Jump to content

Indrid_Cold

Trusted Malware Techs
  • Content Count

    16
  • Joined

  • Last visited

Everything posted by Indrid_Cold

  1. Indrid_Cold

    Virus/spyware Scans Now Clean

    Wonderful news Doug! I am not familiar with CounterSpy, but after doing a little looking, I notice it has been given some rave reviews. Thank you for a new weapon to wield during battle. Best, IC -
  2. Indrid_Cold

    Virus/spyware Scans Now Clean

    Thank you for the kind thoughts DougH. You are most welcome. It was my pleasure. To reduce the potential for spyware infection in the future, I recommend installing the following free products SpywareBlaster: It will prevent spyware from being installed and consumes no system resources. SpywareBlaster SpyWareGuard: It offers realtime protection from spyware installation attempts. SpywareGuard IE/Spyad: It places over 4000 websites and domains in your IE's restricted zone. IE-SPYAD I would also recommend that you read this thread written by Expert Tony Klein. So how did I get infected in the first place Stay safe out there DougH
  3. Indrid_Cold

    Virus/spyware Scans Now Clean

    These entries have shown up in your previous logs. These entries are just a matter of preference. You can change your start page to any URL you desire any time you desire. This is a Spybot BHO. The file 'SDHelper.dll' should be listed. If this was just a CutnPaste error no problem. If the file is now missing in your log, uninstall Spybot and reinstall it to fix. Go ahead and fix this entry. If you want this entry gone, I would suggest looking in Add/Remove Programs first before fixing with HJT. I would again suggest you look to remove these entries through Add/Remove Programs before fixing with HJT. Word of Advice! Do Not delete the shdocvw.dll file. It is a legit M$ file. This is a Real Com button. It may be missing or due to a bug in HJT it will only appear to be missing. It's an optional and can be fixed if you so desire. Hope that clears things up.
  4. Indrid_Cold

    Virus/spyware Scans Now Clean

    Hi Doug. Unsure why you are listing some of these entries from the log. The last log you posted is clean as a hound's tooth. At this point I can only assume you may have some process/es running that are taking up cycles. If they are bad, none of the security apps we/you have run are identifying them. My advice would be to carefully look over what processes are running on the PC. Google them and if you find no information on the file or the only hits that show up are in the malware forums, they are most likely bad. Here is a tool that may offer some assistance. Find out detailed information about the processes running under Windows. This utility gives you the full list of DLLs for each running application, including full path and version information. You can also write scripts and debuggers to more closely examine processes. The program shows all parent/child relationships to system processes. This latest version displays all DLLs currently in use, as well as which processes use a DLL you select. Download PrcView HERE
  5. Indrid_Cold

    Virus/spyware Scans Now Clean

    I will do my best to address your concerns. I would recommend that you hold off with any updates until you are clean. Let's see how things progress after removing those Trojans in the mwav log. Though I can understand your inital suspicion, my guess would be this is nothing more sinister then a coincidental hardware failure. You may find these links enlighting. Castlecops McAfee Those .js files are JScript While that does not mean that they are malware, they can be. You may want to Google those and if you find they are bad, remove them. If you are denied access, they may be running and will need to be deleted in Safe Mode. Let's nuke those trojans. Delete these files and/or folders listed in bold C:\WINDOWS\wt<-----this folder C:\WINDOWS\adjvdg.exe<-----this file C:\WINDOWS\iodoa.dll<-----this file C:\WINDOWS\mm19.ocx<-----this file C:\WINDOWS\mm20.ocx<-----this file C:\WINDOWS\newj.exe<-----this file C:\WINDOWS\roing18.ocx<-----this file C:\WINDOWS\uqtcx.exe<-----this file C:\WINDOWS\adjvdg.exe<-----this file C:\WINDOWS\iodoa.dll<-----this file C:\WINDOWS\mm19.ocx<-----this file C:\WINDOWS\mm20.ocx<-----this file C:\WINDOWS\newj.exe<-----this file C:\WINDOWS\roing18.ocx<-----this file C:\WINDOWS\uqtcx.exe<-----this file -REBOOT Let me know how you get on.
  6. Indrid_Cold

    Virus/spyware Scans Now Clean

    You are most welcome DougH Let's turn over a few more rocks to see what else we may find. - Download eScan's mwav application HERE *Launch mwav *Select all local drives *Scan all files *Click 'scan' When it has completed, what was found will be displayed in the lower pane. Highlight it, press CTRL C and then paste it here.
  7. Indrid_Cold

    Virus/spyware Scans Now Clean

    Except for a few minor entries that log looks good. You mentioned having uninstalled NetZero so I have included a few leftovers entries to clean up. Place a check mark for these entries. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 With ALL Windows and Browsers, including this one, Closed and click 'Fix checked' Delete this folder listed in bold C:\Program Files\NetZero<-----this folder - REBOOT and you are good to go.
  8. Indrid_Cold

    Virus/spyware Scans Now Clean

    Harmless. That is the Internet Explorer Radio Bar. Also harmless. Software Publisher's Description MarketBrowser allows investors to monitor and analyze their most important investments at a glance from a convenient PC desktop toolbar. Track every individual stock, mutual fund or an index; pivot to stock research sources on the Web; quickly run studies like moving averages, spreads and oscillators; chart and manipulate economic data. O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Again harmless. Real.com button. Known bug in HJT where it will report some O9's as having no name and no file. Your log, while lean compared to most, looks good. I trust you are not using a utility to disable anything in startup. If you are, I cannot fix what I cannot see. Please enable all startup items and post another log.
×