\World of Warcraft\Fraps\uninstall.exe"
Ground Control II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21C41BAF-6F62-469D-A43B-DDF01628346E}\setup.exe" -l0x9
Gunbound Revolution --> "D:\Games\Gunbound\ENGLISH\Gunbound Revolution\unins000.exe"
Half-Life 2 --> "D:\Games\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "D:\Games\Steam\steam.exe" steam://uninstall/320
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jade Empire --> C:\WINDOWS\Uninstall Jade Empire.exe
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Master Of Defense Free Trial --> "D:\Games\New Folder\MasterOfDefense_at\unins000.exe"
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (1.0.6) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.6 (en-US)"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Myst for Windows 95 --> C:\WINDOWS\uninst.exe -fd:\games\myst\DeIsL1.isu
Net MD Simple Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}\setup.exe" -l0x9 UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 3.2-03-02-21-08 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-17-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-17-02\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\setup.exe" -l0x9 UNINSTALL
Panty Raider --> C:\PANTYR~1\UNWISE.EXE C:\PANTYR~1\INSTALL.LOG
Postal 2 Demo --> C:\WINDOWS\unvise32.exe C:\Program Files\Postal 2 Demo\uninstal.log
PristonTale --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B4799D-4E8D-4DC6-9C50-060EE5F8AA9C}\Setup.exe" -l0x9
PS2 Keyboard English Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5748DC5-261F-11D6-B510-0050BA40E0EC}\Setup.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roll --> C:\WINDOWS\UniFish3.exe D:\Games\RollerCoasterTycoon\RollerCoaster Tycoon.log
Rome - Total War(TM) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
SeaStorm 3D Screensaver (remove only) --> "C:\Program Files\SeaStorm 3D Screensaver\Uninstall.exe"
SimCity 4 Deluxe --> D:\Games\Sim City\EAUninstall.exe
Softnyx Launcher --> "D:\Games\Rakion\Launcher\unins000.exe"
SonicStage 1.5.53 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steam(TM) --> C:\MYPROG~1\Steam\UNWISE.EXE C:\MYPROG~1\Steam\INSTALL.LOG
Symantec AntiVirus --> MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Ultimate Game Pak --> C:\WINDOWS\iun506.exe D:\Games\Ultimate Game pak 1.0\Ultimate Game Pak\irunin.ini
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WeatherBug --> C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
Where in the World is Carmen Sandiego? --> C:\WINDOWS\UNINST.EXE -f"d:\games\CARMEN~1\CSWORL~1\DeIsL1.isu"
Where in Time is Carmen Sandiego? v3.0 Demo --> C:\WINDOWS\uninst.exe -f"d:\games\carmen sandiego\DeIsL2.isu"
Windows Key 7.5 Demo --> C:\Program Files\Passware\demos\un-winkeyd.exe
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Winferno Registry Power Cleaner --> "C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Worms2 --> C:\WINDOWS\IsUninst.exe -f"d:\games\worms 2\Uninst.isu"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL

-- Application Event Log -------------------------------------------------------

Event ID #1445: Error
Event Submitted/Written: 08/19/2007 00:50:40 AM
Event Source: Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1443: Error
Event Submitted/Written: 08/19/2007 00:50:18 AM
Event Source: AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event ID #1440: Error
Event Submitted/Written: 08/19/2007 00:49:39 AM
Event Source: Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module svchostw.dll, version 0.0.0.0, fault address 0x00001290.
Processing media-specific event for [explorer.exe!ws!]

Event ID #1439: Error
Event Submitted/Written: 08/19/2007 00:49:20 AM
Event Source: Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event ID #1438: Error
Event Submitted/Written: 08/19/2007 00:49:18 AM
Event Source: Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event ID #18288: Error
Event Submitted/Written: 08/19/2007 00:52:07 AM
Event Source: Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event ID #18287: Error
Event Submitted/Written: 08/19/2007 00:52:07 AM
Event Source: Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Event ID #18278: Error
Event Submitted/Written: 08/19/2007 00:51:11 AM
Event Source: Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event ID #18277: Error
Event Submitted/Written: 08/19/2007 00:51:10 AM
Event Source: Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Event ID #18272: Error
Event Submitted/Written: 08/19/2007 00:50:42 AM
Event Source: Service Control Manager
Event Description:
The Automatic Updates service terminated with the following error:
%%126

-- End of Deckard's System Scanner: finished at 2007-08-19 at 00:54:35 ---------

Insorak · Aug 19, 2007

Both your antivirus and your Java are outdated.

Please do an update for Norton Antivirus.

Next, open Start > Run and type "appwiz.cpl" (noquotes). From the list, remove everything that says "Java". Then, go to this link and download and install the latest version of Java.

Your computer seems to have been infected quite a while...

Please download the Killbox and save it to your Desktop. Then, copy the lines below (CTRL-C):
Code:
C:\WINDOWS\System32\ntos.exe
C:\WINDOWS\System32\scvhast.exe
Now, open the Killbox. From the "File" menu, click "Paste from Clipboard". Place the "bullet" beside "Delete Files on Reboot" and select the "All files" button. Killbox will ask to reboot your computer, let it do so. When it reboots you should have a log open; if not, go to C:\!KillBox\Logs and open it manually.

Note: If you get an error about mscomctl.ocx, please go here and download mscomctl.ocx and save it to your System32 folder.

virusuck · Aug 19, 2007

ok i'm doing the killbox but i have a minor problem my compter's internet gives me an error whenever i go to download an update for nortin and i tried to delete the java and install the new java by my computer gave me an error saying windows is either running in safe mode or not correctly installed and i've tried reinstalling that and it doesent work

virusuck · Aug 19, 2007

Pocket Killbox version 2.0.0.881
Running on Windows XP as Administrator
was started @ Sunday, August 19, 2007, 10:34 AM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\System32\ntos.exe

# 2 [Delete on Reboot]
Path = C:\WINDOWS\System32\scvhast.exe

I Rebooted @ 11:21:11 AM
Killbox Closed(Exit) @ 11:21:24 AM

virusuck · Aug 26, 2007

when i am just surfing the web for no apparent reason my internet just shuts down and gives me an error i ran a Hijackthis scan help please.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:51 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Ares\Ares.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pristontale.com/
F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\MyPrograms\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [Weather] E:\Programs\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares ultra] "E:\Ares\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [ares] "E:\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Weather] C:\Program Files\WeatherBug\Weather.exe 1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AIM] D:\MyPrograms\Aim\aim.exe -cnetwait.odl (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\MyPrograms\Aim\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40443.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122820764656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab37625.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CES.Off
O17 - HKLM\Software\..\Telephony: DomainName = CES.Off
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CES.Off
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CES.Off
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - E:\Ares\Ares Ultra\chatServer.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10859 bytes

Log in or Sign up

Fixed it by downloading new IE sry if used anyones time

virusuck Member

virusuck Member

Insorak Guest

Insorak Guest

virusuck Member

virusuck Member

Insorak Guest

virusuck Member

virusuck Member

virusuck Member

Share This Page

Log in or Sign up

Fixed it by downloading new IE sry if used anyones time

virusuck Member

virusuck Member

Insorak Guest

Insorak Guest

virusuck Member

virusuck Member

Insorak Guest

virusuck Member

virusuck Member

virusuck Member

Share This Page

Useful Searches