Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-downloader.gen


  • Please log in to reply
1 reply to this topic

#1 Anthony B

Anthony B

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 17 May 2008 - 12:34 PM

I keep getting warnings about Trojan-downloader.gen in Counterspy when I connect to the Internet on my laptop.

Full path: c:\windows\syswow64\svchost.exe
File Size: 21504
MD5: 3794B461C45882E06856F282EEF025AF
Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Description: Host Process for Windows Services
Product Name: Microsoft® Windows® Operating System
Product Version: 6.0.6000.16386
Company: Microsoft Corporation
Copyright: © Microsoft Corporation. All rights reserved.
Full path: c:\windows\syswow64\upgrd.exe
File Size: 5632
MD5: B55C2A77199C18AEBD081C04B6FA7DC3

It will block it and tell me to run a scan which turns up...

c:\windows\syswow64\upgrd.exe
and
c:\windows\system32\upgrd.exe

As the bad files and quarantines them. I've tried a full system recovery and reformatted the c:\ drive and It always returns. I ran scans with Counterspy, Spybot, Adaware (it never finishes) and on each recovery have swapped in and out Nortons 360, Trend Micro internet security pro, and AVG internet security currently. I've ran bitdefender (turned up nothing) Trend Micro online scan (platform not supported) and Kaspersky said clean but couldn't scan some parts.

I have almost 40 upgrd.exe in quarantine here are my logs

Deckard's System Scanner v20071014.68
Run by Anthony on 2008-05-17 12:51:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
25: 2008-05-17 06:14:31 UTC - RP48 - Windows Update
24: 2008-05-17 04:42:48 UTC - RP47 - CounterSpy - 5/17/2008 12:42:43 AM
23: 2008-05-16 14:19:15 UTC - RP46 - Installed Windows Live
22: 2008-05-16 14:14:44 UTC - RP45 - Installed Windows Live
21: 2008-05-16 07:00:25 UTC - RP44 - Windows Update


-- First Restore Point --
1: 2008-05-13 18:12:08 UTC - RP28 - Installed Sunbelt CounterSpy.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Anthony.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:23 PM, on 5/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe
C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Anthony\Desktop\dss.exe
C:\Windows\SysWOW64\werfault.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Anthony.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBRC.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgfws8.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files (x86)\Vongo\VongoService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13730 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 iaStor (Intel AHCI Controller) - c:\windows\system32\drivers\iastor.sys (file missing)
R0 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 AvgLdx64 (AVG AVI Loader Driver x64) - c:\windows\system32\drivers\avgldx64.sys (file missing)
R1 AvgMfx64 (AVG On-access Scanner Minifilter Driver x64) - c:\windows\system32\drivers\avgmfx64.sys (file missing)
R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rimmptsk - c:\windows\system32\drivers\rimmpx64.sys (file missing)
R2 rimsptsk - c:\windows\system32\drivers\rimspx64.sys (file missing)
R2 rismxdp (Ricoh xD-Picture Card Driver) - c:\windows\system32\drivers\rixdpx64.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
R3 ATSWPDRV (AuthenTec TruePrint USB Driver (SwipeSensor)) - c:\windows\system32\drivers\atswpdrv.sys (file missing)
R3 AvgWfpA (AVG8 Firewall Driver x64) - c:\windows\system32\drivers\avgwfpa.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 BthEnum (Bluetooth Enumerator Service) - c:\windows\system32\drivers\bthenum.sys (file missing)
R3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys (file missing)
R3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys (file missing)
R3 btwaudio (Bluetooth Audio Device Service) - c:\windows\system32\drivers\btwaudio.sys (file missing)
R3 btwavdt (Bluetooth AVDT) - c:\windows\system32\drivers\btwavdt.sys (file missing)
R3 btwrchid - c:\windows\system32\drivers\btwrchid.sys (file missing)
R3 CmBatt (Microsoft ACPI Control Method Battery Driver) - c:\windows\system32\drivers\cmbatt.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HpqKbFiltr (HpqKbFilter Driver) - c:\windows\system32\drivers\hpqkbfiltr.sys (file missing)
R3 HpqRemHid (HP Remote Control HID Device) - c:\windows\system32\drivers\hpqremhid.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkvhd64.sys (file missing)
R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 NETw4v64 (Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit) - c:\windows\system32\drivers\netw4v64.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 ohci1394 (RICOH OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 PCTINDIS5X64 (PCTINDIS5X64 NDIS Protocol Driver) - c:\windows\system32\pctindis5x64.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 RasSstp (WAN Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - c:\windows\system32\drivers\rfcomm.sys (file missing)
R3 RTL8169 (Realtek 8169 NT Driver) - c:\windows\system32\drivers\rtlh64.sys (file missing)
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)
R3 sdbus - c:\windows\system32\drivers\sdbus.sys (file missing)
R3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 swmsflt - c:\windows\system32\drivers\swmsflt.sys (file missing)
R3 SynTP (Synaptics TouchPad Driver) - c:\windows\system32\drivers\syntp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
R3 usbvideo (USB Video Device (WDM)) - c:\windows\system32\drivers\usbvideo.sys (file missing)
R3 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
R4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)

S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 BCM43XV (Broadcom Extensible 802.11 Network Adapter Driver) - c:\windows\system32\drivers\bcmwl664.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing)
S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing)
S3 HSF_DPV - c:\windows\system32\drivers\vstdpv6.sys (file missing)
S3 HSFHWAZL - c:\windows\system32\drivers\vstazl6.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 NVENETFD (NVIDIA nForce Networking Controller Driver) - c:\windows\system32\drivers\nvm60x64.sys (file missing)
S3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S3 ptuc_bus (PANTECH Mobile USB Devices) - c:\windows\system32\drivers\ptuc_bus.sys (file missing)
S3 ptuc_flt (PANTECH USB Filter Service) - c:\windows\system32\drivers\ptuc_flt.sys (file missing)
S3 ptuc_mdm (PANTECH USB Packet Services) - c:\windows\system32\drivers\ptuc_mdm.sys (file missing)
S3 ptuc_prt (PANTECH UMTS Diagnostic Serial Ports) - c:\windows\system32\drivers\ptuc_prt.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
S3 Serial (Serial Port Driver) - c:\windows\system32\drivers\serial.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 usb_rndisx (USB RNDIS Adapter) - c:\windows\system32\drivers\usb8023x.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 winachsf - c:\windows\system32\drivers\vstcnxt6.sys (file missing)
S3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
S4 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
S4 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R? rpcnetp -
R2 DpHost (Biometric Authentication Service) - c:\program files (x86)\digitalpersona\bin\dphostw.exe
R2 HP Health Check Service - "c:\program files (x86)\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 SBSDWSCService (SBSD Security Center Service) - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe
R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
R3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)

S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing)
S3 Com4Qlb - "c:\program files (x86)\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing)
S3 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)
S3 Vongo Service - "c:\program files (x86)\vongo\vongoservice.exe" <Not Verified; Starz Entertainment Group LLC; Vongo>
S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)
S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-16 01:31:24 270 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-13 10:18:09 342 --a------ C:\Windows\Tasks\HPCeeScheduleForAnthony.job


-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-16 10:21:40 0 d-------- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2008-05-16 03:45:39 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-16 01:30:43 0 d-------- C:\Program Files (x86)\Windows Live Toolbar
2008-05-16 01:30:42 0 d-------- C:\Program Files (x86)\Windows Live Favorites
2008-05-16 01:10:40 0 d--hs--c- C:\Program Files (x86)\Common Files\WindowsLiveInstaller
2008-05-16 01:10:18 0 d-------- C:\Program Files (x86)\Windows Live
2008-05-16 01:09:32 0 d-------- C:\Users\All Users\WLInstaller
2008-05-15 04:42:33 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-15 01:27:41 262144 --a------ C:\Users\All Users\ntuser.dat
2008-05-15 01:08:48 0 d-------- C:\Windows\BDOSCAN8
2008-05-15 00:52:07 0 d-------- C:\Windows\Sun
2008-05-14 14:21:18 0 d-------- C:\Users\All Users\Lavasoft
2008-05-14 14:21:18 0 d-------- C:\Program Files (x86)\Lavasoft
2008-05-14 14:20:15 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-05-14 05:30:36 0 d--h----- C:\$AVG8.VAULT$
2008-05-14 04:22:46 0 d-a------ C:\Users\All Users\TEMP
2008-05-14 04:15:23 0 d-------- C:\Program Files (x86)\SpywareBlaster
2008-05-13 18:48:24 0 d-------- C:\Program Files (x86)\Trend Micro
2008-05-13 18:20:09 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-13 17:20:44 0 d-------- C:\Users\All Users\Google
2008-05-13 16:35:11 47104 --a------ C:\Windows\system32\NTAgent.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-05-13 16:12:02 17408 --a------ C:\Windows\system32\rpcnetp.exe
2008-05-13 14:41:47 0 d-------- C:\Program Files (x86)\MSXML 4.0
2008-05-13 14:24:46 0 d-------- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
2008-05-13 14:24:43 0 d-------- C:\Users\All Users\AT&T
2008-05-13 14:24:43 0 d-------- C:\Program Files (x86)\Sierra Wireless Inc
2008-05-13 14:24:43 0 d-------- C:\Program Files (x86)\Common Files\Research in Motion
2008-05-13 14:24:43 0 d-------- C:\Program Files (x86)\AT&T
2008-05-13 14:01:51 9498118 --a------ C:\Windows\system32\SBSP.dat
2008-05-13 13:41:30 0 d-------- C:\PerfLogs
2008-05-13 13:16:18 104 --a------ C:\Windows\system32\SBRC.dat
2008-05-13 13:16:18 460 --a------ C:\Windows\system32\SBFC.dat
2008-05-13 11:12:13 0 d--hs---- C:\System Volume Information
2008-05-13 11:08:22 0 d-------- C:\Users\All Users\Sunbelt Software
2008-05-13 11:08:01 0 d-------- C:\Program Files (x86)\Sunbelt Software
2008-05-13 10:57:35 0 d-------- C:\Users\All Users\avg8
2008-05-13 10:57:35 0 d-------- C:\Program Files (x86)\AVG
2008-05-13 10:27:10 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-05-13 10:15:41 0 d-------- C:\Users\All Users\NVIDIA
2008-05-13 10:13:35 0 d-------- C:\Users\All Users\Macrovision
2008-05-13 10:13:21 0 d-------- C:\Windows\system32\tr
2008-05-13 10:13:21 0 d-------- C:\Windows\system32\ru
2008-05-13 10:13:21 0 d-------- C:\Windows\system32\ko
2008-05-13 10:13:20 0 d-------- C:\Windows\system32\ja
2008-05-13 10:13:20 0 d-------- C:\Windows\system32\it
2008-05-13 10:13:20 0 d-------- C:\Windows\system32\fr
2008-05-13 10:13:20 0 d-------- C:\Windows\system32\es
2008-05-13 10:13:20 0 d-------- C:\Windows\system32\de
2008-05-13 10:13:20 0 d-------- C:\Windows\DPDrv
2008-05-13 10:13:19 0 d-------- C:\Program Files (x86)\DigitalPersona
2008-05-13 10:11:24 0 d-------- C:\Users\All Users\WildTangent
2008-05-13 10:11:24 0 d-------- C:\Program Files (x86)\HP Games
2008-05-13 10:07:39 0 d-------- C:\Program Files (x86)\HPQ
2008-05-13 10:07:38 1560576 --a------ C:\Windows\system32\BttnCmns_64.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-05-13 10:07:38 1560576 --a------ C:\Windows\system32\BttnCmns.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-05-13 10:07:38 987136 --a------ C:\Windows\system32\BttnCmn.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-05-13 10:07:10 0 d-------- C:\Users\All Users\CyberLink
2008-05-13 10:06:35 82432 --a------ C:\Windows\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-13 10:06:35 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-13 10:05:07 0 d-------- C:\Users\Anthony\Bluetooth Software
2008-05-13 10:03:52 0 dr------- C:\Users\Anthony\Searches
2008-05-13 10:03:39 0 dr------- C:\Users\Anthony\Contacts
2008-05-13 10:03:32 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-05-13 10:01:48 0 d-------- C:\Windows\system32\es-MX
2008-05-13 10:01:48 0 d-------- C:\Windows\system32\es-AR
2008-05-13 10:01:14 0 d-------- C:\Program Files (x86)\Yahoo!
2008-05-13 10:00:05 0 d-------- C:\Users\All Users\Electronic Arts
2008-05-13 09:59:24 0 d-------- C:\Program Files (x86)\WinTV
2008-05-13 09:59:16 258104 --a------ C:\Windows\system32\hcwpnp32.dll <Not Verified; Hauppauge Computer Works; WinTV>
2008-05-13 09:59:15 36921 --a------ C:\Windows\system32\hcwutl32_priv.dll <Not Verified; Hauppauge Computer Works; WinTV>
2008-05-13 09:59:15 36921 --a------ C:\Windows\system32\hcwutl32.dll <Not Verified; Hauppauge Computer Works; WinTV>
2008-05-13 09:59:15 98360 --a------ C:\Windows\system32\hcwi2c32.dll <Not Verified; Hauppauge Computer Works, Inc.; WinTV>
2008-05-13 09:58:04 0 d-------- C:\Windows\system32\ENU
2008-05-13 09:58:03 0 d-------- C:\Windows\system32\Lang
2008-05-13 09:58:02 0 d-------- C:\Windows\system32\x64
2008-05-13 09:57:15 0 d-------- C:\Windows\system32\RTCOM
2008-05-13 09:57:01 0 d-------- C:\Program Files (x86)\Realtek
2008-05-13 09:57:00 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-13 09:57:00 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-13 09:56:40 0 d-------- C:\Program Files (x86)\Electronic Arts
2008-05-13 09:56:29 0 d-------- C:\Program Files (x86)\Fingerprint Sensor
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Videos
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\Templates
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\Start Menu
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\SendTo
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Saved Games
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\Recent
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\PrintHood
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Pictures
2008-05-13 09:54:12 3407872 --ahs---- C:\Users\Anthony\NTUSER.DAT
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\NetHood
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\My Documents
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Music
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\Local Settings
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Links
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Favorites
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Downloads
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Documents
2008-05-13 09:54:12 0 dr------- C:\Users\Anthony\Desktop
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\Cookies
2008-05-13 09:54:12 0 d--hs---- C:\Users\Anthony\Application Data
2008-05-13 09:54:12 0 d--h----- C:\Users\Anthony\AppData
2008-05-13 09:53:48 0 d-------- C:\Windows\SoftwareDistribution
2008-05-13 09:52:41 0 d-------- C:\Program Files (x86)\Intel
2008-05-13 09:45:19 0 d-------- C:\Windows\Prefetch
2008-05-13 09:35:15 0 d-------- C:\Program Files (x86)\Java
2008-05-13 09:35:14 0 d-------- C:\Program Files (x86)\Common Files\Java
2008-05-13 09:25:14 331264 --a------ C:\Windows\system32\ShellvRTF64.dll <Not Verified; XSS; XSS ShellvRTF>
2008-05-13 09:25:14 274432 --a------ C:\Windows\system32\ShellvRTF.dll <Not Verified; XSS; XSS ShellvRTF>
2008-05-13 09:25:13 0 d-------- C:\Windows\SMINST
2008-05-13 09:23:08 0 d-------- C:\Program Files (x86)\Vongo
2008-05-13 09:21:50 0 d-------- C:\Program Files (x86)\earthlink totalaccess
2008-05-13 09:21:43 0 d-------- C:\Users\All Users\Hewlett-Packard
2008-05-13 09:20:28 0 dra------ C:\Program Files (x86)\Online Services
2008-05-13 09:12:41 0 d-------- C:\Program Files (x86)\CyberLink
2008-05-13 09:12:09 0 d-------- C:\Users\All Users\Adobe
2008-05-13 09:12:07 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-05-13 09:10:51 0 d-------- C:\Program Files (x86)\HP
2008-05-13 09:10:51 0 d-------- C:\Program Files (x86)\Common Files\HP
2008-05-13 09:10:46 101632 --a------ C:\Windows\hpqins13.dat
2008-05-13 09:10:45 0 d-------- C:\Users\All Users\HP
2008-05-13 09:09:50 0 d-------- C:\Windows\Downloaded Installations
2008-05-13 09:09:30 0 d-------- C:\Program Files (x86)\Sling Media
2008-05-13 09:09:02 0 d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-05-13 09:08:59 0 d-------- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2008-05-13 09:07:56 0 d-------- C:\Windows\PCHEALTH
2008-05-13 09:07:56 0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-05-13 09:06:32 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-13 09:06:18 0 dr-h----- C:\MSOCache
2008-05-13 08:56:10 0 d-------- C:\Program Files (x86)\muvee Technologies
2008-05-13 08:56:10 0 d-------- C:\Program Files (x86)\Common Files\muvee Technologies
2008-05-13 08:56:07 0 d-------- C:\Users\All Users\muvee Technologies
2008-05-13 08:44:43 0 d-------- C:\Program Files (x86)\Microsoft Works
2008-05-13 08:43:58 0 d-------- C:\Windows\system32\Macromed
2008-05-13 08:32:23 0 d-------- C:\Users\All Users\Viewpoint
2008-05-13 08:32:22 0 d-------- C:\Program Files (x86)\Viewpoint
2008-05-13 08:32:04 0 d-------- C:\Program Files (x86)\Common Files\AOL
2008-05-13 08:32:03 0 d-------- C:\Program Files (x86)\AIM6
2008-05-13 07:24:32 0 d-------- C:\Users\All Users\Symantec
2008-05-13 07:24:28 0 d-------- C:\Program Files (x86)\Common Files\Symantec Shared
2008-05-13 07:23:41 0 d--hs---- C:\Windows\Installer
2008-05-13 07:22:11 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-05-13 07:22:11 0 d-------- C:\Program Files (x86)\Hewlett-Packard
2008-05-13 07:22:09 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-05-13 07:17:29 0 d--hs---- C:\$RECYCLE.BIN
2008-05-13 07:11:37 12 --a------ C:\Windows\bthservsdp.dat
2008-05-13 07:09:56 17408 --a------ C:\Windows\system32\rpcnetp.dll
2008-05-13 07:09:52 0 d-------- C:\Windows\CSC
2008-05-13 07:04:47 0 d-------- C:\Windows\panther
2008-05-13 07:03:38 0 d--h----- C:\HP


-- Find3M Report ---------------------------------------------------------------

2008-05-17 12:49:09 27525 --a------ C:\Users\Anthony\AppData\Roaming\nvModes.001
2008-05-17 00:09:08 0 d-------- C:\Users\Anthony\AppData\Roaming\U3
2008-05-16 01:10:40 0 d-------- C:\Program Files (x86)\Common Files
2008-05-15 03:58:08 0 d-------- C:\Users\Anthony\AppData\Roaming\Mozilla
2008-05-14 18:33:04 0 d-------- C:\Users\Anthony\AppData\Roaming\Adobe
2008-05-13 14:45:36 0 d-------- C:\Program Files (x86)\Windows Mail
2008-05-13 14:38:05 27525 --a------ C:\Users\Anthony\AppData\Roaming\nvModes.dat
2008-05-13 14:25:50 0 d-------- C:\Users\Anthony\AppData\Roaming\Sierra Wireless
2008-05-13 13:58:21 174 --ahs---- C:\Program Files (x86)\desktop.ini
2008-05-13 13:47:18 0 d-------- C:\Program Files (x86)\Windows Sidebar
2008-05-13 13:47:17 0 d-------- C:\Program Files (x86)\Windows Calendar
2008-05-13 13:47:16 0 d-------- C:\Program Files (x86)\Windows Photo Gallery
2008-05-13 13:47:16 0 d-------- C:\Program Files (x86)\Windows Collaboration
2008-05-13 13:47:08 0 d-------- C:\Program Files (x86)\Windows Defender
2008-05-13 11:08:26 0 d-------- C:\Users\Anthony\AppData\Roaming\Sunbelt Software
2008-05-13 10:27:10 0 d-------- C:\Users\Anthony\AppData\Roaming\Yahoo!
2008-05-13 10:04:25 0 d-------- C:\Users\Anthony\AppData\Roaming\Symantec
2008-05-13 10:04:02 0 d-------- C:\Users\Anthony\AppData\Roaming\DigitalPersona
2008-05-13 10:03:44 0 d-------- C:\Users\Anthony\AppData\Roaming\Identities
2008-05-13 10:01:53 0 d-------- C:\Users\Anthony\AppData\Roaming\Macromedia
2008-05-13 10:01:32 0 d-------- C:\Users\Anthony\AppData\Roaming\Hewlett-Packard
2008-05-13 09:55:15 0 d-------- C:\Users\Anthony\AppData\Roaming\Macrovision


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8382 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-17 12:57:13 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X64; Language: English

CPU 0: Intel® Core™2 Duo CPU T9300 @ 2.50GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 4093.5 MiB / 1604.38 MiB
Pagefile Memory (total/avail): 8398.29 MiB / 5996.79 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3936.96 MiB

C: is Fixed (NTFS) - 98.12 GiB total, 48.46 GiB free.
D: is Fixed (NTFS) - 105.5 GiB total, 105.4 GiB free.
E: is Fixed (NTFS) - 13.67 GiB total, 2.24 GiB free.
F: is Fixed (NTFS) - 6.29 GiB total, 6.23 GiB free.
G: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - Hitachi HTS722012K9SA00 - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 98.12 GiB - C:
\PARTITION1 - Installable File System - 13.67 GiB - E:

\\.\PHYSICALDRIVE1 - Hitachi HTS722012K9SA00 - 111.79 GiB - 2 partitions
\PARTITION0 - Installable File System - 105.5 GiB - D:
\PARTITION1 - Installable File System - 6.29 GiB - F:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

FW: AVG Firewall v8.0 (AVG Technologies CZ, s.r.o.)
AV: AVG Internet Security v8.0 (AVG Technologies)
AS: AVG Internet Security v8.0 (AVG Technologies) Disabled
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Sunbelt Software Sunbelt CounterSpy 2.5.1040 v2.5.1040 (Sunbelt Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
""=""
"C:\\Program Files (x86)\\Vongo\\VongoService.exe"="C:\\Program Files (x86)\\Vongo\\VongoService.exe:*:enabled:VongoService"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files (x86)\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files (x86)\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Anthony\AppData\Roaming
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=ANTHONY-LAPTOP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Anthony
LOCALAPPDATA=C:\Users\Anthony\AppData\Local
LOGONSERVER=\\ANTHONY-LAPTOP
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CyberLink\Power2Go\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Anthony\AppData\Local\Temp
TMP=C:\Users\Anthony\AppData\Local\Temp
USERDOMAIN=Anthony-Laptop
USERNAME=Anthony
USERPART=G:
USERPROFILE=C:\Users\Anthony
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Anthony


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files (x86)\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Final Drive Nitro\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Fish Tycoon\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Magic Academy\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Otto's Magic Blocks\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Ricochet Lost Worlds\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Shooting Stars Pool\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
--> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 6 --> C:\Program Files (x86)\AIM6\uninst.exe
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
AVG 8.0 --> C:\Program Files (x86)\AVG\AVG8\setup.exe /UNINSTALL
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink YouCam --> "C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DVD Suite --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA Link --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
ESU for Microsoft Vista --> MsiExec.exe /I{865DB1C9-D5E4-408B-B37D-9927E605BD2D}
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) --> C:\PROGRA~2\WinTV\UNSftMCE.EXE C:\PROGRA~2\WinTV\softMCE.LOG
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.30 E1 --> C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0088 --> MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant --> MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LabelPrint --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (2.0.0.14) --> C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista --> MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.1 --> C:\Program Files (x86)\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
My HP Games --> "C:\Program Files (x86)\HP Games\Uninstall.exe"
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
PhotoNow! --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Power2Go --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector --> "C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4 --> "C:\Program Files (x86)\HP\QuickPlay\unins000.exe"
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RtlUpd64.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Slingbox Flash Tour --> MsiExec.exe /I{38EAC694-0D90-445F-8C17-8B50ADFE3162}
SlingPlayer --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spybot - Search & Destroy --> "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files (x86)\SpywareBlaster\unins000.exe"
The Sims™ Life Stories --> MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
Update for Office 2007 (KB934528) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player --> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 8.0 Runtime Setup Package (x64) --> MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
Vongo --> MsiExec.exe /X{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files (x86)\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Yahoo! Toolbar --> C:\PROGRA~2\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1637 / Success
Event Submitted/Written: 05/17/2008 02:21:56 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type1636 / Success
Event Submitted/Written: 05/17/2008 02:21:55 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type1634 / Success
Event Submitted/Written: 05/17/2008 02:21:34 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type1625 / Warning
Event Submitted/Written: 05/17/2008 02:20:34 AM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Event Record #/Type1622 / Warning
Event Submitted/Written: 05/17/2008 02:20:34 AM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12258 / Warning
Event Submitted/Written: 05/17/2008 00:54:36 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{489AAE73-EF1D-4C5B-924E-23C86F5BBD11}Anthony-LaptopAnthonyS-1-5-21-3960261510-510831596-891280007-1000Unknown%%832driver:lzx320%%807

Event Record #/Type12257 / Warning
Event Submitted/Written: 05/17/2008 00:54:36 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{0EDC0DAF-3332-4A1E-9731-7F0F917A9D96}Anthony-LaptopAnthonyS-1-5-21-3960261510-510831596-891280007-1000Unknown%%832service:msguard0%%807

Event Record #/Type12256 / Warning
Event Submitted/Written: 05/17/2008 00:54:36 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{46EF26F8-1781-4FDE-94DF-B1C5ACC0E605}Anthony-LaptopAnthonyS-1-5-21-3960261510-510831596-891280007-1000Unknown%%832service:lzx320%%807

Event Record #/Type12255 / Warning
Event Submitted/Written: 05/17/2008 00:54:36 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{6DE803A5-2BE3-4D03-9C20-2C7D009FA0F3}Anthony-LaptopAnthonyS-1-5-21-3960261510-510831596-891280007-1000Unknown%%832driver:msguard0%%807

Event Record #/Type12140 / Error
Event Submitted/Written: 05/17/2008 02:23:20 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
QuickPlay Task Scheduler (QTS)QuickPlay Background Capture Service (QBCS)%%1070



-- End of Deckard's System Scanner: finished at 2008-05-17 12:57:13 ------------
Laptop HP dv9700; Intel Core2 Duo T9300 @ 2.5GHz; 4GB of RAM; 120GB HDD; NVIDIA GeForce 8600M GS; linksys wrt54gs; Vista ultimate 64; IE and Firefox; AVG internet security; Counterspy V2, Spybot SD, Adaware 2007 (usually can't finish scan), spywareblaster 4; also tried norton 360, and trend micro internet security pro

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:05 PM

Posted 13 June 2008 - 07:29 PM

Hello Anthony B

Welcome to BleepingComputer :thumbsup:
========================
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in then click on Send or Submit)

c:\windows\syswow64\upgrd.exe
c:\windows\system32\upgrd.exe

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users