Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:04:17 PM, on 10/15/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\WinTV\Ir.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\BitLord\BitLord.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: AutoStart IR.lnk = C:\Program Files (x86)\WinTV\Ir.exe O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Google Update Service (gupdate1ca3d7f97986b90) (gupdate1ca3d7f97986b90) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~2\WinTV\HCWTVS~1.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7002 bytes
(X86) is based on the 8086 processor. It should be backward compatible with the newer 32 bit OS's. 8086 was derived from the time of 16 bit software. Do you need someone to help you read the HjT log?
yes! I just wasted $1500 on a computer that turned into a piece of shit after a month. I have 6 meg internet and its like dial up.
The first thing that we need to do is a little clean up on your machine. I want you to download the following programs for the first step. SUPERAntiSpyware: http://www.superantispyware.com/download.html On the page you will see a link for a Professional version and a free version. Download the Free version. It is a nice little program to have. ERUNT & NTREGOPT: http://www.larshederer.homepage.t-online.de/erunt/ This program is perfect. At first I want you to have it to ensure that you have a complete registry backup before you run the next program. The next program does have an option to save the registry, but trust me. ERUNT has saved my machine a couple of times. Be sure to read about it. NOTE: NTREGOPT is included in the ERUNT setup file. Don't worry about that right now, we will use that later. CCleaner: http://www.ccleaner.com/ This is a nice little registry cleaner. Be sure to run the ERUNT before you use the program. The program has two parts. Look at the pic bellow for a simple explanation. Notice that I say to run each Analysis two or three times. I run it until it doesn't find anything. Normally on the third time it is finished. There are other nice free Registry Cleaners, but I'm fond of this one. The next download is A-Squared Free: http://download.cnet.com/A-squared-Free/3000-8022_4-10262215.html?tag=mncol It is always nice to run separate programs when searching for problems on the computer. I also noticed from your HjT (Hijack This) log that you do not seem to have any form of protection on your computer. You need to have a nice AV (Anti-Virus) and a nice firewall. These two items you may get for free. I would suggest AVG as your AV, but it does not come with a boot time scan. So I'm going to recommend Avast. Avast: http://www.avast.com/eng/programs.html Download the FREE home edition and set it up. You will have to register for a key to get the program to work for you. Do the complete download, but do not restart the machine when it tells you to. instead open the program and insert the registration key that will be e-mailed to you. Make sure that you tell it to do a boot time scan in the process of the setup. You may also tell it to do a boot time scan whenever you like, but it is important to have the full version and a complete update before you do it. You will need to have a full version of everything with all of the updates before you run them. Remember to make sure and get all updates before you proceed with cleaning the machine. The other thing that you need is a nice little firewall to go with it. I would suggest either ZoneAlarm Free or COMODO Free. I can not tell you which is better, I have the full ZoneAlarm Pro version because it uses Kaspersky for it's protection. That protection only comes with a paid for version, but I have used the free version of both software. Read and decide which you would prefer. http://www.zonealarm.com/security/en-us/anti-virus-spyware-free-download.htm http://www.comodo.com/home/free/free-protection.php COMODO does have a Firewall AntiVirus Suite that is for free, but I will leave that up to you. I want Avast on your machine first for the boot time scan. You may remove it later. Okay now on with the show. Everything on your machine should be updated. Go ahead and reboot and let Avast do it's boot time scan. You will need to be around for it when it asks you what you would like to do, to give it an answer. Remove all bad files. This for the most part is pretty easy. Unless you have items on your machine that you do not want to be removed, then everything is bad. After Avast finishes with it's part. You will need to reboot your machine into Safe Mode. Do this by pressing F8 repeatedly during boot up. You will be given a menu to select from. Select Safe Mode and wait for the OS to boot up. I suggest logging on as Admin, however, you may not be aware of how to access your files from there. Open My Computer and double click the C: drive. Now double click Documents and Setting. Double click the folder with the name of the user that you were using when you installed the programs. Now double click Start Menu and then double click Programs. This will give you the list of programs under that User Name. You may run the programs in that way, if you did not save the programs under All Users. First program to run is ERUNT. This file you will remove later, but it makes a complete backup of your current registry just in case there is a problem. It will make a folder under C:\Windows\ERDNT with the backup files. You have the option to change the name of the folder, but I keep it the same. Now run the programs in Safe Mode one at a time. After you have done this you may reboot your machine into standard mode and create a new HjT file for me to look at. Hopefully your machine will be clean, and then I can help you speed it up! I know there is a lot of information, and it will take you a little time to run it all. Just post back after you have the taken the time to get it all done.
You're talking about the appearance of that in your log, yeah? Like here for example: - "Program Files (x86)" is the default path for the installation of 32 bit software on 64 bit versions of Windows. It's quite normal for that to appear in a HijackThis log.
