Need some help with Hijackthis.

[Kimberlee]

I wanted to post this here for the simple reason that lately my computer has been doing all variety of strange things. I wanted to make sure that there was NOTHING on this machine that was responsible for it. I am using Hijackthis for the first time and wanted to post it here in case some kind sole could help me to understand exactly what this all means and hopefully figure out how to fix it...

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:25:29 PM, on 3/9/2012

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18639)

Boot mode: Normal

 

Running processes:

C:\Windows\vVX1000.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\STALKER\Downloads\vlc-2.0.0-win32\vlc-2.0.0\vlc.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3501392824-291225435-3516306269-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Realtek92U - Realtek - C:\Program Files (x86)\REALTEK\8192U Wireless LAN Utility\RtlService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

Any help would be appreciated and thanks in advance.

 

--

Edited March 10, 2012 by Kimberlee

[Illiad86]

C:\Windows\vVX1000.exe

 

That doesn't look like a normal Windows process. Is that for a program you have?

[Fonger]

you installed steam to the default - UAC infested directory ---

 

Kimberlee --- you know better

 

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Yadda Yadda (file missing)

wait -- missing operating system files

 

did someone install a "cutrate" operating system while you weren't looking

 

(anybody who knows Kim knows she ain't no pirate)(but somehow that "shop" that made her new machine is uber questionable)

Edited March 10, 2012 by Fonger

[Kimberlee]

you installed steam to the default - UAC infested directory ---

 

Kimberlee --- you know better

 

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Yadda Yadda (file missing)

wait -- missing operating system files

 

did someone install a "cutrate" operating system while you weren't looking

 

(anybody who knows Kim knows she ain't no pirate)(but somehow that "shop" that made her new machine is uber questionable)

[Kimberlee]

I had the wildest problems not long ago and had to completely reinstall windows vista. After the install all kinds of strange things started to happen like corrupted files and programs running fine one day and then completely acting up and refusing to load the next day.

 

:armscrossed:

 

I actually had to make a phonecall as suddenly my vista informed me that it still needed activation. Even after inputting my correct code. Seems this is a common issue. Its why I decided to see exactly what the hell was making this problem. Ive had the same computer and operating system since 2008 and am still not able to understand why it would suddenly cause all this. I'm hoping someone familiar with Hijackthis can help point me in the right direction.

Edited March 11, 2012 by Kimberlee

[Fonger]

logic implies that you have a serious infection damaging your system

 

or a serious anger issue within somebody else who has access to your computer :wallbash: (sabotage)

 

or your system is slowly dissolving

 

or you are under a major curse by an extremely powerful magic user

 

or you are "sleep uninstalling" - a variation of sleepwalking, but you are whacking software off your system while you sleep

 

 

 

seriously, start over from scratch

 

 

BTW that doesn't explain why/how you installed steam to the cursed directory - well maybe the sleep uninstalling option would account for this

Edited March 12, 2012 by Fonger

[Paxan_1]

Hi Kim,

 

well, these missing files would frighten me. If this happen right after you have finished your installation something is really wrong. Do you have had some issues installing windows? Maybe something like read errors during the installation? If you ask me i would suggest to do a new installation (unplug all other harddrives and things you dont need to install windows, so you can perform a "clean" basic installation) and use hijack this for a new check, if something is missing again you know there isn't a problem with another program.

 

If there are files missing right after a clean new installation my suggestion would be a hardware failure, but this is only guessing and asking my magic glass ball ;)

 

Hope you can figure it out.

 

Sarah

[Kimberlee]

So as per Fonger I decided to do some investigation. I mounted my webcam and turned it on before I slept to see if indeed, there was some nocturnal activities I was previously unaware of that might have resulted in me being the cause of my computer schenanigans. Turns out the only thing it caught was me participating in some Debbie Gibson lipsyncing.

<--- This song specifically.

 

So thats that. >.> Also I sing like a stepped on frog.

 

Not sure what to do about any potential curses.

 

I will attempt a clean install of windows and see what that does. Wish I knew more about what it was exactly that Hijackthis discovered. :unsure:

[HeyYou]

vVX1000.exe is a program associated with the webcam. (lifecam)

 

The assorted missing files REALLY need to be addressed....... I would highly recommend backing up anything you don't want to lose, and completely wiping the drive the O/S is installed to clean, then power off the system, before reinstalling. (eliminates things that hide in memory, and also prevents previous registry entries from carrying over.)