I think my computer is infected by an email spam troyan/virus

Vic

Firstly I hope this is a suitable subforum to post this question. I have tried posting this in a virus support forum, but recieved no answer. If you have any recommended forums to take this question to I would be grateful for a link.

Friends have informed me that since january the first, my hotmail adress has been sending out emails every few days with two files I can only assume contain viruses of some sort attached. I have used the scan function of several antivirus programs including Avira, Avast and Microsoft Security Essentials but found no suspicious files. My operative system is Windows 7 64 bit, and thus I can not use the bootscan function of Avast. I can remember no particular activity that might have lead to my computer being infected.

It seems that the virus sends out spam mails to all of my contacts, either on MSN Messenger or in Hotmail. Several of the emails bounce or are reported as being delayed every time they are sent out. The emails read as follows:

Subject: Re

Body: Dear,


How are you?
I received a shopping website's invitation and I have become their member,
they have a lot of cheapest products and best perfect services.
I have bought their products, all of the products are orginal and new.
Products they sale TV, laptop, desktop, phones, digital SLRs,
Camcorders and so on.If you have any questions ,
you will get the best service by their online servers.
I am very pleased to share with you.
Now I share the web to you: offersele.com
I am sure you will get much surprise.

Yours，

With two files attached, one called "ATT00001" and the other "Re.mht"

I have tried in vain to google the body of the text, and it seems the file names are very commonly used.

Apart from the emails being sent, I am not sure I have noticed any particular effects of the virus. I have had slowdowns of my computer, but I am not sure if this could simply have been from my own computer activity. Any advice on how to deal with this problem would be greatly appreciated!

Thanks in advance

matt has a problem

Get Malwarebytes and run it.

Then run Trendmicro's Housecall.

zhen_rogue

matthasaproblem wrote: »

Get Malwarebytes and run it.

Then run Trendmicro's Housecall.

Do these in safe mode.

Lail

I would suggest, also, to go on a safe computer and change your hotmail password. At least for the time being you won't be sending out any more e-mails.

TetraNitroCubane

There are a couple of things that might be happening here. They're all possible, but I wouldn't be able to tell you which one is actually going on.

1.) You've got an infection - and after all the stuff you've thrown at it, and the lack of symptoms you describe, I'm going to guess you've got a rootkit that's evading detection. Not exactly a super-likely scenario, but possible. I'd recommend finding and using a rootkit scanner. There are many available. There are some on the software list in this thread.

2.) Someone has compromised your email account. This means they're logging into your account remotely, and they're not really doing anything on your computer - Still, they got your password somehow, so keep that in mind. Change the password on the account immediately to something secure. If the mails stop, that's probably what was going on.

3.) There's a chance that someone is just spoofing your email address. The fact that your contacts are being emailed directly makes this unlikely, but every so often spammers will just pick a domain or an address and use it to fake their 'From' field. There's no way to prevent this when it happens.

zhen_rogue wrote: »

matthasaproblem wrote: »

Get Malwarebytes and run it.

Then run Trendmicro's Housecall.

Do these in safe mode.

Actually, moderators on the official MalwareBytes forum recently indicated that MBAM isn't really designed to run in safemode, and that it should only be used in situations where the normal scans fail. Your results may vary, but it's been a recent surprise, at least to me. The conventional wisdom is that safemode scanning is superior, after all.

zhen_rogue

TetraNitroCubane wrote: »

There are a couple of things that might be happening here. They're all possible, but I wouldn't be able to tell you which one is actually going on.

1.) You've got an infection - and after all the stuff you've thrown at it, and the lack of symptoms you describe, I'm going to guess you've got a rootkit that's evading detection. Not exactly a super-likely scenario, but possible. I'd recommend finding and using a rootkit scanner. There are many available. There are some on the software list in this thread.

2.) Someone has compromised your email account. This means they're logging into your account remotely, and they're not really doing anything on your computer - Still, they got your password somehow, so keep that in mind. Change the password on the account immediately to something secure. If the mails stop, that's probably what was going on.

3.) There's a chance that someone is just spoofing your email address. The fact that your contacts are being emailed directly makes this unlikely, but every so often spammers will just pick a domain or an address and use it to fake their 'From' field. There's no way to prevent this when it happens.

zhen_rogue wrote: »

matthasaproblem wrote: »

Get Malwarebytes and run it.

Then run Trendmicro's Housecall.

Do these in safe mode.

Actually, moderators on the official MalwareBytes forum recently indicated that MBAM isn't really designed to run in safemode, and that it should only be used in situations where the normal scans fail. Your results may vary, but it's been a recent surprise, at least to me. The conventional wisdom is that safemode scanning is superior, after all.

If that's the case, i'd suggest running it both ways then.
I have had malware in the past that was not detected by MBAM in a normal boot, but in safe mode MBAM found 70+ compromised files.

Captain Vash

I don't know how attached you are to your media/other files but in a case like this my default option is to nuke it from orbit.

TetraNitroCubane

Captain Vash wrote: »

I don't know how attached you are to your media/other files but in a case like this my default option is to nuke it from orbit.

Very yes.

As I forgot to mention: If you do manage to turn up an infection (particularly a rootkit), full reformat is the safest option.

Chef_Boom

Vic, I had the exact same problem/virus your talking about, all I did was change my msn password and it hasnt bee doing it since, so maybe our accounts were merely hacked?

Vic

Thank you all for your excellent advice. I have performed a full Malwarebytes scan in windows safe mode and encountered three hits, removing them. I'm posting the log below. I changed my password to my hotmail account (supidly on this computer before actually removing the virus, so I will do it again from a safe location tomorrow). It seems from my email logs that the virus has sent emails once every four days, so I should see if that activity has stopped tomorrow evening.

Malwarebytes' Anti-Malware 1.44
Database version: 3537
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

2010-01-11 01:27:48
mbam-log-2010-01-11 (01-27-48).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 408868
Time elapsed: 44 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysinfo (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Vic\AppData\Local\Temp\370032316Wsy.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

I will of course keep vigilant and I am still considering a NFO, but could you estimate how safe I can feel?

Torque Monkey

What is your current anti-virus software? If it isn't anything noteworthy, I would recommend downloading and installing Microsoft Security Essentials which can be found here, and in addition to Malwarebytes, I would recommend downloading and running a deep system scan with Sunbelt's Counterspy, as it does a pretty fantastic job with most trojan variants these days.

Last but not least, most of these sort of infections like to hide duplicates in other temp files, some of which may or may not be found by these individual pieces of scanning software. CCleaner will run in a few minutes and clean out any and all temp files, and you may want to run it's registry function as well.

Let us know how things turn out!

TetraNitroCubane

Vic wrote: »

Thank you all for your excellent advice. I have performed a full Malwarebytes scan in windows safe mode and encountered three hits, removing them. I'm posting the log below. I changed my password to my hotmail account (supidly on this computer before actually removing the virus, so I will do it again from a safe location tomorrow). It seems from my email logs that the virus has sent emails once every four days, so I should see if that activity has stopped tomorrow evening.

Malwarebytes' Anti-Malware 1.44
Database version: 3537
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

2010-01-11 01:27:48
mbam-log-2010-01-11 (01-27-48).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 408868
Time elapsed: 44 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysinfo (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Vic\AppData\Local\Temp\370032316Wsy.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

I will of course keep vigilant and I am still considering a NFO, but could you estimate how safe I can feel?

First, take my recommendations with a grain of salt. I realize I tend to be touchier about these subjects than most people, so YMMV when it comes to what I'm about to say:

The 'Registry Data Item Infected' item (Hijack.DisplayProperties) is pretty much a false-positive that the MBAM developers refuse to remove. You'll see that item on a fresh install of Windows 7.

The other two items are worrisome. It's very hard to make a judgement, but the fact that MBAM found a randomly named infected dll in your temp folder, and other A/V solutions did not, may indicate that you were in fact infected by something very nasty like a rootkit. MBAM may not have removed it all. These things get tricky sometimes, hiding multiple versions of different nasties on your system so that if one gets caught, the others will restore it. There's also the fact that these threats are being classified as 'Trojan.Downloader', which means that the bugs opened your computer up wide for all its friends.

If anything is lingering, then they keylogger that stole your password the first time might've watched you change it just now.

My recommendation is to back up all of your important files (preferably NON-exe, dll, or otherwise executable), reformat your drive, and perform a fresh install of Windows. When you're ready to restore your backed-up files, first scan the media with a good A/V solution and also MBAM. Torque Monkey's recommendation of Microsoft Security Essentials is a fantastic one. Once you've protected your reformatted system, this will let you remain pretty confident that you got the bug out.

Is it over the top? Maybe. But as it stands, if you contracted some kind of trojan, you effectively cannot trust your system any longer from inside your system.

If you simply can't suffer a reinstall, then grab a LiveCD with an up-to-date A/V suite, and scan after booting from the optical drive. At least then, rootkits can't hide very well.

Vic

Torque Monkey wrote: »

What is your current anti-virus software? If it isn't anything noteworthy, I would recommend downloading and installing Microsoft Security Essentials which can be found here, and in addition to Malwarebytes, I would recommend downloading and running a deep system scan with Sunbelt's Counterspy, as it does a pretty fantastic job with most trojan variants these days.

Last but not least, most of these sort of infections like to hide duplicates in other temp files, some of which may or may not be found by these individual pieces of scanning software. CCleaner will run in a few minutes and clean out any and all temp files, and you may want to run it's registry function as well.

Let us know how things turn out!

I have installed Microsoft Security Essentials. I am installing the programs you recommended as I type, but Sunbelt's counterspy mentions active protection. I was under the impression that having several active virus protection programs would lead to security issues, will this program work together with MSE?

Torque Monkey

I second Tetra's recommendation of a fresh install of it's viable for you, by the way. A good portion of system monitor/keylogging software these days are acting more and more malicious and are becoming very difficult for even standalone anti-malware software to detect. If you want to be 100% on the safe side and your computer has a recovery partition/you have your recovery media handy, system recovery is always the safest option.

HijackThis if you do plan on attempting to save this installation will be critical, and it completely slipped my mind. I would run that and post a log for us to review.

edit: That is correct. However, it's not Anti-Virus software, it just does active monitoring of registry modifications/known malicious installations and will alert you. No harm in this one, but good thinking none the less!

Underdog

Nearly the same thing happened to me. I got Avast, warned everyone on my contact list that they might get wonky mail from me and to delete it if they do and then changed my hotmail password. It pretty much stopped right away after these changes. I think the password change does a lot. BUt don't change it until you've run all your anti-virus and spyware stuff just in case.

Vic

Torque Monkey wrote: »

What is your current anti-virus software? If it isn't anything noteworthy, I would recommend downloading and installing Microsoft Security Essentials which can be found here, and in addition to Malwarebytes, I would recommend downloading and running a deep system scan with Sunbelt's Counterspy, as it does a pretty fantastic job with most trojan variants these days.

Last but not least, most of these sort of infections like to hide duplicates in other temp files, some of which may or may not be found by these individual pieces of scanning software. CCleaner will run in a few minutes and clean out any and all temp files, and you may want to run it's registry function as well.

Let us know how things turn out!

I ran these programs, also in safemode, and got no hits using Sunbelt's Counterspy. Going to run HijackThis.

Edit:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:27, on 2010-01-11
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Users\Vic\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vic\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vic\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Age2 Config.lnk = C:\Spel\Age Of Empires 2 & The Conquerors Expansion - Full Game\Data\config.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O13 - Gopher Prefix:
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Spel\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8657 bytes

TetraNitroCubane

I'm not much help with Hijackthis logs, but I wanted to pass on the fact that Hijackthis doesn't work correctly on Windows 7 x64. From what I understand a majority of the 'File Missing' messages under 'O23' are reported in error, and should not be messed with.