Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

HijackThis log - help much appreciated


iso88

Recommended Posts

Recently on the Univ. of Tennessee website, while attempting to enter information, IE Explorer suddenly opened several widows as tabs and a soundtrack began to play (first time I've run into anything like this). One of the tabs was a page that featured a pirate logo and some message about you have been hacked by ..... don't remember who since I shut down the computer immediately. The computer has McAfee Security Center with antivirus and firewall. Scans in Macafee show nothing. Full scans in IObit 360Pro show nothing. I'm concerned that there may be something bad that got put on my computer. My computer shows no obvious erratic behavior or signs of running slow. Thanks much in advance for any help.

Best Regards,

iso88

Link to comment
Share on other sites

Try this a-squared by emisoft scanner.

 

Welcome to Iobit forum iso88!!

 

This is an extremely light, small(only 1 MB), and fast scanner by a-squared. A-squared is a very reputable malware removal tool.

This scanner called MalAware will only detect infection, not remove it, but may provide very important information as to what direction to go.

 

You will find it here:

http://www.emsisoft.com/en/software/malaware/

 

You must be online when you run this software.

Link to comment
Share on other sites

Fat Hijacklog file. Too fat to paste!

 

Dear Iso88,

 

Thanks for coming back!!

 

I tried to copy/paste this scan report here so everyone could easily view, but it exceeds parameters in this way!

 

When you open a new thread everytime you post, it becomes more difficult for us to help!

 

I haven't yet looked at this Hijack report... but the sheer size of it indicates your system tray must be loaded and you have many background(unobserved) things going on! You must have a pretty good machine to handle all this stuff.

Link to comment
Share on other sites

A good start.

 

Thanks for coming back!

 

A good start would be to run the A-squared software I mentioned earlier, here is the link provided: http://www.emsisoft.com/en/software/malaware/

to answer the malware question. But if the scanner comes back with positives don't try to run a-squared 30 day trial or anything else until you get control of your apps(applications) Just note if there is malware present then clean up your system a little bit by managing your apps.

 

Close the extra apps running in your system tray... then run Hijackscan report to post.

 

Also manage your start-up programs!! Most softwares don't need to run in the background. They will respond on demand anyway when you open them. In Windows Vista or 7 a simple way of finding this is in the control panel/programs path.

 

I/we will look at your scanlog. It will help us help you if you can pare it down!

Link to comment
Share on other sites

Dear Iso88,

 

According to http://hijackthis.de the following services can probably be nasty.

 

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

 

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

 

O23 - Service: Windows Media Center Service Launcher (ehstart) - Unknown - %windir%\system32\svchost.exe

 

And you should have a look at these 2 files. Go to http://www.virustotal.com and let them be analysed.

The services are running in a different file. It has to be in c:\programme\microsoft works\....

C:\Program Files\MICROS~2\wkgdcach.exe

C:\Program Files\MICROS~2\WkDStore.exe

 

And also this file : c:\Program Files\COMMON~1\mcafee\mna\mcnasvc.exe.

 

Cheers Blacksea.

Link to comment
Share on other sites

Many thanks to Melvin_Deal

 

Thanks much for your time and response. I will use the A-Squared scan and see what it shows. You are right, I should have just added to my first post, didn't realize I was making it more difficult for folks to help.

 

Good point regarding system tray and some of it needs to and will go. Dell support is one I should just uninstall since msconfig and advanced uninstaller only get rid of it for a while. I'm concerned that an uninstall will leave bits and pieces on the hard drive and create problems...but that's another issue.

 

Will be back with report after using A-Squared.

 

Thanks Much,

iso88

Link to comment
Share on other sites

Thanks much to blacksea

 

Thanks much for taking time to check report and for pointing out problem areas. I'll submit the files you listed to virus.total for analysis.

 

Will the analysis cover all of the potential problems or is there another method for dealing with the potential problem services?

 

Best Regards,

iso88

Link to comment
Share on other sites

A-squared report...1 infection found

 

A-squared report: 1 Infection found, 12 Objects detected.

Thanks much in advance.

 

MalAware - Version 12/8/2009 17:06:27 PM

Last update: 12/8/2009 17:06:27 PM

 

Scan settings:

 

Scan type: Quick Scan

Objects: Memory, Traces

Cleaning: Off

Scan start: 12/8/2009 12:07:50 PM

 

HKEY_CLASSES_ROOT\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A}AppID PC Doc Pro

HKEY_CLASSES_ROOT\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A}\InprocServer32ThreadingModel PC Doc Pro

HKEY_CLASSES_ROOT\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670}AppID PC Doc Pro

HKEY_CLASSES_ROOT\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670}\InprocServer32ThreadingModel PC Doc Pro

HKEY_CLASSES_ROOT\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239}AppID PC Doc Pro

HKEY_CLASSES_ROOT\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239}\InprocServer32ThreadingModel PC Doc Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A}AppID PC Doc Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A}\InprocServer32ThreadingModel PC Doc Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670}AppID PC Doc Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670}\InprocServer32ThreadingModel PC Doc Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239}AppID PC Doc Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239}\InprocServer32ThreadingModel PC Doc Pro

 

Scanned

 

Files: 279

Traces: 46420

Cookies: 0

Processes: 60

Link to comment
Share on other sites

PC Doc Pro

 

Pc Doc Pro is an anti spyware program that is usually rated by independent users on many sites in the 3 out of 5 stars category. Its detection rate lags behind others. It is also known to slow systems down as well. This may be part of your problem, if these processes are running in the background on your system.

 

If you still run Pc Doc Pro, I recommend you remove it. Revo uninstaller is an excellent uninstall tool that will actually hunt down remnants on your system and give you the option to remove them. It is free and Many of the Forum leaders here highly recommend it as well

 

If have removed PC Doc pro already, a different approach will be necessary to remove the remnants.

 

It would be VERY useful if you could run Hjack Scan located in the tools section of Iobit360 and Copy/paste the report here!!

 

P.S. You can find Revo here: http://www.revouninstaller.com/revo_uninstaller_free_download.html it will be useful to remove the other apps as well!

 

When you run Revo make sure to use the Advanced setting so you can remove any remnants!!

Link to comment
Share on other sites

New report ,stopped unnecessary sys tray aps...thanks

 

I've gotten rid of several start-up aps and the report still seems (too?) large. Only nvidia drivers & raid, Mcaffee, Microsoft ehome/ehtray and Spyder monitor calibration show in msconfig. Makes me wonder what's running behind the scenes. I hoped to paste report but could not due to limit...sorry.

 

Best Regards,

iso88

Report 091208.txt

Link to comment
Share on other sites

Your welcome Iso88

 

Thanks much for taking time to check report and for pointing out problem areas. I'll submit the files you listed to virus.total for analysis.

 

Will the analysis cover all of the potential problems or is there another method for dealing with the potential problem services?

 

Best Regards,

iso88

 

Dear iso88,

 

Im not a expert in those things, I only tried to help you. I know 2 good sites to check your services.

 

http://hijackthis.de/#anl

http://www.systemlookup.com/

 

Also my reply was based on that sites. The nasty services that I said were also nasty in those 2 site. So I'm not a expert to help you further.

 

Blacksea

Link to comment
Share on other sites

Question?

 

Have you rebooted since making changes? If not reboot and time till your desktop appears. Then rerun Hijack report.

 

Do you really use the toolbars? They clutter your system a bit.

 

I don't really see any signs of infection.

 

Many things associated with the software you want on start-up.

 

If you have a good machine, lots of Ram. and aren't slow then no worries mate!

 

I see no sign of ASC by Iobit... could just be not running now. But if you don't have it, you should try it! The job it does maintaing your registry is particularly spectacular.

Link to comment
Share on other sites

Hi iso

report can be zipped and attached!

Cheers

solbjerg

 

 

I've gotten rid of several start-up aps and the report still seems (too?) large. Only nvidia drivers & raid, Mcaffee, Microsoft ehome/ehtray and Spyder monitor calibration show in msconfig. Makes me wonder what's running behind the scenes. I hoped to paste report but could not due to limit...sorry.

 

Best Regards,

iso88

Link to comment
Share on other sites

To Melvin_Deal re: Pc Doc Pro

 

I'm not aware of having Pc Doc Pro on my computer and don't see it anywhere on my system. It is not on the list of programs that can be uninstalled and doesn't show up in a search. Don't recall ever getting this program. Did you perhaps mean Advanced Uninstaller Pro?

 

Thanks,

iso88

Link to comment
Share on other sites

Hi iso

Pc Doc Pro showed up in several places in your report!

Try running a search for it.

Do you have ASC or perhaps Ccleaner? You could then try to do a cleanUp

in both programs and registry.

Cheers

solbjerg

 

 

I'm not aware of having Pc Doc Pro on my computer and don't see it anywhere on my system. It is not on the list of programs that can be uninstalled and doesn't show up in a search. Don't recall ever getting this program. Did you perhaps mean Advanced Uninstaller Pro?

 

Thanks,

iso88

Link to comment
Share on other sites

Welcome back.

 

The Pc Doc Pro remnants exist on almost all late Vista systems. They are usually harmless but not always, and I think accidentally "incorporated" by a microsoft programmer (I haven't looked at 7 yet, they may be there as well, cause so much of Vista is in 7). They are small and can be ignored unless you're paranoid and want to make sure.

 

Some programmers/software companies view Pc Doc Pro as harmful.

 

Have you rebooted since making changes? If not reboot and time till your desktop appears. Then rerun Hijack report.

 

Do you really use the toolbars? They clutter your system a bit.

 

I don't really see any signs of infection.

 

Many things associated with the software you want on start-up.

 

If you have a good machine, lots of Ram. and aren't slow then no worries mate!

 

I see no sign of ASC by Iobit... could just be not running now. But if you don't have it, you should try it! The job it does maintaing your registry is particularly spectacular.

 

 

 

What about the other questions I asked?

 

Peace be to you!!

Link to comment
Share on other sites

solbjerg re pc doc Pro

 

That's strange. This program does not show up in searchs and don't see it in Program Files looking and with searches. If it's not related to Advanced Uninstaller Pro I have no idea. I didn't buy or download this program that I know of. I did an A-square scan today but didn't download anything.

 

Thanks much,

iso88

Link to comment
Share on other sites

Re: task bar & scan - Melvin_Deal

 

Melvin_Deal,

Thanks for your response. I got rid of several items on the task bar. Only McAffee Security, Monitor Calibration, Safely remove hardware, volume 100, along with show desktop are present. System starts much faster, just 10 - 20 seconds ....way better that before. I assume that I need monitor calibration and McAffee on the task bar but perhaps not; perhaps I could start them after computer starts. Show desktop comes in handy.

 

Attaced is the latest report.

 

Thank you very much,

iso88

Report 091208B.txt

Link to comment
Share on other sites

C cleaner won't detect or remove.

 

Neither will any version of ASC... pro included.

 

To get rid of this easily and simply... a-squared will do it. If iso88 chooses to run this... it could be a pain in the buttocks for him/her. A-squared will alert and flag extraneously from programs that are regarded as safe.

 

Iso88 this is fine software to run. If it flags some programs you know are safe, then DON"Tselect them before you remove/quarantine. Remove the PC Doc Pro components and any others you know you didn't install or you thought you removed. If you decide to keep A-squared, disable all the automatic options... or it will tell you when you fart. The download may take a littlewhile...

 

After this you can uninstall if you like. You have a 30 day trial. Of course they will try to get you to buy.

 

Here's the link Iso88: http://www.emsisoft.com/en/software/free/

 

Please post if you have questions!!

Link to comment
Share on other sites

This will help you now and in the future!!

 

Advanced System Care will repair your windows registry now and in the future! You can get it here: http://download.cnet.com/Advanced-SystemCare-Free/3000-2086_4-10407614.html?part=dl-6271865&subj=dl&tag=button

 

The free version is great... the pro version is fantastic.

 

Download the free version and use it. Read about ASC in the thread "Usage of Iobit products" here on the main forum page.

 

Solbjerg referred to it as ASC, and as I noted in a previous post I didn't think you were running it.

 

 

I'm glad we can help!!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...