PDA

View Full Version : Dialer generic



wileyg
2007-09-24, 18:03
Hi - first time I've tried to fix something that's been on my PC for a while now. It is a dialer generic virus that could not be fixed by norton or S&D. Adaware clears the trackers but only temporarily. Is there anything I can do to clear this? have run a HijackThis - see below. Many thanks for any advice.
:sad:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:10, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Greg Wiley\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cfsc.intheteam.com/modules/page/page.aspx?pc=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://gb8l.hpwis.com
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130868212296
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12329 bytes

teacup61
2007-09-25, 03:40
Hello wileyg,

Welcome to Safer Networking Forums :)

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O20 - AppInit_DLLs:

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

wileyg
2007-09-25, 14:48
Thanks Teacup :)

I've done all you say and here are te logs in order of request

Look forward to a positive outcome on this one as I've been so :sad:

All the best
Greg
1676

1677

1678

Hello wileyg,

Welcome to Safer Networking Forums :)

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O20 - AppInit_DLLs:

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

teacup61
2007-09-25, 17:40
Hello,

Could you please tell me how it's running? :)

Thanks,
tea

wileyg
2007-09-25, 18:34
Hi tea,

PC is working fast at the moment, however, it does that after a clean but the ware gradually comes in again on Internet usage 'til the point where the PC is crippled. The clean-ups I have used have been with Norton scans, Spybot S&D and Adaware. Adaware picks up the rubbish and when I delete it all the PC works reasonably OK again but never that fast, then it is quickly slowed i.e. within limited Internet usage. Do the logs look OK? Do you think I should just carry on using it and see how it goes then get back to you if I have any more problems?

Thanks again for all of your help with this
Greg :)

teacup61
2007-09-25, 19:25
Hi Greg,

Tell you what, run ComboFix again, and post the report, and another HijackThis log. If those look okay we'll give it a couple of days and see where we are. Deal? :)

Regards,
tea

wileyg
2007-09-25, 19:53
Hi Tea,

Logs are attached. Let me know what you think. I'll continue to use - unless you tell me otherwise - and see if the tracking cookies are pulled in again.

Thanks again
Greg :bigthumb:

1679

1680

teacup61
2007-09-25, 21:23
Hi Greg,

Nothing new, and the HijackThis log looks clean. You do have some programs running that could be updating automatically....have you ever noticed this being a problem before?

wileyg
2007-09-26, 00:09
Hi tea,

Had a virus a long time ago but did a system restore that seemed to fix it. Then my Norton went down around Christmas 2006 and a virus got through - this is the dialer generic one that my Norton AV picked up on the next scan but could not fix. Spybot also picked it up and fixed but it seemed to reinvent itself again. Nothing else I have tried has helped and I have lived with it just doing an Adaware scan every 2 days or so. the scan always picks up the same tracking cookies and I delete them each time but they just come back. I don't think there is any problem with security but these cookies just end up crippling my PC and that's so annoying. Anyway, let's see how I get on over the next 2 days or so.

Cheers,#Greg:)

teacup61
2007-09-26, 00:38
Hi Greg,

That's fine, and I'll be here for your response when you're ready. :)

Regards,
tea

wileyg
2007-10-02, 11:32
Hi Tea,
I've given it a week or so and things seem to be running fairly OK. PC is a little slower than I would expect from my system but it is consistent and does not appear to be going down the route of becoming crippled, which is great. I did run an Adaware scan after a week and that gave me an MRU list with a number of "critical" findings but the majority seemed related to programmes running on the PC e.g. Tradedoubler, MSN where tracking cookies are used. Anyhow I have run another Combofix and Hijackthis and attach here. Does everything still look clean - is this as good as it gets?
Thanks as always
Greg
1698

1699

Hi Greg,

That's fine, and I'll be here for your response when you're ready. :)

Regards,
tea

teacup61
2007-10-02, 18:16
Hello,

Let's do some things and see if we can speed it up just a bit. :)

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

The following are not malware, but fixing them with HijackThis will improve your system's speed. None are necessary at startup, and may be started manually at any time. This is up to you. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Now reboot a time or 2 and let me know if that helps any. :)

Thanks,
tea

tashi
2007-10-11, 22:01
How is it going wileyg? :)

tashi
2007-10-16, 02:05
This topic has been archived due to lack of a response.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.

tashi
2007-10-19, 17:36
Re-opened upon request.

teacup61
2007-10-19, 20:23
Hello wileyg,

Can you please tell me what kind of problems you're having?

Thanks,
tea

teacup61
2007-10-20, 22:07
Greg? I thought you needed more help?

Please get back to me soon or tashi will have to archive the thread again. :(

Regards,
tea

wileyg
2007-10-24, 15:44
Hi tea,
Hope you are well:)
Sorry I did not get back first time as I was really seeing how things went for a couple of weeks. First the PC is working much better - I must say that and thanks for all you have done there:)
However, I am still having some problems with tracking cookies finding their way in and eventually slowing my PC.:sad:
I continue to clear essentially with Adaware scans and deletion of the cookies but they always come back again. I must say though that it takes much longer to slow my PC right down so I do not have to scan every time. I was wondering if this is something I just have to put up with?
Thanks as always

teacup61
2007-10-24, 17:26
There you are! :laugh: Good morning Greg :greeting:

You're always going to have cookies, even from the most secure sites. In fact, cookies are even required at secure sites or they won't let you use the site. I get them from Pay Pal and my Hotmail. I use ATF cleaner at least 3 times a week to clean it all out. Would you like to give it a try? It's free, easy to use, and very thorough. :)

Let me know,
tea

wileyg
2007-10-25, 12:48
Thanks tea:bigthumb:

Sorry for the lack of response at times - been really busy lately.

I think that would be a good idea. The cookies are essentially from sites I recognise so a cleaning programme would be great. Still don't understand why they slow the PC so much but guess that is the nature of the beast :devilpoin:

Please advise on ATF and I'll give it a go. I'm really happy that the PC has improved so much after the work you have done - thanks a million for that:2thumb:
Best wishes
wileyg


There you are! :laugh: Good morning Greg :greeting:

You're always going to have cookies, even from the most secure sites. In fact, cookies are even required at secure sites or they won't let you use the site. I get them from Pay Pal and my Hotmail. I use ATF cleaner at least 3 times a week to clean it all out. Would you like to give it a try? It's free, easy to use, and very thorough. :)

Let me know,
tea

teacup61
2007-10-25, 17:02
Hi Greg,

You're most welcome a million. ;)

You'll love ATF :

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Let me know how it does!

tea

wileyg
2007-10-25, 19:54
Hi tea:)
Should I continue to run Adaware and Spybot S&D regularly as well?
Cheers
wileyg:bigthumb:

teacup61
2007-10-25, 21:08
Oh yes! ATF just cleans out your cookies and other things you don't need. It is not a scanner/cleaner like those two programs. They'll detect Spyware and Adware and remove it, as well as cookies. Did it help to run it? :)

wileyg
2007-10-25, 22:48
Hi tea,

Yep - cleared about 20Mb of stuff :bigthumb:

With this and occassional Adaware & S&D scans I think I'll keep it (the PC) happy so let's see how it goes.

Away for a week now so guess the thread will be closed again by the time I return. May I take this opp. to thank you for everything. You've been a star!

All the best
wileyg :)