Dialer generic

[wileyg]

Hi - first time I've tried to fix something that's been on my PC for a while now. It is a dialer generic virus that could not be fixed by norton or S&D. Adaware clears the trackers but only temporarily. Is there anything I can do to clear this? have run a HijackThis - see below. Many thanks for any advice.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:10, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Greg Wiley\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cfsc.intheteam.com/modules/pa...e.aspx?pc=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://gb8l.hpwis.com
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130868212296
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12329 bytes

[teacup61]

Hello wileyg,

Welcome to Safer Networking Forums

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O20 - AppInit_DLLs:

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

[wileyg]

Thanks Teacup

I've done all you say and here are te logs in order of request

Look forward to a positive outcome on this one as I've been so

All the best
Greg
Attachment 1676

Attachment 1677

Attachment 1678

Hello wileyg,

Welcome to Safer Networking Forums

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O20 - AppInit_DLLs:

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

[teacup61]

Hello,

Could you please tell me how it's running?

Thanks,
tea

[wileyg]

Hi tea,

PC is working fast at the moment, however, it does that after a clean but the ware gradually comes in again on Internet usage 'til the point where the PC is crippled. The clean-ups I have used have been with Norton scans, Spybot S&D and Adaware. Adaware picks up the rubbish and when I delete it all the PC works reasonably OK again but never that fast, then it is quickly slowed i.e. within limited Internet usage. Do the logs look OK? Do you think I should just carry on using it and see how it goes then get back to you if I have any more problems?

Thanks again for all of your help with this
Greg

[teacup61]

Hi Greg,

Tell you what, run ComboFix again, and post the report, and another HijackThis log. If those look okay we'll give it a couple of days and see where we are. Deal?

Regards,
tea

[wileyg]

Hi Tea,

Logs are attached. Let me know what you think. I'll continue to use - unless you tell me otherwise - and see if the tracking cookies are pulled in again.

Thanks again
Greg

Attachment 1679

Attachment 1680

[teacup61]

Hi Greg,

Nothing new, and the HijackThis log looks clean. You do have some programs running that could be updating automatically....have you ever noticed this being a problem before?

[wileyg]

Hi tea,

Had a virus a long time ago but did a system restore that seemed to fix it. Then my Norton went down around Christmas 2006 and a virus got through - this is the dialer generic one that my Norton AV picked up on the next scan but could not fix. Spybot also picked it up and fixed but it seemed to reinvent itself again. Nothing else I have tried has helped and I have lived with it just doing an Adaware scan every 2 days or so. the scan always picks up the same tracking cookies and I delete them each time but they just come back. I don't think there is any problem with security but these cookies just end up crippling my PC and that's so annoying. Anyway, let's see how I get on over the next 2 days or so.

Cheers,#Greg

[teacup61]

Hi Greg,

That's fine, and I'll be here for your response when you're ready.

Regards,
tea