« previous next »
Pages: [1]   Go Down

Author Topic: need virus help asap  (Read 552 times)

0 Members and 1 Guest are viewing this topic.

Offline jimmykin01

  • Newbie
  • *
  • Posts: 3
need virus help asap
« on: August 02, 2010, 05:00:15 AM »
i have a virus on my computer or something there is a antivirus icon in my toolbar that isnt mine and it starts running a virus scan and keeps trying to get me to purchase the anti virus.and when ever i try to open my anti virus it says it's infected and the same for most programs and it randomly opens up enternet explorer and trys to connect to websites about viagra and other adult things.this is the only computer i have access to guys and i'm in safe mode right now so i could get on the internet. i was feeling out my fasfa information earlier and im worried about my sensitive info getting out exp. social #, address, email my student pin. please help me
 heres some info

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 20:50:43.26 on Sun 08/01/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.672 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\My Documents\Defogger.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=1008&m=el1200
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=1008&m=el1200
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0309&m=el1200-06w
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0309&m=el1200-06w
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LaunchApp]
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [ykioqces] c:\documents and settings\jim\local settings\application data\mghipkfhu\cpakswgtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f6d4050\v2\Belkinwcui.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\lj4t822w.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-15 243024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-6-25 532224]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-10-29 644096]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-15 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-15 29584]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-15 430152]

=============== Created Last 30 ================

2010-08-02 03:49:25   0   ----a-w-   c:\documents and settings\administrator\defogger_reenable
2010-08-02 02:17:20   0   d-----w-   c:\docume~1\admini~1\applic~1\Symantec
2010-07-17 09:33:26   0   d-----w-   c:\program files\common files\Sony Shared
2010-07-17 09:32:31   0   d-----w-   c:\docume~1\alluse~1\applic~1\Sony Corporation
2010-07-17 09:25:09   0   d-----w-   c:\program files\Sony
2010-07-17 07:18:45   38   ----a-w-   c:\windows\cdplayer.ini
2010-07-17 07:17:17   0   d-----w-   c:\program files\common files\xing shared
2010-07-17 07:16:45   0   d-----w-   c:\program files\common files\Real
2010-07-15 20:13:33   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-15 20:13:30   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-15 20:13:23   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-07-15 20:13:17   0   d-----w-   c:\windows\system32\drivers\Avg
2010-07-15 20:13:15   0   d-----w-   c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-07-15 19:45:51   0   d--h--w-   C:\$AVG
2010-07-15 03:40:08   0   d-----w-   c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-15 02:24:39   0   d-----w-   c:\windows\pss
2010-07-04 07:49:47   0   d-----w-   c:\program files\Microsoft
2010-07-04 07:47:50   411368   ----a-w-   c:\windows\system32\deployJava1.dll

==================== Find3M  ====================

2010-07-17 07:16:47   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-07-17 07:16:47   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-07-07 09:40:31   535   ----a-w-   c:\program files\Shortcut to Windows Media Player.lnk
2010-06-26 04:21:56   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2010-06-23 20:51:22   1238528   ----a-w-   c:\windows\system32\zpeng25.dll
2010-05-04 17:20:39   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 17:20:34   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-05-04 17:20:32   17408   ----a-w-   c:\windows\system32\corpol.dll
2008-10-29 01:14:20   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-03-09 00:05:03   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030820090309\index.dat

============= FINISH: 20:51:02.67 ===============
Logged

Offline jimmykin01

  • Newbie
  • *
  • Posts: 3
need virus help asap
« Reply #1 on: August 02, 2010, 05:19:13 AM »
i have a virus on my computer or something there is a antivirus icon in my toolbar that isnt mine and it starts running a virus scan and keeps trying to get me to purchase the anti virus.and when ever i try to open my anti virus it says it's infected and the same for most programs and it randomly opens up enternet explorer and trys to connect to websites about viagra and other adult things.this is the only computer i have access to guys and i'm in safe mode right now so i could get on the internet. i was feeling out my fasfa information earlier and im worried about my sensitive info getting out exp. social #, address, email my student pin. please help me
 ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/08/01 22:10
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6B9D000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79AF000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF7006000   Size: 49152   File Visible: No   Signed: -
Status: -

SSDT
-------------------
#: 037   Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6df3782

#: 041   Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e126dc

#: 047   Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e0ceb4

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e0d2a2

#: 050   Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e16916

#: 062   Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6df4398

#: 063   Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e13fe4

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e1393c

#: 068   Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e0bdf0

#: 098   Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e1493c

#: 099   Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e14b44

#: 116   Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6df3faa

#: 122   Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e0f1ce

#: 128   Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e0edf8

#: 192   Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e158d2

#: 193   Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e15208

#: 204   Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e162a4

#: 210   Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6df97dc

#: 224   Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6df475c

#: 237   Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e15e12

#: 247   Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e130c4

#: 255   Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e0df0a

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6e0dc86

==EOF==
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-01 22:08:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 64 GB (90%) free of 71 GB
Total RAM: 894 MB (73% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2368361500-1559728310-520348512-1006.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2368361500-1559728310-520348512-500.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2368361500-1559728310-520348512-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2368361500-1559728310-520348512-500.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-17 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-20 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZone.dll [2010-05-09 2517088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZone.dll [2010-05-09 2517088]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-02-24 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-24 8491008]
"LaunchApp"= []
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2008-07-10 421888]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-15 2065760]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-07-17 202256]
"ykioqces"=C:\Documents and Settings\jim\Local Settings\Application Data\mghipkfhu\cpakswgtssd.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnk - C:\Program Files\Belkin\F6D4050\V2\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-15 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe"
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe"
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-01 22:08:05 ----D---- C:\rsit
2010-08-01 22:08:05 ----D---- C:\Program Files\trend micro
2010-08-01 22:06:51 ----D---- C:\WINDOWS\ERDNT
2010-08-01 22:05:25 ----D---- C:\Program Files\ERUNT
2010-08-01 21:16:33 ----D---- C:\Program Files\ESET
2010-08-01 20:35:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2010-08-01 20:35:37 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2010-08-01 20:30:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2010-08-01 19:17:23 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2010-08-01 19:17:20 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-08-01 19:17:20 ----D---- C:\Documents and Settings\Administrator\Application Data\Symantec
2010-08-01 19:17:20 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2010-08-01 19:17:20 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2010-08-01 19:17:01 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-17 18:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-07-17 18:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-07-17 18:22:16 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-07-17 02:33:26 ----D---- C:\Program Files\Common Files\Sony Shared
2010-07-17 02:32:31 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2010-07-17 02:32:20 ----SHD---- C:\Config.Msi
2010-07-17 02:25:09 ----D---- C:\Program Files\Sony
2010-07-17 02:21:27 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-07-17 02:21:06 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-07-17 02:21:01 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-07-17 02:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-07-17 00:18:45 ----A---- C:\WINDOWS\cdplayer.ini
2010-07-17 00:17:31 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-07-17 00:17:25 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-07-17 00:17:25 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-07-17 00:17:24 ----D---- C:\Program Files\Real
2010-07-17 00:17:17 ----D---- C:\Program Files\Common Files\xing shared
2010-07-17 00:16:47 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-07-17 00:16:45 ----D---- C:\Program Files\Common Files\Real
2010-07-17 00:16:44 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-07-15 13:13:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-07-15 13:13:30 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-07-15 13:13:23 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-07-15 13:13:21 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-07-15 13:13:17 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-07-15 13:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-07-15 12:45:51 ----HD---- C:\$AVG
2010-07-14 21:39:19 ----D---- C:\Program Files\Mozilla Firefox
2010-07-14 20:40:08 ----D---- C:\Program Files\Alwil Software
2010-07-14 20:40:08 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-07-14 19:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 19:24:39 ----D---- C:\WINDOWS\pss
2010-07-14 19:03:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-07-07 01:57:02 ----D---- C:\Program Files\Windows Live Safety Center
2010-07-04 00:49:47 ----D---- C:\Program Files\Microsoft
2010-07-04 00:49:09 ----D---- C:\WINDOWS\Sun
2010-07-04 00:48:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-07-04 00:47:50 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-03 02:26:42 ----D---- C:\WINDOWS\system32\FxsTmp
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsui.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxstiff.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxst30.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxssvc.exe
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsst.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxssend.exe
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsroute.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsres.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsperf.ini
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsperf.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsmon.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsext32.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsevent.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxscover.exe
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxscomex.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxscom.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2010-07-03 02:26:27 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2010-07-03 02:26:25 ----A---- C:\WINDOWS\system32\fxsapi.dll

======List of files/folders modified in the last 1 months======

2010-08-01 22:08:05 ----D---- C:\Program Files
2010-08-01 22:08:03 ----D---- C:\WINDOWS\Internet Logs
2010-08-01 22:06:51 ----D---- C:\WINDOWS
2010-08-01 21:45:35 ----D---- C:\WINDOWS\system32
2010-08-01 21:45:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-01 21:44:19 ----SD---- C:\WINDOWS\Tasks
2010-08-01 21:41:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-01 21:41:07 ----D---- C:\WINDOWS\Temp
2010-08-01 21:36:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-01 21:16:23 ----D---- C:\WINDOWS\Prefetch
2010-08-01 19:27:11 ----SHD---- C:\RECYCLER
2010-08-01 19:17:19 ----D---- C:\Documents and Settings
2010-07-22 02:04:14 ----HD---- C:\WINDOWS\inf
2010-07-22 02:04:14 ----AD---- C:\WINDOWS\system32\drivers
2010-07-22 02:03:53 ----SHD---- C:\WINDOWS\Installer
2010-07-22 02:03:53 ----D---- C:\Program Files\Common Files\LogiShrd
2010-07-22 02:02:09 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2010-07-17 18:23:05 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-17 18:22:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-17 12:25:46 ----RSD---- C:\WINDOWS\assembly
2010-07-17 02:33:26 ----D---- C:\Program Files\Common Files
2010-07-17 02:32:24 ----D---- C:\WINDOWS\WinSxS
2010-07-17 02:21:36 ----D---- C:\Program Files\Windows Media Player
2010-07-17 02:21:06 ----D---- C:\WINDOWS\system32\LogFiles
2010-07-17 02:20:07 ----D---- C:\WINDOWS\system32\mui
2010-07-17 00:16:50 ----D---- C:\Program Files\Internet Explorer
2010-07-17 00:16:47 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-07-17 00:16:47 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-07-15 13:09:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-07-15 12:37:12 ----RASH---- C:\boot.ini
2010-07-15 12:37:12 ----A---- C:\WINDOWS\win.ini
2010-07-15 12:37:12 ----A---- C:\WINDOWS\system.ini
2010-07-14 21:11:45 ----D---- C:\WINDOWS\Debug
2010-07-14 19:50:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 19:04:46 ----D---- C:\Program Files\Yahoo!
2010-07-14 19:04:46 ----D---- C:\Program Files\Google
2010-07-14 18:34:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-14 18:33:24 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-07-14 18:26:21 ----SHD---- C:\System Volume Information
2010-07-14 18:26:21 ----D---- C:\WINDOWS\system32\Restore
2010-07-14 13:01:08 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI-SV92EX Soft Modem.txt
2010-07-07 01:57:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-04 00:50:27 ----D---- C:\Program Files\MSN
2010-07-04 00:49:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-03 02:32:51 ----D---- C:\WINDOWS\security
2010-07-03 02:26:27 ----D---- C:\WINDOWS\addins
2010-07-02 12:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-15 243024]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-01-30 13952]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-01-28 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-01-28 22016]
R3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-10-29 644096]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-07-15 29584]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-05-25 21361]
S2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-24 6867360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
S2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-24 155716]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.08 2010-08-01 22:08:08

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Belkin F6D4050 Enhanced Wireless USB Adapter-->C:\Program Files\InstallShield Installation Information\{B97A0C89-29C0-4682-902C-364109A9857C}\setup.exe -runfromtemp -l0x0409
CCleaner-->"C:\Documents and Settings\jim\Desktop\programs\CCleaner\uninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
ZoneAlarm Toolbar-->C:\Program Files\CheckPoint\ZAForceField\Clean_tool.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall

======System event log======

Computer Name: JIMMY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 8879
Source Name: Service Control Manager
Time Written: 20100717122212.000000-420
Event Type: error
User:

Computer Name: JIMMY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 8876
Source Name: Service Control Manager
Time Written: 20100717122212.000000-420
Event Type: error
User:

Computer Name: JIMMY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 8873
Source Name: Service Control Manager
Time Written: 20100717122212.000000-420
Event Type: error
User:

Computer Name: JIMMY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 8870
Source Name: Service Control Manager
Time Written: 20100717122212.000000-420
Event Type: error
User:

Computer Name: JIMMY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 8867
Source Name: Service Control Manager
Time Written: 20100717122212.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: JIMMY
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll . Error code = 0x80070003


Record Number: 3609
Source Name: .NET Runtime Optimization Service
Time Written: 20091225172750.000000-480
Event Type: error
User:

Computer Name: JIMMY
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll


Record Number: 3607
Source Name: .NET Runtime Optimization Service
Time Written: 20091225172704.000000-480
Event Type:
User:

Computer Name: JIMMY
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll


Record Number: 3605
Source Name: .NET Runtime Optimization Service
Time Written: 20091225172701.000000-480
Event Type:
User:

Computer Name: JIMMY
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll


Record Number: 3603
Source Name: .NET Runtime Optimization Service
Time Written: 20091225172700.000000-480
Event Type:
User:

Computer Name: JIMMY
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll


Record Number: 3601
Source Name: .NET Runtime Optimization Service
Time Written: 20091225172700.000000-480
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=7f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"tvdumpflags"=8
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
Logged

Offline Aaron Hulett [MSFT]

  • Web Server Manager
  • Administrator
  • Hero Member
  • *****
  • Posts: 1086
  • I take the bus!
    • Microsoft Corporation
Re: need virus help asap
« Reply #2 on: August 02, 2010, 06:21:52 AM »
Merged two threads into one.
Logged
Aaron Hulett | Malware Protection Center | Microsoft Corporation
This post is provided "AS IS" without warranty, and confers no rights.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11217
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: need virus help asap
« Reply #3 on: August 02, 2010, 07:11:47 PM »
Hi, jimmykin01.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample: 

  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.
** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

How is your computer now?
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline jimmykin01

  • Newbie
  • *
  • Posts: 3
Re: need virus help asap
« Reply #4 on: August 02, 2010, 10:32:33 PM »
my cousin came over and fixed it for me, but i thank you for responding and trying to help me
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11217
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: need virus help asap
« Reply #5 on: August 02, 2010, 11:21:02 PM »
Thanks for letting me know. 
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Pages: [1]   Go Up
« previous next »