Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Hijack scan !


blacksea

Recommended Posts

Posted

Hi, I have no knowledge about the Hijack scan thing, but I hope some1 can help me.

 

MSIE: Internet Explorer v6.0 (6.0.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Mamutu\mamutu.exe

C:\program files\steam\steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Mamutu\a2service.exe

C:\Documents and Settings\All Users\Application Data\QuestService\questservice126.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Akcay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2scan.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll

O2 - BHO: TCP - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\wso.dll

O2 - BHO: Web Search Operator - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll

O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Adware Alert] C:\Program Files\Adware Alert\Adware Alert.exe -boot

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Mamutu Guard] "C:\Program Files\Mamutu\mamutu.exe" /silent

O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} -

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253299216203

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} (AVWebScannerAx Class) - http://download.comodo.com/avs/ComodoAVScanner.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - C:\Program Files\Mamutu\a2service.exe

O23 - Service: QuestService Service - Unknown - C:\Documents and Settings\All Users\Application Data\QuestService\questservice126.exe

 

I have seen C:\Documents and Settings\All Users\Application Data\QuestService\questservice126.exe and I didn't know what it was.

 

So I searched it on google and couldn't find anything. And I also couldn't find it in http://www.neuber.com where they give all info over processes.

 

Please someone who have knowledge about this, help me !

 

greets

Blacksea

Posted

Hi blacksea,

 

Here is the info for it.

 

http://www.prevx.com/filenames/3808821442393444195-X1/QUESTSERVICE.EXE.html

 

C:\Documents and Settings\All Users\Application Data\QuestService\questservice126.exe

 

O23 - Service: QuestService Service - Unknown - C:\Documents and Settings\All Users\Application Data\QuestService\questservice126.exe

 

 

-Get rid of the following also:

 

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll

O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\wso.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

- AdWareALERT review. AdWareALERT is a Rogue Tool. do NOT Buy.

O4 - HKCU\..\Run: [Adware Alert] C:\Program Files\Adware Alert\Adware Alert.exe -boot

 

(Have a close look to the infected files at the fourth post on this page for the similarities)

 

- Update Java Plug-in 1.6.0_16 to Java Plug-in 1.6.0_17

 

-You have two AV software. One is sufficient, and two creates problems.

 

- You have also too many toolbars, of which I don't know some.

 

- Not a good thing to start messenger and keep it all the time at the background.

 

It seems to me a fairly bloated PC. :roll:

 

Together with Chrome, are you still using IE6?

 

Good hunting and cheers.:mrgreen:

Posted
Hi blacksea,

 

Here is the info for it.

 

http://www.prevx.com/filenames/3808821442393444195-X1/QUESTSERVICE.EXE.html

 

C:\Documents and Settings\All Users\Application Data\QuestService\questservice126.exe

 

O23 - Service: QuestService Service - Unknown - C:\Documents and Settings\All Users\Application Data\QuestService\questservice126.exe

 

 

-Get rid of the following also:

 

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll

O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\wso.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

- AdWareALERT review. AdWareALERT is a Rogue Tool. do NOT Buy.

O4 - HKCU\..\Run: [Adware Alert] C:\Program Files\Adware Alert\Adware Alert.exe -boot

 

(Have a close look to the infected files at the fourth post on this page for the similarities)

 

- Update Java Plug-in 1.6.0_16 to Java Plug-in 1.6.0_17

 

-You have two AV software. One is sufficient, and two creates problems.

 

- You have also too many toolbars, of which I don't know some.

 

- Not a good thing to start messenger and keep it all the time at the background.

 

It seems to me a fairly bloated PC. :roll:

 

Together with Chrome, are you still using IE6?

 

Good hunting and cheers.:mrgreen:

 

Hi enoskype,

I appreciate it that you looked for me. Really thank you.

 

So the things you said I had also to get rid of it, were that malware ?

 

And my only anti-virus is Avast, I don't have another.

 

And no I only use Chrome, but I don't know if I can delete IE. I thought maybe my Internet would't work any more :neutral:.

 

And why you say you think my pc is bloated :shock: ?

 

Did I do something wrong to my computer ? I think my computer is good protected. I have one of the best security programs .

 

Cheers Blacksea!

Posted

These three are components of AV software.

 

Dear blacksea

 

These three are components of different Anti-virus softwares:

 

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

 

 

Perhaps the a-squared and comodo components are leftovers from an incomplete uninstall.

 

If you no longer use these softwares, you can remove these as well.

 

Eno means you have many things running in the background "bloated"

 

Peace!

Posted

Hi Melvin_Deal,

 

Oke avast is my Antivirus

A-squared is a antimalware and i only use it as antimalware, I know its malware + virus but it doesnt conflict. I use the malwareshield of the trail for 30 days. every 30 day I make a other account :razz: And they don't conflist, so there is no problem I think.

 

And I only use the free firewall of Comodo, I didn't installed the Antivirus.

 

Blacksea.

Posted
hi blacksea,

I too does not anything about Hi jack.

But your link helped me a lot to learn about this topic.

Thanks in advance.

..................

 

data entry india

 

 

Your welcome johnvarenda, I'm glad that the link also helped others like you.

 

 

Blacksea.

Posted

Hi blacksea,

 

Melvin Deal has replied, so only thing left with the question is, if they were the malwares, well please look at the bold link I have given in post #2, and you will see that they are deleted as infections to the PC over there. They should be considered as malware.

 

Cheers.

Posted
Hi blacksea,

 

Melvin Deal has replied, so only thing left with the question is, if they were the malwares, well please look at the bold link I have given in post #2, and you will see that they are deleted as infections to the PC over there. They should be considered as malware.

 

Cheers.

 

 

Hi enoskype,

 

Yes I think it was malware because when I watch something on youtube, it stopped sometimes allot. After I deleted them with mamb it went well.

Thank you !

 

blacksea.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...