Thread: onlinegames.gen & heuri-e
View Single Post
Old 10-14-2007, 04:25 AM   #6 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,328
OS: N/A


Re: onlinegames.gen & heuri-e
Please disable Webroot SpySweeper, as it hinders the removal of some entries. You can re-enable it after you're clean. To disable Webroot SpySweeper:
  • Go to the Options>Program Options
  • Uncheck Load at Windows Startup
  • Click Shields & uncheck all items there
  • Uncheck Home page shield.
  • Automaticly restore default without notification

---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O20 - AppInit_DLLs: winforms.dll
O23 - Service: 1E3F603C - Unknown owner - C:\WINDOWS\system32\80FEE47E.EXE (file missing)

Ignore any prompts for a reboot


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/187548-onlinegames-gen-heuri-e.html
Collect::
C:\WINDOWS\system32\zauowa.dll
C:\WINDOWS\system32\sxwjyq.dll
C:\WINDOWS\system32\SHQ.DLL
File::
C:\WINDOWS\system32\ghowkw.dll
C:\WINDOWS\system32\chrghj.dll
C:\WINDOWS\system32\cfdvpa.dll
C:\WINDOWS\system32\jielaz.dll
C:\WINDOWS\system32\ykqkqs.dll
C:\WINDOWS\system32\ehuxlg.dll
C:\WINDOWS\system32\rrijtj.dll
C:\WINDOWS\system32\ochtul.dll
C:\WINDOWS\system32\qyeksq.dll
C:\WINDOWS\system32\xbdooe.dll
C:\WINDOWS\system32\nhcrgk.dll
C:\WINDOWS\system32\fytxwo.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\poaywc.dll
C:\WINDOWS\system32\80FEE47E.EXE
Driver::
1E3F603C
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, lease submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Click here perform an online scan >> Online Scanner


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline