Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
75 Posts
Discussion Starter · #1 ·
hey all

my dad was complaining about his computer randomly restarting and how some programs (like firefox) would randomly stop responding.
i took a look at the startup in msconfig, and he has a whole ton of stuff running, including two rundll processes. any idea if we can give it a fix?

it's a toshiba satellite with XP SP 2. 1.58 GHz intel celeron. ati vid card. also has a bunch of VPN programs and such, so please be careful X-D

much thanks :-D ^.^

Logfile of HijackThis v1.99.1
Scan saved at 3:19:17 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TransCore\TransCore VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Documents and Settings\Gerry Home\Desktop\hsr\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/commcenter
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.fastaccess.com/launch.asp
R3 - URLSearchHook: (no name) - {8CC97DBE-B808-BCDD-7805-BD891C5E369E} - C:\WINDOWS\system32\fctmd.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {04EE0199-C40A-ECD9-2C08-CCCE1EB1E394} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0E89C466-09A1-242C-D7C6-55A77853E1C0} - C:\WINDOWS\system32\oxqihkwb.dll (file missing)
O2 - BHO: (no name) - {0F0EB03C-2AD2-2203-F7EA-73D58825B4C9} - (no file)
O2 - BHO: (no name) - {0F1D569F-44EF-A249-D53D-D0FF5CB31C7E} - (no file)
O2 - BHO: (no name) - {12581909-DEE1-8161-90A8-878ADDA1A89E} - (no file)
O2 - BHO: (no name) - {1F3D6C5D-A2E0-F93A-CD0C-AD98BC17F599} - (no file)
O2 - BHO: (no name) - {20F63FFE-F462-DAE8-4B3D-AA3802329790} - (no file)
O2 - BHO: (no name) - {20F63FFF-F465-DDE2-4B36-AB3876339799} - (no file)
O2 - BHO: (no name) - {323DB746-29A3-712D-D6AF-77B5EEB7D89F} - C:\WINDOWS\system32\yibcq.dll (file missing)
O2 - BHO: (no name) - {35D40E1E-CB82-E90F-F31F-9C2B5490DFCA} - (no file)
O2 - BHO: (no name) - {35D40E1F-CB85-EE05-F314-9D2B2091DFC3} - (no file)
O2 - BHO: (no name) - {64E32914-ECF3-B473-82FA-B26933FAD9C7} - C:\WINDOWS\system32\swvhlgmf.dll (file missing)
O2 - BHO: (no name) - {6B934D44-85F5-DA74-8C5E-D87F121C85C6} - C:\WINDOWS\system32\asiglvd.dll (file missing)
O2 - BHO: (no name) - {760935C3-FB50-D689-7FFB-A6F8FE98CC96} - C:\WINDOWS\system32\kqriie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {82FFB2FF-736E-0EEA-1409-2CF00DC76EC9} - C:\WINDOWS\system32\drmqhpdt.dll (file missing)
O2 - BHO: (no name) - {85376B30-FEFD-8C74-DEAD-A228E42C64CD} - C:\WINDOWS\system32\auwv.dll (file missing)
O2 - BHO: (no name) - {886F83FE-4C46-439C-6DB7-16F3BA446EC1} - C:\WINDOWS\system32\ipc.dll (file missing)
O2 - BHO: (no name) - {8CC97DBE-B808-BCDD-7805-BD891C5E369E} - C:\WINDOWS\system32\fctmd.dll
O2 - BHO: (no name) - {A13CCCEA-075B-06DF-2E25-0FC2BA55479E} - C:\WINDOWS\System32\yjrgt.dll (file missing)
O2 - BHO: (no name) - {B7AC5E4E-9B87-E552-A4A1-96CB5E940D9F} - C:\WINDOWS\system32\ppyuzaep.dll (file missing)
O2 - BHO: (no name) - {C4505D1A-9CD1-B50B-A5F4-933BF10E28CE} - C:\WINDOWS\system32\itar.dll (file missing)
O2 - BHO: (no name) - {CB10958A-5A3B-54B5-14F5-02E29B722192} - C:\WINDOWS\system32\ore.dll (file missing)
O2 - BHO: (no name) - {CD460730-C9A1-EF74-D653-C93EB12A73CC} - C:\WINDOWS\system32\amqbznhi.dll (file missing)
O2 - BHO: (no name) - {CF11036D-9AAF-E822-D653-C93EB12B75C7} - C:\WINDOWS\system32\dfespw.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TransCore TransCore VPN Client.lnk = C:\Program Files\TransCore\TransCore VPN Client\vpngui.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20F27219-00BD-4DB2-94DC-6FE40936FD26}: NameServer = 10.1.0.46,198.6.1.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\TransCore\TransCore VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

·
Retired Moderator Retired Malware Specialist
Joined
·
56,449 Posts
start with

download http://www.mvps.org/winhelp2002/DelDomains.inf and place it on desktop
right click the file and select install, that will reset the zone settings that have been altered

and also

Download: ResetProtocolDefaults.reg
http://www.mvps.org/winhelp2002/ResetProtocolDefaults.reg

Locate "ResetProtocolDefaults.reg"
Right-click and select: Merge (Ok the prompt)

then

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory Objects
    • Sweep Windows Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

·
Registered
Joined
·
75 Posts
Discussion Starter · #5 ·
Restarted the computer after the SpySweeper installation.

Gave me a RunDLL error saying it couldn't open a program. Also got an error that Windows Defender couldn't start. Then SpySweeper said it hadn't installed correctly. After opening it, it wouldn't do a sweep.

What do I do?

Here's another log.

Logfile of HijackThis v1.99.1
Scan saved at 6:27:41 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TransCore\TransCore VPN Client\cvpnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Gerry Home\Desktop\hsr\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/commcenter
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.fastaccess.com/launch.asp
R3 - URLSearchHook: (no name) - {8CC97DBE-B808-BCDD-7805-BD891C5E369E} - C:\WINDOWS\system32\fctmd.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {04EE0199-C40A-ECD9-2C08-CCCE1EB1E394} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0E89C466-09A1-242C-D7C6-55A77853E1C0} - C:\WINDOWS\system32\oxqihkwb.dll (file missing)
O2 - BHO: (no name) - {0F0EB03C-2AD2-2203-F7EA-73D58825B4C9} - (no file)
O2 - BHO: (no name) - {0F1D569F-44EF-A249-D53D-D0FF5CB31C7E} - (no file)
O2 - BHO: (no name) - {12581909-DEE1-8161-90A8-878ADDA1A89E} - (no file)
O2 - BHO: (no name) - {1F3D6C5D-A2E0-F93A-CD0C-AD98BC17F599} - (no file)
O2 - BHO: (no name) - {20F63FFE-F462-DAE8-4B3D-AA3802329790} - (no file)
O2 - BHO: (no name) - {20F63FFF-F465-DDE2-4B36-AB3876339799} - (no file)
O2 - BHO: (no name) - {323DB746-29A3-712D-D6AF-77B5EEB7D89F} - C:\WINDOWS\system32\yibcq.dll (file missing)
O2 - BHO: (no name) - {35D40E1E-CB82-E90F-F31F-9C2B5490DFCA} - (no file)
O2 - BHO: (no name) - {35D40E1F-CB85-EE05-F314-9D2B2091DFC3} - (no file)
O2 - BHO: (no name) - {64E32914-ECF3-B473-82FA-B26933FAD9C7} - C:\WINDOWS\system32\swvhlgmf.dll (file missing)
O2 - BHO: (no name) - {6B934D44-85F5-DA74-8C5E-D87F121C85C6} - C:\WINDOWS\system32\asiglvd.dll (file missing)
O2 - BHO: (no name) - {760935C3-FB50-D689-7FFB-A6F8FE98CC96} - C:\WINDOWS\system32\kqriie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {82FFB2FF-736E-0EEA-1409-2CF00DC76EC9} - C:\WINDOWS\system32\drmqhpdt.dll (file missing)
O2 - BHO: (no name) - {85376B30-FEFD-8C74-DEAD-A228E42C64CD} - C:\WINDOWS\system32\auwv.dll (file missing)
O2 - BHO: (no name) - {886F83FE-4C46-439C-6DB7-16F3BA446EC1} - C:\WINDOWS\system32\ipc.dll (file missing)
O2 - BHO: (no name) - {8CC97DBE-B808-BCDD-7805-BD891C5E369E} - C:\WINDOWS\system32\fctmd.dll
O2 - BHO: (no name) - {A13CCCEA-075B-06DF-2E25-0FC2BA55479E} - C:\WINDOWS\System32\yjrgt.dll (file missing)
O2 - BHO: (no name) - {B7AC5E4E-9B87-E552-A4A1-96CB5E940D9F} - C:\WINDOWS\system32\ppyuzaep.dll (file missing)
O2 - BHO: (no name) - {C4505D1A-9CD1-B50B-A5F4-933BF10E28CE} - C:\WINDOWS\system32\itar.dll (file missing)
O2 - BHO: (no name) - {CB10958A-5A3B-54B5-14F5-02E29B722192} - C:\WINDOWS\system32\ore.dll (file missing)
O2 - BHO: (no name) - {CD460730-C9A1-EF74-D653-C93EB12A73CC} - C:\WINDOWS\system32\amqbznhi.dll (file missing)
O2 - BHO: (no name) - {CF11036D-9AAF-E822-D653-C93EB12B75C7} - C:\WINDOWS\system32\dfespw.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TransCore TransCore VPN Client.lnk = C:\Program Files\TransCore\TransCore VPN Client\vpngui.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20F27219-00BD-4DB2-94DC-6FE40936FD26}: NameServer = 10.1.0.46,198.6.1.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\TransCore\TransCore VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

·
Registered
Joined
·
75 Posts
Discussion Starter · #6 ·
Hey dvk01

I have to head out, so my dad's gonna keep up to date on this. He's not as computer savvy, but he should be able to follow instructions ^.^

Thanks again for the help.
 

·
Retired Moderator Retired Malware Specialist
Joined
·
56,449 Posts
Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

R3 - URLSearchHook: (no name) - {8CC97DBE-B808-BCDD-7805-BD891C5E369E} - C:\WINDOWS\system32\fctmd.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {04EE0199-C40A-ECD9-2C08-CCCE1EB1E394} - (no file)
O2 - BHO: (no name) - {0E89C466-09A1-242C-D7C6-55A77853E1C0} - C:\WINDOWS\system32\oxqihkwb.dll (file missing)
O2 - BHO: (no name) - {0F0EB03C-2AD2-2203-F7EA-73D58825B4C9} - (no file)
O2 - BHO: (no name) - {0F1D569F-44EF-A249-D53D-D0FF5CB31C7E} - (no file)
O2 - BHO: (no name) - {12581909-DEE1-8161-90A8-878ADDA1A89E} - (no file)
O2 - BHO: (no name) - {1F3D6C5D-A2E0-F93A-CD0C-AD98BC17F599} - (no file)
O2 - BHO: (no name) - {20F63FFE-F462-DAE8-4B3D-AA3802329790} - (no file)
O2 - BHO: (no name) - {20F63FFF-F465-DDE2-4B36-AB3876339799} - (no file)
O2 - BHO: (no name) - {323DB746-29A3-712D-D6AF-77B5EEB7D89F} - C:\WINDOWS\system32\yibcq.dll (file missing)
O2 - BHO: (no name) - {35D40E1E-CB82-E90F-F31F-9C2B5490DFCA} - (no file)
O2 - BHO: (no name) - {35D40E1F-CB85-EE05-F314-9D2B2091DFC3} - (no file)
O2 - BHO: (no name) - {64E32914-ECF3-B473-82FA-B26933FAD9C7} - C:\WINDOWS\system32\swvhlgmf.dll (file missing)
O2 - BHO: (no name) - {6B934D44-85F5-DA74-8C5E-D87F121C85C6} - C:\WINDOWS\system32\asiglvd.dll (file missing)
O2 - BHO: (no name) - {760935C3-FB50-D689-7FFB-A6F8FE98CC96} - C:\WINDOWS\system32\kqriie.dll (file missing)
O2 - BHO: (no name) - {82FFB2FF-736E-0EEA-1409-2CF00DC76EC9} - C:\WINDOWS\system32\drmqhpdt.dll (file missing)
O2 - BHO: (no name) - {85376B30-FEFD-8C74-DEAD-A228E42C64CD} - C:\WINDOWS\system32\auwv.dll (file missing)
O2 - BHO: (no name) - {886F83FE-4C46-439C-6DB7-16F3BA446EC1} - C:\WINDOWS\system32\ipc.dll (file missing)
O2 - BHO: (no name) - {8CC97DBE-B808-BCDD-7805-BD891C5E369E} - C:\WINDOWS\system32\fctmd.dll
O2 - BHO: (no name) - {A13CCCEA-075B-06DF-2E25-0FC2BA55479E} - C:\WINDOWS\System32\yjrgt.dll (file missing)
O2 - BHO: (no name) - {B7AC5E4E-9B87-E552-A4A1-96CB5E940D9F} - C:\WINDOWS\system32\ppyuzaep.dll (file missing)
O2 - BHO: (no name) - {C4505D1A-9CD1-B50B-A5F4-933BF10E28CE} - C:\WINDOWS\system32\itar.dll (file missing)
O2 - BHO: (no name) - {CB10958A-5A3B-54B5-14F5-02E29B722192} - C:\WINDOWS\system32\ore.dll (file missing)
O2 - BHO: (no name) - {CD460730-C9A1-EF74-D653-C93EB12A73CC} - C:\WINDOWS\system32\amqbznhi.dll (file missing)
O2 - BHO: (no name) - {CF11036D-9AAF-E822-D653-C93EB12B75C7} - C:\WINDOWS\system32\dfespw.dll (file missing)
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab

now Start killbox, paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window, select delete on reboot , press the red X button, say yes to the prompt and NOto reboot now then repeat for each file in turn

[Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

C:\WINDOWS\system32\ptmg1v.dll
C:\WINDOWS\system32\fctmd.dll

Then on killbox top bar press tools/delete temp files, in the pop up box towards the middle is a drop down box containing a list of all user accounts on this drop down user account box, select your account, select ALL options it will allow you to, then then press delete selected temp files , then repeat for every user account listed in that drop down box

then reboot &
  • Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click " Configure Scan Options"
  • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
  • Now Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    • Reboot back to Normal Mode!
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top