Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Credit Card Info Stolen


  • This topic is locked This topic is locked
6 replies to this topic

#1 AutomagRT666

AutomagRT666

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 04 July 2008 - 09:27 PM

Hey everyone, new member, and not my favorite kind of first post to make but...

I just checked my bank account info and apparently someone from Seoul Korea has been making lovely charges on my account and I wanted to make sure I don't have some kind of spyware/malware/trojan running in the background, granted I haven't made any online purchases in a long time nor do I save my credit card info anywhere but, here's my HijackThis log, thanks in advance for all of your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:24 PM, on 7/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
E:\Program Files (x86)\Registry Clean Expert\RCHelper.exe
E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\CustomAPP\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
E:\Program Files (x86)\Trillian\trillian.exe
E:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
E:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [avgnt] "E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "E:\Program Files (x86)\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBD277E6-EA51-47F1-97D3-564331D6FD5F}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - E:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:10 PM

Posted 05 July 2008 - 06:53 AM

Hello AutomagRT666 :) Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you and will need some time to look over your log.


Please advice me of any programs you have used to try and fix the problems you have encountered. I would also ask that you refrain from running any tools other than those we will ask you to while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Since all of our helpers are volunteers and we are really busy I may be a little slow getting back to you, but don't despair as I won't forget. :thumbsup:

In the meantime I will need you to perform the following:


Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.





Thanks,



thewall

Edited by thewall, 05 July 2008 - 09:55 AM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 AutomagRT666

AutomagRT666
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 05 July 2008 - 11:17 AM

Hi TheWall,

I thank you in advance for your help, I have run just about every anti-spyware/malwar and anti-virus program available to me (I'm a Lab Support Engineer at EMC and I have lots of programs available to me and I don't believe there's anything in my computer since I went through myself and didn't find anything, but I just wanted a second opinion on the HijackThis log) and nothing popped up, not even tracking cookies (I'm very careful), I believe that my credit card info was stolen from Hannaford Grocery store since they had their database attacked and thousands of credit cards were stolen but I just wanted to be extra safe and make sure that nothing was running in the background that I missed. Thanks again!

Edited by Orange Blossom, 06 July 2008 - 04:40 PM.
Delete unnecessary quote. ~ OB


#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:10 PM

Posted 05 July 2008 - 12:07 PM

Hello again AutomagRT666,

I understand what you are saying and of course it is your option as to what you want to do. However if you would still like us to check out your machine I will need the DSS logs I requested. There is one indication of something being present on it as it stands, but I need more info to go further. :thumbsup:
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 AutomagRT666

AutomagRT666
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 05 July 2008 - 02:08 PM

Oh absolutely, here's the log

Deckard's System Scanner v20071014.68
Run by Nick on 2008-07-05 15:05:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Nick.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:29 PM, on 7/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
E:\Program Files (x86)\Registry Clean Expert\RCHelper.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\CustomAPP\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE
E:\Program Files (x86)\Trillian\trillian.exe
E:\Downloads\dss.exe
E:\PROGRA~2\Trend Micro\HijackThis\Nick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [avgnt] "E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "E:\Program Files (x86)\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBD277E6-EA51-47F1-97D3-564331D6FD5F}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - E:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 6434 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
R0 nvstor64 - c:\windows\system32\drivers\nvstor64.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
R0 SI3132 (SiI-3132 SATALink Controller) - c:\windows\system32\drivers\si3132.sys (file missing)
R0 Si3132r5 (SiI-3132 SoftRaid 5 Controller) - c:\windows\system32\drivers\si3132r5.sys (file missing)
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys (file missing)
R0 SiRemFil (SATALink External Device Filter) - c:\windows\system32\drivers\siremfil.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 avgntflt - c:\windows\system32\drivers\avgntflt.sys (file missing)
R2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
R3 atikmdag - c:\windows\system32\drivers\atikmdag.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 cmudaxp (Razer Barracuda AC-1 Gaming Interface) - c:\windows\system32\drivers\cmudaxp.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
R3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 NVENETFD (NVIDIA nForce 10/100/1000 Mbps Ethernet ) - c:\windows\system32\drivers\nvmfdx64.sys (file missing)
R3 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 RasSstp (WAN Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (Microsoft USB Standard Hub Driver) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
R3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - c:\windows\system32\drivers\wmbenum.sys (file missing)
R3 WmFilter (Logitech Gaming HID Filter Driver) - c:\windows\system32\drivers\wmfilter.sys (file missing)
R3 WmVirHid (Logitech Virtual Hid Device Driver) - c:\windows\system32\drivers\wmvirhid.sys (file missing)
R3 WmXlCore (Logitech Translation Layer Driver) - c:\windows\system32\drivers\wmxlcore.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing)
S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 irsir (Microsoft Serial Infrared Driver) - c:\windows\system32\drivers\irsir.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys (file missing)
S3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 blbdrive - c:\windows\system32\drivers\blbdrive.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 ErrDev (Microsoft Hardware Error Device Driver) - c:\windows\system32\drivers\errdev.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 MegaSR - c:\windows\system32\drivers\megasr.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid (NVIDIA nForce RAID Driver ) - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal Free Antivirus Scheduler) - "e:\program files (x86)\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Ati External Event Utility - c:\windows\system32\ati2evxx.exe (file missing)
R2 O&O Defrag - c:\windows\system32\oodag.exe (file missing)
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
R3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)

S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing)
S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing)
S3 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe /runasservice
S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)
S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
S3 ZuneWlanCfgSvc (Zune Wireless Configuration Service) - c:\windows\system32\zunewlancfgsvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-04 22:16:33 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-03 14:42:39 0 d-------- C:\Users\All Users\ATI
2008-07-03 14:39:17 0 d-------- C:\ATI
2008-07-02 14:45:33 21840 --a------ C:\Windows\system32\SIntfNT.dll
2008-07-02 14:45:33 17212 --a------ C:\Windows\system32\SIntf32.dll
2008-07-02 14:45:33 12067 --a------ C:\Windows\system32\SIntf16.dll
2008-07-01 20:09:02 0 d-------- C:\Program Files (x86)\Microsoft Works
2008-07-01 20:08:43 0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-07-01 20:07:07 0 d-------- C:\Users\All Users\Microsoft Help
2008-06-30 20:38:42 0 d-------- C:\Program Files (x86)\Google
2008-06-30 16:02:33 0 d-------- C:\Windows\system32\directx
2008-06-29 03:19:42 0 d-------- C:\Users\All Users\Avira
2008-06-27 02:25:34 0 d-------- C:\Windows\PCHEALTH
2008-06-26 14:32:05 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-06-24 19:52:18 0 d-------- C:\Program Files (x86)\RivaTuner v2.09
2008-06-24 18:17:54 0 d-------- C:\Program Files (x86)\ATI Technologies
2008-06-24 15:58:44 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-06-24 15:33:11 0 d-------- C:\Windows\system32\Futuremark
2008-06-24 15:33:11 3972 --a------ C:\Windows\system32\drivers\PciBus.sys
2008-06-23 21:52:19 0 d--hs---- C:\found.000
2008-06-21 20:29:38 0 d-------- C:\Users\All Users\CyberLink
2008-06-21 20:29:10 0 d-------- C:\Program Files (x86)\Cyberlink
2008-06-20 19:44:11 0 d--hs---- C:\Windows\ftpcache
2008-06-20 19:40:19 0 d-------- C:\Program Files (x86)\Common Files\Steam
2008-06-20 19:06:12 0 d-------- C:\Users\All Users\Codemasters
2008-06-20 19:03:05 0 d-------- C:\Program Files (x86)\OpenAL
2008-06-20 17:12:46 0 d-------- C:\Windows\Panther
2008-06-20 17:12:30 0 d--hs---- C:\Boot
2008-06-20 16:14:55 0 d-------- C:\Windows\CSC
2008-06-20 16:13:27 0 d--hs---- C:\System Volume Information
2008-06-20 16:02:11 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-06-20 15:02:05 0 d-------- C:\Users\All Users\media center programs
2008-06-20 14:25:07 0 d-------- C:\Users\All Users\Funcom
2008-06-20 14:23:21 0 d-------- C:\Users\All Users\Logitech
2008-06-20 14:23:21 0 d-------- C:\Program Files (x86)\Logitech
2008-06-20 14:22:12 0 d-------- C:\Program Files (x86)\Common Files\LogiShrd
2008-06-20 14:21:57 0 d-------- C:\Users\All Users\LogiShrd
2008-06-20 13:58:06 65536 --a------ C:\Windows\VMix.dll
2008-06-20 13:55:12 0 --a------ C:\Windows\ativpsrm.bin
2008-06-20 13:53:09 0 d--hs---- C:\Windows\Installer
2008-06-20 13:46:24 0 d-------- C:\NVIDIA
2008-06-20 13:42:46 0 d-------- C:\Windows\system32\Macromed
2008-06-20 13:26:51 0 dr------- C:\Users\Nick\Searches
2008-06-20 13:26:42 0 dr------- C:\Users\Nick\Contacts
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\Templates
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\Start Menu
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\SendTo
2008-06-20 13:26:36 0 dr------- C:\Users\Nick\Saved Games
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\Recent
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\PrintHood
2008-06-20 13:26:36 2621440 --ahs---- C:\Users\Nick\NTUSER.DAT
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\NetHood
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\My Documents
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\Local Settings
2008-06-20 13:26:36 0 dr------- C:\Users\Nick\Links
2008-06-20 13:26:36 0 dr------- C:\Users\Nick\Favorites
2008-06-20 13:26:36 0 dr------- C:\Users\Nick\Desktop
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\Cookies
2008-06-20 13:26:36 0 d--hs---- C:\Users\Nick\Application Data
2008-06-20 13:26:36 0 d--h----- C:\Users\Nick\AppData
2008-06-20 13:23:47 171136 -rahs---- C:\grldr
2008-06-20 13:21:04 0 d-------- C:\Windows\Debug
2008-06-20 13:17:02 0 d-------- C:\Windows\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2008-07-03 14:42:39 0 d-------- C:\Users\Nick\AppData\Roaming\ATI
2008-07-01 20:08:51 0 d-------- C:\Program Files (x86)\Common Files
2008-06-30 18:54:37 0 d-------- C:\Users\Nick\AppData\Roaming\DivX
2008-06-28 15:15:28 0 d-------- C:\Users\Nick\AppData\Roaming\U3
2008-06-27 15:06:25 0 d-------- C:\Users\Nick\AppData\Roaming\WinRAR
2008-06-27 13:20:46 0 d-------- C:\Users\Nick\AppData\Roaming\MusicNet
2008-06-26 14:35:52 0 d-------- C:\Users\Nick\AppData\Roaming\Ventrilo
2008-06-21 22:12:41 0 d-------- C:\Users\Nick\AppData\Roaming\atitray
2008-06-21 20:29:38 0 d-------- C:\Users\Nick\AppData\Roaming\CyberLink
2008-06-20 18:51:49 0 d-------- C:\Users\Nick\AppData\Roaming\DAEMON Tools
2008-06-20 16:17:06 0 d-------- C:\Users\Nick\AppData\Roaming\iExpert Software
2008-06-20 14:22:13 0 d-------- C:\Users\Nick\AppData\Roaming\Leadertech
2008-06-20 14:12:35 0 d-------- C:\Users\Nick\AppData\Roaming\Mozilla
2008-06-20 13:42:47 0 d-------- C:\Users\Nick\AppData\Roaming\Macromedia
2008-06-20 13:42:47 0 d-------- C:\Users\Nick\AppData\Roaming\Adobe
2008-06-20 13:32:23 0 d-------- C:\Program Files (x86)\Windows Mail
2008-06-20 13:26:43 0 d-------- C:\Users\Nick\AppData\Roaming\Identities
2008-05-30 19:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 19:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 19:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8772 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-05 15:08:04 ------------

Removed unnecessary quote. ~ OB

Edited by Orange Blossom, 06 July 2008 - 04:41 PM.


#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:10 PM

Posted 06 July 2008 - 04:34 PM

As you can see from the DSS log the program is not set up to read 64 bit systems and that is why all the "file missing" entries showed up in the log. I just didn't pick up on it.


Your log appears to be clean although if you haven't already did so you may want to make a pass with an on-line scanner like Kaspersky just for general principles. Also wouldn't hurt clean-up the temporary files using cleanmgr if you have not done so lately.


I wish you good luck with your stolen credit card and if you would reply and let me know I will give you some additional info we have put together to help with keeping your computer safe.

Below is the Kaspersky link if you choose to run it.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.




Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:11:10 PM

Posted 13 July 2008 - 04:12 AM

Hello,

Due to inactivity this topic is now closed.
If you need it re-opened please PM a member of the Moderating team with a link to your topic.

Thank you & surf safe!

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users