HijackThis Log

[shiawase1]

thanks for the great advice on removing malware, etc. i've posted my hjt, avg, and combofix logs. if anyone notices anything that needs attention, please let me know.

my system is running like normal and my searches belong to me again!

best regards,

-viv

 

[tomrca]

looks like you got a big clean-up to do.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system has been hijacked.

Delete all files in AVG Antispyware quarantine.

Download and run the Blacklight programme. follow all the instructions carefully.

Post a fresh HJT log after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shiawase1]

Thanks for the support, H

Ok, this is the HJT log after deleting the AVG quarantine and then running BL.

Best regards,
-vj

 

[howard_hopkinso]

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - 0>
B4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)

O2 - BHO: (no name) - °$
78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - °>
CD045-E861-484f-8273-0445EE161910} - (no file)

O2 - BHO: (no name) - €>
38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://www.gamehouse.com/games/cosmicbugs/r64loader.cab

O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.gamehouse.com/games/TriJinx.cab

O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.gamehouse.com/games/PiratePoppers.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/games/DinerDash2.cab

O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://www.gamehouse.com/games/abxgh.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse.com/games/tumblebugs/axhost.cab

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.gamehouse.com/games/dvcode/DVCControl.cab

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operation s/symbizpr/xcontrol/SymDlBrg.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Inst all3.0/Installer.exe

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.gamehouse.com/games/mjescape/PTLauncher.cab

Fix all 017 entries.

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log.

Regards Howard

This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shiawase1]

Followed your advice - here is the 3rd HJT Log

i appreciate your support, howard. this has been a valuable learning experience for me. i have attached the 3rd HJT log and i'm crossing my fingers that all of the garbage has been removed.

thank you and best regards,
-vj

 

[tomrca]

youu have overlooked all the 017 entries. look back to howards post

Fix all 017 entries.

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log.

Regards Howard

 

[howard_hopkinso]

That`s strange, the 017 entries are still in your HJT log. They are the hijacker.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O17 - HKLM\System\CCS\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFC1255-4B1F-4017-85E8-E0E5D4BAF195}: NameServer = 85.255.116.122,85.255.112.79

O17 - HKLM\System\CCS\Services\Tcpip\..\{B51A6E9A-A160-41A4-9769-0E81C8E8B8CF}: NameServer = 85.255.116.122,85.255.112.79

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEB13632-733E-431C-A65E-61492EBB7923}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79

O17 - HKLM\System\CS1\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79

O17 - HKLM\System\CS2\Services\Tcpip\..\{207EB6A8-A4D3-49D3-9DBA-6A7652656314}: NameServer = 85.255.116.122,85.255.112.79

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79

Click on the fix checked button.

Close HJT and reboot your system.

Run another HJT scan and see if those 017 entries are still there. If they`ve gone, you`re good to go. If they haven`t, post a fresh HJT log.

Regards Howard

This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[shiawase1]

my bad! =B

howard, i sent the wrong log file. after i had eliminated those items as you recommended, i didn't run another scan/report. sorry to make you keep looking at it. i just did another hjt and all of the items are gone. thank you again for saving my computer. =)

best regards,
-vj

 

[howard_hopkinso]

That`s ok mate, no problem.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of shiawase1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.