HiJack this.

Quiescence · 11-23-2007, 09:40 PM

Hijack this log.

Love Souljah · 11-23-2007, 09:44 PM

...what about it? (:

Ac!d Ra!n · 11-24-2007, 02:29 AM

Seems fine, nothing serious.

Regards,
Ac!d Ra!n

Quiescence · 11-24-2007, 10:38 AM

Quote:

Originally Posted by Ac!d Ra!n

Seems fine, nothing serious.

Regards,
Ac!d Ra!n

Thanks. +rep.

**Nys** · 11-24-2007, 02:24 PM

Quote:

Seems fine, nothing serious.

Regards,
Ac!d Ra!n

Far from it. Don't give advice on things you don't know about.

Dear Quiescence,
Print out these instrucions for reference to them later because you will be asked to run your computer in safe mode, which has no access to the internet.

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

Please download LSPFix from here.
Run the LSPFix.exe that you have just finished downloading.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of XXXXX.dll.
Select every instance of XXXXX.dll and move each one to the Remove box by clicking the >> button.
When you are done click Finish>>.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 F-Secure.com > Antivirus and intrusion prevention solutions for home users and businesses
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 Home and Home Office Store
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 McAfee - Antivirus Software and Intrusion Prevention Solutions
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 Sophos - anti-virus and anti-spam software for businesses
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage, and Compliance Solutions - Symantec Corp.
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 Viruslist.com - Information About Viruses, Hackers and Spam
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 AVG Anti-Virus and Internet Security - Welcome
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 Antivirus & Content Security Software | Securing Your Web World: - Trend Micro USA
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 Antivirus, anti-spyware, anti-spam, firewall. Protect yourself with Panda Security
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 ZoneAlarm by Check Point - Award winning PC Protection, Antivirus, Firewall, Anti-Spyware, Identity Protection, and much more.
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 Antivirus software - BitDefender - The future of security now!
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 SpywareInfo :· Spyware and hijackware Removal Specialists
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 Merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 Microsoft TechNet: Windows Sysinternals
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 OnGuard Online Homepage
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 avast! antivirus software - computer virus, worm and Trojan protection by ALWIL Software
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 ParetoLogic
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 Webroot Software | Award-winning Antivirus and Antispyware Security
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Admin\LOCALS~1\Temp\~DPB.dll (file missing)
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu32.exe 61A847B5BBF72811308B2B27128065E9C084320161C4661227 A755E9C2933154389A
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\Documents and Settings\Admin\Local Settings\Temp\~DPB.dll
C:\WINDOWS\retadpu32.exe

After that, Reboot, and post a new HijackThis log here in a reply

~~Pitbull~~ · 11-24-2007, 04:13 PM

Quote:

Originally Posted by Nys

Far from it. Don't give advice on things you don't know about.

Dear Quiescence,
Print out these instrucions for reference to them later because you will be asked to run your computer in safe mode, which has no access to the internet.

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

Please download LSPFix from here.
Run the LSPFix.exe that you have just finished downloading.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of XXXXX.dll.
Select every instance of XXXXX.dll and move each one to the Remove box by clicking the >> button.
When you are done click Finish>>.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 F-Secure.com > Antivirus and intrusion prevention solutions for home users and businesses
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 Home and Home Office Store
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 McAfee - Antivirus Software and Intrusion Prevention Solutions
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 Sophos - anti-virus and anti-spam software for businesses
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage, and Compliance Solutions - Symantec Corp.
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 Viruslist.com - Information About Viruses, Hackers and Spam
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 AVG Anti-Virus and Internet Security - Welcome
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 Antivirus & Content Security Software | Securing Your Web World: - Trend Micro USA
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 Antivirus, anti-spyware, anti-spam, firewall. Protect yourself with Panda Security
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 ZoneAlarm by Check Point - Award winning PC Protection, Antivirus, Firewall, Anti-Spyware, Identity Protection, and much more.
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 Antivirus software - BitDefender - The future of security now!
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 SpywareInfo :· Spyware and hijackware Removal Specialists
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 Merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 Microsoft TechNet: Windows Sysinternals
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 OnGuard Online Homepage
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 avast! antivirus software - computer virus, worm and Trojan protection by ALWIL Software
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 ParetoLogic
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 Webroot Software | Award-winning Antivirus and Antispyware Security
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Admin\LOCALS~1\Temp\~DPB.dll (file missing)
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu32.exe 61A847B5BBF72811308B2B27128065E9C084320161C4661227 A755E9C2933154389A
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\Documents and Settings\Admin\Local Settings\Temp\~DPB.dll
C:\WINDOWS\retadpu32.exe

After that, Reboot, and post a new HijackThis log here in a reply

lol pwnt .

Quiescence · 11-24-2007, 06:10 PM

Thanks a bunch Nys, I'll edit my post with my new log in a sec.

And a few questions:
What is an LSP chain?

What were all those things I fixed or whatever?

**Nys** · 11-24-2007, 06:28 PM

Quote:

Originally Posted by Quiescence

Thanks a bunch Nys, I'll edit my post with my new log in a sec.

And a few questions:
What is an LSP chain?

What were all those things I fixed or whatever?

Oh god ... if I spent all the time explaining each thing your fixed I'd go nuts. Basically you had a few BHO's (BrowserHelperObjects) that were malicious files aka malware. You also had some malicious software redirecting you to a hacker website when you enter certain URL's. Finally, you had a few malicious ActiveX objects you downloaded.

Quiescence · 11-27-2007, 05:09 PM

Quote:

Originally Posted by Nys

Oh god ... if I spent all the time explaining each thing your fixed I'd go nuts. Basically you had a few BHO's (BrowserHelperObjects) that were malicious files aka malware. You also had some malicious software redirecting you to a hacker website when you enter certain URL's. Finally, you had a few malicious ActiveX objects you downloaded.

Haha, thanks.

Sorry I didn't get my log up yet... once I restarted my pc after going in safe mode as you told me, there was an 'ip address conflict' on my network. I tried to fix it, had a 40 minute conversation on the phone with the rogers guy, but i can't access the internet on my home PC.

I really doubt I ****ed up with HJT, because the conflict once happened on this laptop when my brother was playing PS3 online, but it happened to my home PC on saturday, and ever since then, no internet on that pc. It says connected and all that stuff, I can ping google's IP address, but not the webname itself, according to rogers(my ISP) guy. And the IP address conflict on my home pc happened when the PS3 was online, too.

I'll post the new log once my PC gets fixed, I really doubt I ****ed something up with removing the things in HiJackThis. But is it possible that hijackthis caused my home pc internet connection to go screwy? Sounds total bananas to me, but I'm no advanced PC guy.

And thanks for your advice, Nys.

**Nys** · 11-27-2007, 05:54 PM

No, HJT did not cause your internet to mess up. The only way you can do that is by deleting an O10, which didn't even show up in your log.

However, I do have a question. Did you ever create static IP's for the computers on your network? If your not sure, check for me.

Go to Control Panel > Network Connections.
Right click your network and click on View Available Wireless Networks.
Select your network.
Click Change Advanced Settings.
Click on Internet Protocal (TCP/IP) then select Properties.
Check to make sure the option Obtain an IP address automatically is selected.
Click OK then OK again.
Reboot and see if your internet works now.

Quiescence · 11-27-2007, 06:04 PM

Quote:

Originally Posted by Nys

No, HJT did not cause your internet to mess up. The only way you can do that is by deleting an O10, which didn't even show up in your log.

However, I do have a question. Did you ever create static IP's for the computers on your network? If your not sure, check for me.

Go to Control Panel > Network Connections.
Right click your network and click on View Available Wireless Networks.
Select your network.
Click Change Advanced Settings.
Click on Internet Protocal (TCP/IP) then select Properties.
Check to make sure the option Obtain an IP address automatically is selected.
Click OK then OK again.
Reboot and see if your internet works now.

Both of my computers have always been set to 'Obtain IP address automatically' and 'Obtain DNS servers automatically'.

**Nys** · 11-27-2007, 06:16 PM

Alright, do the following:

Open HiJackThis.
Select View the list of backups.
Select every entry in the box.
Click Restore.

Reboot and see if that does it.

Quiescence · 11-27-2007, 06:25 PM

Quote:

Originally Posted by Nys

Alright, do the following:

Open HiJackThis.
Select View the list of backups.
Select every entry in the box.
Click Restore.

Reboot and see if that does it.

Ugh, I'm a ****ing idiot. I just realized I uninstalled HJT on my home pc on sunday. I'll download it from this laptop and send it to my home pc through my network places.

**Nys** · 11-27-2007, 06:43 PM

Quote:

Originally Posted by Quiescence

Ugh, I'm a ****ing idiot. I just realized I uninstalled HJT on my home pc on sunday. I'll download it from this laptop and send it to my home pc through my network places.

If you uninstalled it then you deleted your backups. That was just to make sure though. I'm 99.9% sure that isn't your problem.

Quiescence · 11-27-2007, 06:45 PM

Quote:

Originally Posted by Nys

If you uninstalled it then you deleted your backups. That was just to make sure though. I'm 99.9% sure that isn't your problem.

Alright, thanks. I'll wait until my dad's friend gets my call, he's a computer guy.

11-23-2007, 09:40 PM	#1 (permalink)
Quiescence Gunzfactorian Patriot Join Date: Sep 2007 Location: Toronto, CAN. Posts: 460 Quiescence's GamerBio	HiJack this. Hijack this log. Last edited by Quiescence; 02-03-2008 at 01:51 PM.

11-23-2007, 09:44 PM	#2 (permalink)
Love Souljah Gunzfactorian Soldier Join Date: May 2006 Location: Dallas Posts: 802 Love Souljah's GamerBio	Re: HiJack this. ...what about it? (: __________________

11-24-2007, 02:29 AM	#3 (permalink)
Ac!d Ra!n Gunzfactorian Soldier Join Date: Feb 2007 Posts: 612 Ac!d Ra!n's GamerBio	Re: HiJack this. Seems fine, nothing serious. Regards, Ac!d Ra!n

11-24-2007, 06:10 PM	#7 (permalink)
Quiescence Gunzfactorian Patriot Join Date: Sep 2007 Location: Toronto, CAN. Posts: 460 Quiescence's GamerBio	Re: HiJack this. Thanks a bunch Nys, I'll edit my post with my new log in a sec. And a few questions: What is an LSP chain? What were all those things I fixed or whatever?

11-27-2007, 05:54 PM	#10 (permalink)
Nys Moderator Join Date: Mar 2006 Location: Miami, Florida Posts: 3,979	Re: HiJack this. No, HJT did not cause your internet to mess up. The only way you can do that is by deleting an O10, which didn't even show up in your log. However, I do have a question. Did you ever create static IP's for the computers on your network? If your not sure, check for me. Go to Control Panel > Network Connections. Right click your network and click on View Available Wireless Networks. Select your network. Click Change Advanced Settings. Click on Internet Protocal (TCP/IP) then select Properties. Check to make sure the option Obtain an IP address automatically is selected. Click OK then OK again. Reboot and see if your internet works now. __________________ Yes, I'm a wow nerd ... ^^;

11-27-2007, 06:16 PM	#12 (permalink)
Nys Moderator Join Date: Mar 2006 Location: Miami, Florida Posts: 3,979	Re: HiJack this. Alright, do the following: Open HiJackThis. Select View the list of backups. Select every entry in the box. Click Restore. Reboot and see if that does it. __________________ Yes, I'm a wow nerd ... ^^;