hijack help

[disbanded]

My computer has been acting a little crazy lately - freezing, hanging, rebooting, delayed write failed, all kinds of stuff. I have tried all the little tricks, so many I can't even remember, but turning off this and disabling that. I have run RegCure a thousand times, along with Ad-Aware and Spybot, but still nothing helps.

So, could somebody please take a look at this hijack log and let me know if you see anything suspicious?

This is my work computer and it has also been running slow, mostly hanging up at the C drive thru Windows Explorer. Could this all be linked to some virus? I would love to speed my computer up too. So, if anybody has any performance enhancing advice that would also be greatly appreciated. Thanks.

EVGA 680i motherboard
6400 @ 2.13GHz
2.75 GB RAM


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:44 PM, on 7/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\RunServices: [BelkinAPM] C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
O4 - HKCU\..\Run: [McAfee Instant Update Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/08948e0e8bd2aa5a5a14/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178638478592
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178661988280
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://adobe.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://misskas01.missionitservices.com/inc/kaxRemote.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - http://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BelkinAPM - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE
O23 - Service: BelkinAPMmanager - ZeroG Software - C:\PROGRA~1\BELKIN~1\BE8806~1.EXE
O23 - Service: BelkinAPMmonitor - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
O23 - Service: BelkinAPMRMI - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 10974 bytes

 

[johnb35]

I don't see anything wrong with your log. Have you ran any malware programs such as Malwarebytes?

I do see that you have an older version of Java installed. Please uninstall it and go here to download and install the newest version. Please check add/remove programs for all older versions of java and uninstall all of them before installing the new version. They can be listed as Java or J2SE runtime.

Run Malarebytes and post the log.

http://download.cnet.com/Malwarebyt...4572.html?part=dl-10804572&subj=dl&tag=button

 

[disbanded]

Hi, thanks for the reply. Here is my Malwarebytes Logfile


Malwarebytes' Anti-Malware 1.39
Database version: 2533
Windows 5.1.2600 Service Pack 3

7/30/2009 11:09:03 PM
mbam-log-2009-07-30 (23-08-57).txt

Scan type: Quick Scan
Objects scanned: 109522
Time elapsed: 11 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90270ac7-dcb6-4bef-b655-5d8425ba1540}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{967899e9-e839-46b9-a667-c512cdc09e5c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dda99607-5af0-4660-a1e5-0bd205bab14a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{90270ac7-dcb6-4bef-b655-5d8425ba1540}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{967899e9-e839-46b9-a667-c512cdc09e5c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dda99607-5af0-4660-a1e5-0bd205bab14a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{90270ac7-dcb6-4bef-b655-5d8425ba1540}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{967899e9-e839-46b9-a667-c512cdc09e5c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{dda99607-5af0-4660-a1e5-0bd205bab14a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{90270ac7-dcb6-4bef-b655-5d8425ba1540}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{967899e9-e839-46b9-a667-c512cdc09e5c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{dda99607-5af0-4660-a1e5-0bd205bab14a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.124,85.255.112.131 -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index (Rogue.SmartProtector) -> No action taken.

Files Infected:
c:\documents and settings\all users\application data\microsoft\media index\wmplibrary_v_0_12.db (Rogue.SmartProtector) -> No action taken.

 

[disbanded]

I also did a temperature test on my CPU and got this.

Intel Core 2 CPU 6400 @ 2.13 GHz

GPU 72 C
System 65
CPU 43
AUX 45
HD0 48
Temp1 40
Core 0 60
Core 1 59
Core 71

Am I too hot?

 

[johnb35]

Did you click on remove selected on malwarebytes? Your log shows no action taken.

 

[disbanded]

Yes, I did remove it, so I guess now I will just wait to see if I have any more problems.

I am still having the issue of my computer freezing for 30+ seconds whenever I go to the C drive thru Windows Explorer.

This morning I woke up and my computer was frozen, but this was before I cleaned the malware. But my Belkin Battery Backup had a bunch of warnings up. I wonder what this has to do with the issues.