My HijackThis Log For Your Expert Consideration

[BOLt]

Hello! I was hoping to have someone (or many people) take a look at my HijackThis log. I have already sifted through the entries, but I'd like to get more opinions on the integrity of my system. I plan to run this when I get home in a few hours.

I am using Windows Vista Business 64-bit SP1.
No AV solution as of yet (I know, I'm a bad boy!)...
Spybot S&D, Ad-Aware, and HijackThis are my regularly used security tools.

Thoughts? Comments? Suggestions?

--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:45 AM, on 11/18/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\Samir\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samir\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Samir\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....er/current/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7425 bytes

 

[boomerang]

I just copied and pasted it here;

http://www.hijackthis.de/ and it comes up clean.

Thoughts:
Run some AV software. AntiVir free ranks right up there with the best if you're looking for a free solution. I have it on my laptop and I see no negative affects when running it. I run NOD32 on my desktop which is my primary computer and where I do my email.

Comments:
Sbybot and Ad-Aware are nearly useless these days. Ditch them.

That link you have is some great stuff. I use it regularly to clean up messed up systems. I typically would run Hijack This as the last step to check for anything missed. Your system appears clean, but you should go ahead and run the script package and see what you can see.

Edit: I'm not an expert.

 

[law9933]

MalwareBytes & SuperAntispyware are free and the best scanners.

 

[Sam25]

Yes, +1 for Superantispyware.

 

[BOLt]

Originally posted by: boomerang
I just copied and pasted it here;

http://www.hijackthis.de/ and it comes up clean.

Thoughts:
Run some AV software. AntiVir free ranks right up there with the best if you're looking for a free solution. I have it on my laptop and I see no negative affects when running it. I run NOD32 on my desktop which is my primary computer and where I do my email.

Comments:
Sbybot and Ad-Aware are nearly useless these days. Ditch them.

That link you have is some great stuff. I use it regularly to clean up messed up systems. I typically would run Hijack This as the last step to check for anything missed. Your system appears clean, but you should go ahead and run the script package and see what you can see.

Edit: I'm not an expert.

You may not be an expert, but you do write excellent responses!

I'm usually very good about keeping my computer clean. Occasionally I let others use a Guest account which I enable/disable according to the situation (i.e. enabled for parties, disabled for when I'm not around). I've had Ad-Aware "hit" on a few objects in the Guest User file directory, so I just wanted to make sure I was operating on a "secure" computer.

I'll investigate some alternative anti-spyware programs listed in the comments. Thanks guys! More input is always appreciated!

Also, I'll investigate some good AV solutions. I've heard only good things about NOD32... The system footprint isn't a huge factor, I think, since my rig is fairly substantial in RAM capacity.

 

[BOLt]

bump

 

[BOLt]

I discovered a program called Hitman Pro 3. Can anyone recommend it? It seems to be a good solution, but I'm always wary of security software that I haven't heard of.

 

[Sam25]

I just read about Hitman Pro 3 and it seems to be a good programme. Guess what it does is checks the files it finds suspicious and checks them with a database it has on the web. The chances of false positives on this one is also slim.

 

[BOLt]

Originally posted by: Sam25
I just read about Hitman Pro 3 and it seems to be a good programme. Guess what it does is checks the files it finds suspicious and checks them with a database it has on the web. The chances of false positives on this one is also slim.

Thanks for the heads-up. I think I'll try it out.

 

[Sam25]

Originally posted by: BOLt

Originally posted by: Sam25
I just read about Hitman Pro 3 and it seems to be a good programme. Guess what it does is checks the files it finds suspicious and checks them with a database it has on the web. The chances of false positives on this one is also slim.

Thanks for the heads-up. I think I'll try it out.

You could try it, but I would say Superantispyware and MalwareBytes and the better options anyday.

 

[BOLt]

I have recently found out that people (read: my roommate and/or his best friend) have been viewing pornography on my 'Guest' account. Perhaps this would explain the 2-3 hits found by Spybot S&D/Ad-aware of late. Needless to say I've since disabled the Guest account, but do I need to run Hitman Pro 3 on the Guest account in addition to my Administrator account?