1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Weird shdocvw.dll download message.

Discussion in 'Virus & Other Malware Removal' started by dmurfitt, Sep 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. dmurfitt

    dmurfitt Thread Starter

    Joined:
    Nov 27, 2002
    Messages:
    618
    Hi,

    On one of our machines, we are getting a weird download box appear everytime we use Internet Explorer. It says:

    ---------
    You have chosen to download a file from this location.

    shdocvw.dll from C:\WINNT\system32

    What would you like to do with this file?
    Open this file from its current location
    Save this file to disk

    ---------

    It's totally random. I have tried running MSCONFIG to remove all unwanted startup items. I have ran both AdAware, and Spybot, but it still appears. Does anyone have any ideas about how to get rid of it?

    Thanks a lot,

    Daniel Murfitt
     
  2. tipso_calips

    tipso_calips

    Joined:
    May 1, 2005
    Messages:
    8
    i get exactly the same message. but first i get a tiny little explorer window open up near the upper left part of the screen, and then this download box. and then every couple of minutes i get another little window pop up, but i don't get the download again until i close and open IE again. It is really annoying though, and neither adware remover nor antivirus software gets rid of it.
     
  3. hacker103

    hacker103

    Joined:
    Jan 26, 2005
    Messages:
    36
  4. tipso_calips

    tipso_calips

    Joined:
    May 1, 2005
    Messages:
    8
    here is my log:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:12:27 PM, on 02/05/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\CTSvcCDA.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\ntvdm.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Mixer.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINNT\system32\hmilybg.exe
    C:\WINNT\system32\hdicyci.exe
    C:\Program Files\Hyperdrive20\shwicon.exe
    D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
    C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
    D:\Program Files\Microsoft Office\Office\OSA.EXE
    D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
    C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
    G:\Program Files\eMule\eMule.exe
    C:\WINNT\System32\svchost.exe
    D:\Program Files\Winamp\winamp.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Opera\opera.exe
    G:\My Documents\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchnow.com/search.php?username=protect1&keywords=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoursearchnow.com/search.php?username=protect1&keywords=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursearchnow.com/search.php?username=protect1&keywords=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    F3 - REG:win.ini: run=HPFsched
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINNT\system32\hpioegm.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: SDWin32 Class - {F7E80648-19BD-4D95-80FD-3151635C341C} - C:\WINNT\system32\jlcbo.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [jlcboc] C:\WINNT\system32\jlcboc.exe
    O4 - HKLM\..\Run: [hqikeaj] C:\WINNT\system32\hqikeaj.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [iexplorer] C:\WINNT\system32\iexplorer.exe
    O4 - HKLM\..\Run: [ShowIcon_Hypertec_Hypertec USB Product Driver v2.15r013] "C:\Program Files\Hyperdrive20\shwicon.exe" -t"Hypertec\Hypertec USB Product Driver v2.15r013"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O4 - Global Startup: Emule.lnk = G:\Program Files\eMule\eMule.exe
    O4 - Global Startup: Motorola Desktop Suite mRouter Config.lnk = C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
    O4 - Global Startup: Motorola Desktop Suite.lnk = C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
    O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26336d45ca75d0491e21/netzip/RdxIE601.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.en.msn.ca/components/ocx/survid/MSSurVid.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.en.msn.ca/components/ocx/exterior/Outside.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?321
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O20 - Winlogon Notify: iexplorer - C:\WINNT\SYSTEM32\iexplorer.dll
    O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JOREN1~1.JOR\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go here to download and install CCleaner
    Do not use it yet.


    * Click Here and download the the new version of Killbox and save it to your desktop.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    * Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find hpdj.
    Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

    Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


    * Restart to safe mode and do all of the following while in safe mode.


    * Run Hijack This again and put a check by these and click "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchnow.com/search...tect1&keywords=

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoursearchnow.com/search...tect1&keywords=

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursearchnow.com/search...tect1&keywords=

    O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINNT\system32\hpioegm.dll (file missing)

    O2 - BHO: SDWin32 Class - {F7E80648-19BD-4D95-80FD-3151635C341C} - C:\WINNT\system32\jlcbo.dll

    O4 - HKLM\..\Run: [jlcboc] C:\WINNT\system32\jlcboc.exe

    O4 - HKLM\..\Run: [hqikeaj] C:\WINNT\system32\hqikeaj.exe

    O4 - HKLM\..\Run: [iexplorer] C:\WINNT\system32\iexplorer.exe

    O4 - Startup: PowerReg Scheduler V3.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26336d4...ip/RdxIE601.cab

    O20 - Winlogon Notify: iexplorer - C:\WINNT\SYSTEM32\iexplorer.dll

    O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll

    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\JOREN1~1.JOR\LOCALS~1\Temp\hpdj.exe (file missing)



    * Next in Hijack This click on the "Config" button in the lower right corner. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Copy and paste the following line in that box:

    hpdj

    Click OK.


    * Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. Copy the following list of file (copy the whole list). Click on File > Paste from clipboard. The first file should appear in the "Full Path of File to Delete" box. Click on the button that has the red circle with the X in the middle. It will ask for confimation to delete the file. Click Yes. The next file should appear in the box. Continue to click the delete file button and confirm the deletion until all files have been deleted.

    C:\WINNT\SYSTEM32\iexplorer.dll
    C:\WINNT\SYSTEM32\nwprovau.dll
    C:\WINNT\system32\jlcboc.exe
    C:\WINNT\system32\hqikeaj.exe
    C:\WINNT\system32\iexplorer.exe
    C:\WINNT\system32\jlcbo.dll


    Exit the Killbox.


    *Start Ccleaner and click Run Cleaner


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Reboot back to normal mode.
     
  6. tipso_calips

    tipso_calips

    Joined:
    May 1, 2005
    Messages:
    8
    YES!! thank you so much, i'm finally free of the plague. i can use IE without annoyance now (well except for bits of IE itself, but hey...) :) (y)
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You're Welcome! :)

    Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

    I'm closing this thread. If you need it reopened please PM me or one of the other mods.

    Anyone else with a similar problem please start a "New Thread".
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/276452

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice