TechSpot

HijackThis Log

By shiawase1
Feb 10, 2007
  1. thanks for the great advice on removing malware, etc. i've posted my hjt, avg, and combofix logs. if anyone notices anything that needs attention, please let me know.

    my system is running like normal and my searches belong to me again!

    best regards,

    -viv
     
  2. tomrca

    tomrca TS Rookie Posts: 1,000

    looks like you got a big clean-up to do.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system has been hijacked.

    Delete all files in AVG Antispyware quarantine.

    Download and run the Blacklight programme. follow all the instructions carefully.

    Post a fresh HJT log after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. shiawase1

    shiawase1 TS Rookie Topic Starter

    Thanks for the support, H

    Ok, this is the HJT log after deleting the AVG quarantine and then running BL.

    Best regards,
    -vj
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - 0>B4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)

    O2 - BHO: (no name) - °$78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - °>CD045-E861-484f-8273-0445EE161910} - (no file)

    O2 - BHO: (no name) - €>38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://www.gamehouse.com/games/cosmicbugs/r64loader.cab

    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.gamehouse.com/games/TriJinx.cab

    O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.gamehouse.com/games/PiratePoppers.cab

    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/games/DinerDash2.cab

    O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://www.gamehouse.com/games/abxgh.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse.com/games/tumblebugs/axhost.cab

    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.gamehouse.com/games/dvcode/DVCControl.cab

    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operation s/symbizpr/xcontrol/SymDlBrg.cab

    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Inst all3.0/Installer.exe

    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab

    O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.gamehouse.com/games/mjescape/PTLauncher.cab

    Fix all 017 entries.

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. shiawase1

    shiawase1 TS Rookie Topic Starter

    Followed your advice - here is the 3rd HJT Log

    i appreciate your support, howard. this has been a valuable learning experience for me. i have attached the 3rd HJT log and i'm crossing my fingers that all of the garbage has been removed.

    thank you and best regards,
    -vj
     
  7. tomrca

    tomrca TS Rookie Posts: 1,000

    youu have overlooked all the 017 entries. look back to howards post

    Fix all 017 entries.

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post a fresh HJT log.


    Regards Howard
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s strange, the 017 entries are still in your HJT log. They are the hijacker.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O17 - HKLM\System\CCS\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79

    O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFC1255-4B1F-4017-85E8-E0E5D4BAF195}: NameServer = 85.255.116.122,85.255.112.79

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B51A6E9A-A160-41A4-9769-0E81C8E8B8CF}: NameServer = 85.255.116.122,85.255.112.79

    O17 - HKLM\System\CCS\Services\Tcpip\..\{EEB13632-733E-431C-A65E-61492EBB7923}: NameServer = 85.255.116.122,85.255.112.79
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79

    O17 - HKLM\System\CS1\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79

    O17 - HKLM\System\CS2\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79

    Click on the fix checked button.

    Close HJT and reboot your system.

    Run another HJT scan and see if those 017 entries are still there. If they`ve gone, you`re good to go. If they haven`t, post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. shiawase1

    shiawase1 TS Rookie Topic Starter

    my bad! =B

    howard, i sent the wrong log file. after i had eliminated those items as you recommended, i didn't run another scan/report. sorry to make you keep looking at it. i just did another hjt and all of the items are gone. thank you again for saving my computer. =)

    best regards,
    -vj
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s ok mate, no problem.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...