Dialer generic

W

wileyg

New member
Hi - first time I've tried to fix something that's been on my PC for a while now. It is a dialer generic virus that could not be fixed by norton or S&D. Adaware clears the trackers but only temporarily. Is there anything I can do to clear this? have run a HijackThis - see below. Many thanks for any advice.
:sad:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:10, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Greg Wiley\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cfsc.intheteam.com/modules/page/page.aspx?pc=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://gb8l.hpwis.com
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130868212296
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12329 bytes
 
Hello wileyg,

Welcome to Safer Networking Forums :)

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O20 - AppInit_DLLs:

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
 
Thanks Teacup :)

I've done all you say and here are te logs in order of request

Look forward to a positive outcome on this one as I've been so :sad:

All the best
Greg
View attachment 1676

View attachment 1677

View attachment 1678
teacup61 said:
Hello wileyg,

Welcome to Safer Networking Forums :)

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
R3 - URLSearchHook: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
R3 - URLSearchHook: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {356BA7DB-4F35-5BBA-48F5-17D4B8B7A9EF} - C:\WINDOWS\system32\tznzn.dll (file missing)
O2 - BHO: (no name) - {381D6209-D8B5-9961-9B0F-D898CC65F2EF} - C:\WINDOWS\system32\rdspcob.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {76C40AB9-B503-ADD8-2C53-BDCE199DECE0} - C:\WINDOWS\system32\whxlaahd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F074205-ABB1-EE6F-9A18-FCBADE4544E8} - C:\WINDOWS\system32\xcrikp.dll (file missing)
O2 - BHO: (no name) - {A6E97FEE-C053-8E8F-7006-C8896C2C63E9} - C:\WINDOWS\system32\clwqet.dll (file missing)
O2 - BHO: (no name) - {BB6AC2DD-2C3C-3BBF-16F6-77E2EB0023E2} - C:\WINDOWS\system32\zqsinwn.dll (file missing)
O2 - BHO: (no name) - {BF625740-E7A5-FB26-D659-B83EB6537AE6} - C:\WINDOWS\system32\isontver.dll (file missing)
O2 - BHO: (no name) - {F0D8B980-0D3A-46BB-1C03-5DF00ABE6AE1} - C:\WINDOWS\system32\rcuof.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Soto] "C:\DOCUME~1\GREGWI~1\APPLIC~1\ICROSO~1\nopdb.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {10077361-1B68-5D69-78EC-15475E84996E} - http://85.255.115.229/1/gdnFR1388.exe
O16 - DPF: {5228464F-FC0F-25C5-1DA5-690322120602} - http://85.255.115.229/1/gdnFR1388.exe
O20 - AppInit_DLLs:

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Click to expand...
 
Hi tea,

PC is working fast at the moment, however, it does that after a clean but the ware gradually comes in again on Internet usage 'til the point where the PC is crippled. The clean-ups I have used have been with Norton scans, Spybot S&D and Adaware. Adaware picks up the rubbish and when I delete it all the PC works reasonably OK again but never that fast, then it is quickly slowed i.e. within limited Internet usage. Do the logs look OK? Do you think I should just carry on using it and see how it goes then get back to you if I have any more problems?

Thanks again for all of your help with this
Greg :)
 
Hi Greg,

Tell you what, run ComboFix again, and post the report, and another HijackThis log. If those look okay we'll give it a couple of days and see where we are. Deal? :)

Regards,
tea
 
Hi Greg,

Nothing new, and the HijackThis log looks clean. You do have some programs running that could be updating automatically....have you ever noticed this being a problem before?
 
Hi tea,

Had a virus a long time ago but did a system restore that seemed to fix it. Then my Norton went down around Christmas 2006 and a virus got through - this is the dialer generic one that my Norton AV picked up on the next scan but could not fix. Spybot also picked it up and fixed but it seemed to reinvent itself again. Nothing else I have tried has helped and I have lived with it just doing an Adaware scan every 2 days or so. the scan always picks up the same tracking cookies and I delete them each time but they just come back. I don't think there is any problem with security but these cookies just end up crippling my PC and that's so annoying. Anyway, let's see how I get on over the next 2 days or so.

Cheers,#Greg:)
 
Hi Tea,
I've given it a week or so and things seem to be running fairly OK. PC is a little slower than I would expect from my system but it is consistent and does not appear to be going down the route of becoming crippled, which is great. I did run an Adaware scan after a week and that gave me an MRU list with a number of "critical" findings but the majority seemed related to programmes running on the PC e.g. Tradedoubler, MSN where tracking cookies are used. Anyhow I have run another Combofix and Hijackthis and attach here. Does everything still look clean - is this as good as it gets?
Thanks as always
Greg
View attachment 1698

View attachment 1699
teacup61 said:
Hi Greg,

That's fine, and I'll be here for your response when you're ready. :)

Regards,
tea
Click to expand...
 
Hello,

Let's do some things and see if we can speed it up just a bit. :)

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

The following are not malware, but fixing them with HijackThis will improve your system's speed. None are necessary at startup, and may be started manually at any time. This is up to you. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Now reboot a time or 2 and let me know if that helps any. :)

Thanks,
tea
 
This topic has been archived due to lack of a response.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.
 
Greg? I thought you needed more help?

Please get back to me soon or tashi will have to archive the thread again. :(

Regards,
tea
 
Tracking cookies still slowing PC

Hi tea,
Hope you are well:)
Sorry I did not get back first time as I was really seeing how things went for a couple of weeks. First the PC is working much better - I must say that and thanks for all you have done there:)
However, I am still having some problems with tracking cookies finding their way in and eventually slowing my PC.:sad:
I continue to clear essentially with Adaware scans and deletion of the cookies but they always come back again. I must say though that it takes much longer to slow my PC right down so I do not have to scan every time. I was wondering if this is something I just have to put up with?
Thanks as always
 
There you are! :laugh: Good morning Greg :greeting:

You're always going to have cookies, even from the most secure sites. In fact, cookies are even required at secure sites or they won't let you use the site. I get them from Pay Pal and my Hotmail. I use ATF cleaner at least 3 times a week to clean it all out. Would you like to give it a try? It's free, easy to use, and very thorough. :)

Let me know,
tea
 
Thanks tea:bigthumb:

Sorry for the lack of response at times - been really busy lately.

I think that would be a good idea. The cookies are essentially from sites I recognise so a cleaning programme would be great. Still don't understand why they slow the PC so much but guess that is the nature of the beast :devilpoin:

Please advise on ATF and I'll give it a go. I'm really happy that the PC has improved so much after the work you have done - thanks a million for that:2thumb:
Best wishes
wileyg

teacup61 said:
There you are! :laugh: Good morning Greg :greeting:

You're always going to have cookies, even from the most secure sites. In fact, cookies are even required at secure sites or they won't let you use the site. I get them from Pay Pal and my Hotmail. I use ATF cleaner at least 3 times a week to clean it all out. Would you like to give it a try? It's free, easy to use, and very thorough. :)

Let me know,
tea
Click to expand...
 
You must log in or register to reply here.
Back
Top