Change Mode

Indrid_Cold
-
Content Count
16 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Gallery
Posts posted by Indrid_Cold
-
-
Thank you for the kind thoughts DougH. You are most welcome. It was my pleasure.
To reduce the potential for spyware infection in the future, I recommend installing the following free products
SpywareBlaster:
It will prevent spyware from being installed and consumes no system resources.
SpyWareGuard:
It offers realtime protection from spyware installation attempts.
IE/Spyad:
It places over 4000 websites and domains in your IE's restricted zone.
I would also recommend that you read this thread written by Expert Tony Klein.
So how did I get infected in the first place
Stay safe out there DougH
-
These entries have shown up in your previous logs.I think these 8 items did not appear in the prior HJT and then appeared after I deleted some items in C:\hp\bin.
These entries are just a matter of preference. You can change your start page to any URL you desire any time you desire.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
This is a Spybot BHO. The file 'SDHelper.dll' should be listed. If this was just a CutnPaste error no problem. If the file is now missing in your log, uninstall Spybot and reinstall it to fix.O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} –
Go ahead and fix this entry.O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (file missing
If you want this entry gone, I would suggest looking in Add/Remove Programs first before fixing with HJT.O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
I would again suggest you look to remove these entries through Add/Remove Programs before fixing with HJT. Word of Advice! Do Not delete the shdocvw.dll file. It is a legit M$ file.O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\WINDOWS\System32\shdocvw.dll
This is a Real Com button. It may be missing or due to a bug in HJT it will only appear to be missing. It's an optional and can be fixed if you so desire.O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Hope that clears things up.
-
Hi Doug.
Unsure why you are listing some of these entries from the log.Looks like I might have taken a small step backward when fooling around trying to delete items from C:\hp\bin\
The last log you posted is clean as a hound's tooth.
At this point I can only assume you may have some process/es running that are taking up cycles. If they are bad, none of the security apps we/you have run are identifying them. My advice would be to carefully look over what processes are running on the PC. Google them and if you find no information on the file or the only hits that show up are in the malware forums, they are most likely bad. Here is a tool that may offer some assistance.
Find out detailed information about the processes running under Windows. This utility gives you the full list of DLLs for each running application, including full path and version information. You can also write scripts and debuggers to more closely examine processes. The program shows all parent/child relationships to system processes. This latest version displays all DLLs currently in use, as well as which processes use a DLL you select.
Download PrcView HERE
-
I will do my best to address your concerns.
I would recommend that you hold off with any updates until you are clean. Let's see how things progress after removing those Trojans in the mwav log.I have internet connectivity from the "target HP computer" and have run a few Pit Tests and done other browsing. I can get to Microsoft.com all the way to XP Home, but when I "click" for Windows Updates, it takes me to that page and displays "Checking for the latest version of Windows Update software..." The page just stalls at that point. No error messages.... just no action. I am currently running XP Home SP1 on that HP machine without much in the way of current updates beyond that. Had hoped to update to SP2. But alas, no joy.
Though I can understand your inital suspicion, my guess would be this is nothing more sinister then a coincidental hardware failure.CD-RW/DVD-ROM is Philips CDD5301 in this HP Pavilion 515x.
You may find these links enlighting. Castlecops McAfeeKinda/sorta problem or new info... I decided to try a-squared (a2) It identifies C:\hp\bin\terminator.exe. I removed that item, but it didn't improve anything.
Those .js files are JScript While that does not mean that they are malware, they can be. You may want to Google those and if you find they are bad, remove them. If you are denied access, they may be running and will need to be deleted in Safe Mode.Tried to clean up my Temporary Internet Files.
Let's nuke those trojans.
Delete these files and/or folders listed in bold
C:\WINDOWS\wt<-----this folder
C:\WINDOWS\adjvdg.exe<-----this file
C:\WINDOWS\iodoa.dll<-----this file
C:\WINDOWS\mm19.ocx<-----this file
C:\WINDOWS\mm20.ocx<-----this file
C:\WINDOWS\newj.exe<-----this file
C:\WINDOWS\roing18.ocx<-----this file
C:\WINDOWS\uqtcx.exe<-----this file
C:\WINDOWS\adjvdg.exe<-----this file
C:\WINDOWS\iodoa.dll<-----this file
C:\WINDOWS\mm19.ocx<-----this file
C:\WINDOWS\mm20.ocx<-----this file
C:\WINDOWS\newj.exe<-----this file
C:\WINDOWS\roing18.ocx<-----this file
C:\WINDOWS\uqtcx.exe<-----this file
-REBOOT
Let me know how you get on.
-
You are most welcome DougH
Let's turn over a few more rocks to see what else we may find.
- Download eScan's mwav application HERE
*Launch mwav
*Select all local drives
*Scan all files
*Click 'scan'
When it has completed, what was found will be displayed in the lower pane.
Highlight it, press CTRL C and then paste it here.
-
Except for a few minor entries that log looks good.
You mentioned having uninstalled NetZero so I have included a few leftovers entries to clean up.
Place a check mark for these entries.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
With ALL Windows and Browsers, including this one, Closed and click 'Fix checked'
Delete this folder listed in bold
C:\Program Files\NetZero<-----this folder
- REBOOT and you are good to go.
-
Harmless. That is the Internet Explorer Radio Bar.O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (Don't recognize anything about this one)
Also harmless.O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\WINDOWS\System32\shdocvw.dll
Software Publisher's Description
MarketBrowser allows investors to monitor and analyze their most important investments at a glance from a convenient PC desktop toolbar. Track every individual stock, mutual fund or an index; pivot to stock research sources on the Web; quickly run studies like moving averages, spreads and oscillators; chart and manipulate economic data.
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Again harmless. Real.com button.
Known bug in HJT where it will report some O9's as having no name and no file.
Your log, while lean compared to most, looks good. I trust you are not using a utility to disable anything in startup. If you are, I cannot fix what I cannot see. Please enable all startup items and post another log.
Virus/spyware Scans Now Clean
in Solved Malware Logs
Posted
Wonderful news Doug!
I am not familiar with CounterSpy, but after doing a little looking, I notice it has been given some rave reviews. Thank you for a new weapon to wield during battle.
Best,
IC -