Thread: HJT Help with everything from spyware to "antispyware"
View Single Post
Old 08-08-2007, 01:34 PM   #4 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Re: HJT Help with everything from spyware to "antispyware"
I have scheduled thriXXX for removal. Is it a program you voluntarily install? If so, you can remove it from my instructs below.


--------------


Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:
  • ViewPoint
Please note any other programs that you dont recognize in that list in your next response


---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {8D3DC90A-FE00-4C49-8ECF-DBD9C9F4AFC6} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {92E68C11-E017-43CD-82C0-48131B6FCA41} - C:\WINDOWS\system32\awvts.dll (file missing)
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)
O20 - Winlogon Notify: ssqrsst - ssqrsst.dll (file missing)


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/172842-hjt-help-everything-spyware-antispyware.html
Suspect::
C:\WINDOWS\system32\Chip.dll
DirLook::
C:\ProgramData
File::
C:\dnsbak.reg
C:\WINDOWS\system32\drvsuw.dll
C:\WINDOWS\system32\drvbig.dll
C:\WINDOWS\system32\esranlok.dll
Folder::
C:\VundoFix Backups
C:\Program Files\thriXXX
C:\DOCUME~1\ADMINI~1.JOS\APPLIC~1\ViewPoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D3DC90A-FE00-4C49-8ECF-DBD9C9F4AFC6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92E68C11-E017-43CD-82C0-48131B6FCA41}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrsst]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file to:

http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.


---------------


Click here perform an online scan >> Online Scanner


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline