Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: HijackThis Log Check Please

24 Feb 2011   #1
updawg

Windows 7 Professional x64
 
 
HijackThis Log Check Please

I recently had some unauthorized purchases on my checking account and I am making sure that the breach didn't come from my computer, so if anyone can aid in any assistance I would be greatly appreciative. Any other information or tests you need me to run let me know

Code:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:26 AM, on 2/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
 
Running processes:
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
C:\Users\Michael\AppData\Local\Chromium\Application\chrome.exe
D:\Users\Michael\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 6231 bytes



My System SpecsSystem Spec
.
24 Feb 2011   #2
Vino Rosso

Windows 7 Pro
 
 

Hi

Unfortunately, HijackThis is not the tool it once was and is not particularly suited to newer operating systems such as Windows 7 hence (file missing) appearing regularly in the log.

I'd suggest you download and run Malwarebytes Anti-Malware and report back on what it finds, if anything.
My System SpecsSystem Spec
24 Feb 2011   #3
updawg

Windows 7 Professional x64
 
 

I have done that already with 0 results, I also have always used Microsoft Security Essentials as my form of protection on this computer. I also installed avira for a day and did a full scan and a boot scan with no results either.
My System SpecsSystem Spec
.

24 Feb 2011   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Just to be on the safe side, change all your passwords, using a different computer, not the one that might have been breached.
My System SpecsSystem Spec
24 Feb 2011   #5
Punkster

Windows 7 Ultimate SP1 (64-bit)
 
 

Quote   Quote: Originally Posted by Jacee View Post
Just to be on the safe side, change all your passwords, using a different computer, not the one that might have been breached.
Well said, Jacee.

Let me add to this that you should do it in a computer that you know is not infected by any malware/trojan/rootkits, most likely a trusted PC.

Because that would be the same story all over again and we don't want that to happen.
My System SpecsSystem Spec
Reply

 HijackThis Log Check Please




Thread Tools




Similar help and support threads
Thread Forum
HiJackThis
I have the version of HiJackThis that has to install. I am looking for the stand alone version. If anyone know were to get this, I would appreciate the information. Thank you
Software
Need help with HijackThis log
Hi, my computer is infected with some malware that hijacks the browser - doesn't matter which one - IE, Firefox, Chrome. It allows you to do a search in any of the search engines. But once you get your search results page, clicking on any link will trigger the malware to redirect the link to...
System Security
Help with HijackThis
I have just removed a trojan and it seems that there are still parts of it in the system. I have managed to get online, but when I go to any antivirus site it still tries to redirect me to another site. I can access all sites with right-clicking and opening the site in a new tab. but it seems...
System Security
HijackThis Help?
I'm having problems with my browser and I'm being directed to these pages that pretend to be this Java thing. So I installed this HiJackThis program. I need help with this Log... What should I fix?
Performance & Maintenance
HijackThis - Check Please
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:49:31 PM, on 4/26/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe...
System Security
HijackThis
When someone has the time, will you please have a look at this for me? Thank you very much! :)
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:54.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App