PDA

View Full Version : miss behaving pc hijack this log.. HELP please.. win 7



hammer
11-02-2013, 01:31 PM
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:16:32 p.m., on 11/02/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\2degrees Mobile Broadband\2degrees Mobile Broadband.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskmgr.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31C5E8B8-CB20-4F13-A875-78E98A1A314D}: NameServer = 118.148.1.10 118.148.1.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: 2degrees Mobile Broadband. OUC (2degrees Mobile Broadband. RunOuc) - Unknown owner - C:\Program Files\2degrees Mobile Broadband\UpdateDog\ouc.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (file missing)
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe

--
End of file - 6587 bytes

Speedy Gonzales
11-02-2013, 01:53 PM
Whats it doing or not doing??

What version of java is installed 6. what?

hammer
11-02-2013, 01:58 PM
yes java 6

slow pc and after running malware bytes keyboard going crazy..

didnt seem to be so bad when i disconnected from internet which worries me.

Trev
11-02-2013, 02:02 PM
HWDeviceService.exe could be a threat. See Here. (http://www.file.net/process/hwdeviceservice.exe.html)
:)

hammer
11-02-2013, 02:04 PM
yeah i had looked up that but it seemed a bit ambiguous.. reckon i should delete it ?
it was the only one that looked suss in taskmanager

hammer
11-02-2013, 02:09 PM
no that didnt fix it???

Trev
11-02-2013, 02:23 PM
If you have any suspect exe. files just copy and paste them into google and it will till you if they are suspect or not, if you are not already doing it.
:)

Speedy Gonzales
11-02-2013, 02:24 PM
What kind of laptop is it?? Intel or AMD?? If its Intel disable speedstep in the BIOS.

hammer
11-02-2013, 03:49 PM
desktop AMD

Speedy Gonzales
11-02-2013, 03:56 PM
Well I cant see anything in the log. Try defragging the hdd. If you mean slow on the net, it'll be because you're using a mobile connection

hammer
11-02-2013, 04:12 PM
no slow on ethernet broadband too...
this 2deg stick is ok speeds.
defragging isnt a happening thing.. been trying to .. going nowhere..
and when i do a disc check it only does a little quick thingy .. note the usual five stages
they used to do??

hammer
11-02-2013, 04:13 PM
unplugged the stick and defragg got going??

Speedy Gonzales
11-02-2013, 04:36 PM
Use something like defraggler. Windows defrag is crap. Who are you with on broadband?? The ISP maybe having probs

PPp
11-02-2013, 05:55 PM
How much free space on the had drive? Ccleaner may help a bit, try running Scannow to check you system files are good.

hammer
11-02-2013, 10:21 PM
started with updating my anti virus and malware then running
microsoft security centre scan.. then went through all the usuals..
malware bytes, disc check, disc clean , defrrag, hijack logs, and still it was wierd..
i couldnt find anything was getting frustrated..
thought i would go elsewhere and try one more antivirus..
the oddities seemed like a virus.
downloaded panda cloud cleaner, it found 2 more suspects.. cleaned it
and whoohoo it is going sweet as now..
crazy..
but thanks for help anyway..
barb

wainuitech
11-02-2013, 10:45 PM
Good you got it fixed / Sorted.

Not at all surprised that Malwarebytes and MSE missed the infections.