Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

search engines dont work

(New)
(!)

klion's Avatar
klion klion is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Einstein
07-May-2008, 04:36 PM #1
search engines dont work
OK, not sure how but something got on my computer. Weirdest thing, I can navigate the internet via URLs and links somewhat, but if i go to a search engine (google, webcrawler) and click search, it will never returns results. I have also noticed a few random popups when I'm at sites I don't expect them from, but uncertain if thats a symptom as well. Some sites such as yahoo, altavista, askjeeves won't load even if I go directly to them.

I managed to temporarily fix this yesterday; I ran a few scans with adaware and some other utils, deleted some suspicious looking things with hijackthis, then before I went to sleep I ran adaware again to do a full scan, and when I woke up the problem was back.

Heres the hijackthis/dss log, theres at least one obviously suspicious file, but hijackthis can't delete it or else it keeps being remade when I click "fix this". There was 2 that kept comming back yesterday (with different names each time), the other seems to be gone now though.

O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s

Hopefully someone's encountered this before (I did see another post about this problem, but following it didn't quite work)

____________________________________________________________________

Deckard's System Scanner v20071014.68
Run by Klion on 2008-05-07 13:00:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-05-07 20:00:38 UTC - RP454 - Deckard's System Scanner Restore Point
4: 2008-05-06 21:56:12 UTC - RP453 - Installed GetDataBack for FAT
3: 2008-05-06 21:55:17 UTC - RP452 - Installed EasyCleaner
2: 2008-05-06 20:37:18 UTC - RP451 - Installed Ad-Aware 2007
1: 2008-05-06 11:36:09 UTC - RP450 - Removed Nero 8


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 17.46 GiB (less than 15%) free.


-- HijackThis (run as Klion.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:02:06 PM, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Klion\Desktop\dss.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Klion\Desktop\Klion.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {24691C06-95E8-40EB-B061-3E3E79EE3EBC} - C:\WINDOWS\system32\opnomlLB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {96418552-e05d-d648-1054-28a1f2ae7ffb} - {bff7ea2f-1a82-4501-846d-d50e25581469} - C:\WINDOWS\system32\eeykprxo.dll
O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - C:\WINDOWS\system32\nnnljhgD.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://192.168.0.101:6666/tsweb/msrdp.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: nnnljhgD - C:\WINDOWS\SYSTEM32\nnnljhgD.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Simply Accounting Database Connection Manager - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\Klion\Desktop\backups\) ---------------

backup-20080506-134035-345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080506-134035-566 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080506-134035-586 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/ca/
backup-20080506-134035-627 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080506-134035-804 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080506-134035-990 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080506-134350-450 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
backup-20080506-134352-545 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
backup-20080506-134354-178 O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://192.168.0.101:6666/tsweb/msrdp.cab
backup-20080506-141437-122 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
backup-20080506-141437-205 O4 - HKLM\..\Run: [80d2dc43] rundll32.exe "C:\WINDOWS\system32\ybtqgibo.dll",b
backup-20080506-141511-918 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
backup-20080506-141546-767 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
backup-20080506-141554-151 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
backup-20080506-144025-312 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
backup-20080507-122524-193 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
backup-20080507-122524-549 O4 - HKLM\..\Run: [80d2dc43] rundll32.exe "C:\WINDOWS\system32\vschisvw.dll",b
backup-20080507-122614-850 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
backup-20080507-123840-320 O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (file missing)
backup-20080507-124024-410 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
backup-20080507-124330-388 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
backup-20080507-124330-993 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
backup-20080507-124342-969 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
backup-20080507-125026-446 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
backup-20080507-125258-723 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20070117.002\symidsco.sys (file missing)
S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>

S2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\D15F9CEA80DA0
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\D15F9CEA80DA0
Service: NIC1394

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&66EE762C&1
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&66EE762C&1
Service: ae1c1q9o


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 02:26:26 2112 --a------ C:\WINDOWS\system32\ocbkpino.exe
2008-05-07 02:23:26 96832 --a------ C:\WINDOWS\system32\vschisvw.dll
2008-05-07 02:20:26 106560 --a------ C:\WINDOWS\system32\eeykprxo.dll
2008-05-07 02:17:49 105024 --a------ C:\WINDOWS\system32\eauyupyy.dll
2008-05-06 15:05:42 0 dr-h----- C:\Documents and Settings\Klion\Recent
2008-05-06 14:56:12 0 d-------- C:\Program Files\Runtime Software
2008-05-06 14:55:18 0 d-------- C:\Program Files\ToniArts
2008-05-06 14:48:32 0 d-------- C:\Program Files\AMUST
2008-05-06 13:37:24 0 d-------- C:\Program Files\Lavasoft
2008-05-06 13:37:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-06 02:24:55 107584 --a------ C:\WINDOWS\system32\kfcldcgi.dll
2008-05-06 02:21:55 95808 --a------ C:\WINDOWS\system32\ybtqgibo.dll
2008-05-06 02:18:55 105536 --a------ C:\WINDOWS\system32\ctelrxlp.dll
2008-05-05 14:15:49 195780 --ahs---- C:\WINDOWS\system32\BLlmonpo.ini2
2008-05-05 14:15:43 280064 --a------ C:\WINDOWS\system32\opnomlLB.dll
2008-05-05 14:10:40 41984 --a------ C:\WINDOWS\system32\nnnljhgD.dll
2008-05-05 13:45:26 0 d-------- C:\Documents and Settings\Klion\Application Data\Nero
2008-05-05 13:41:57 0 d-------- C:\Program Files\Common Files\Nero
2008-05-05 13:41:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-04 01:53:02 0 d-------- C:\Program Files\VirtualNetwork
2008-05-04 01:53:02 0 d-------- C:\Program Files\BitAccelerator
2008-04-19 00:19:14 0 d-------- C:\Program Files\Ventrilo
2008-04-11 01:58:13 0 d-------- C:\Program Files\Polar
2008-04-11 01:57:58 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-10 22:12:10 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-10 21:51:24 0 d-------- C:\AeriaGames


-- Find3M Report ---------------------------------------------------------------

2008-05-07 12:58:51 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-07 12:43:08 0 d-------- C:\Documents and Settings\Klion\Application Data\.purple
2008-05-07 03:36:11 0 d-------- C:\Program Files\Warcraft III
2008-05-06 14:59:49 0 d-------- C:\Program Files\zMUD
2008-05-06 14:59:49 0 d-------- C:\Documents and Settings\Klion\Application Data\uTorrent
2008-05-06 14:59:49 0 d-------- C:\Documents and Settings\Klion\Application Data\LimeWire
2008-05-06 14:56:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 13:36:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 04:43:10 0 d-------- C:\Program Files\Nero
2008-05-06 04:27:25 0 d-------- C:\Program Files\Toshiba
2008-05-06 04:27:11 0 d-------- C:\Program Files\ZAR
2008-05-05 13:41:57 0 d-------- C:\Program Files\Common Files
2008-05-02 20:04:52 0 d-------- C:\Program Files\Digital Photo Recovery
2008-03-30 17:23:55 0 d-------- C:\Documents and Settings\Klion\Application Data\GARMIN
2008-03-26 16:10:06 0 d-------- C:\Program Files\Winamp
2008-03-22 18:15:11 0 d-------- C:\Program Files\Java
2008-03-20 20:52:28 0 d-------- C:\Program Files\PowerQuest
2008-03-19 23:58:51 0 d-------- C:\Program Files\DiskInternals


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24691C06-95E8-40EB-B061-3E3E79EE3EBC}]
05/05/2008 02:15 PM 280064 --a------ C:\WINDOWS\system32\opnomlLB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bff7ea2f-1a82-4501-846d-d50e25581469}]
07/05/2008 02:20 AM 106560 --a------ C:\WINDOWS\system32\eeykprxo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7F6584C-864B-411D-A410-BB2DE0D33CA1}]
05/05/2008 02:10 PM 41984 --a------ C:\WINDOWS\system32\nnnljhgD.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/03/2006 01:02 AM]
"TPSMain"="TPSMain.exe" [31/05/2005 10:00 PM C:\WINDOWS\system32\TPSMain.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 05:00 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [10/08/2004 05:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [10/08/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 05:00 AM]
"CFSServ.exe"="CFSServ.exe" []
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [21/05/2003 02:21 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/05/2006 01:04 AM]
"nwiz"="nwiz.exe" [01/05/2006 01:04 AM C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [01/05/2006 01:04 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/05/2006 01:04 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [26/06/2006 09:46 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/06/2007 02:24 PM]
"ConnectionManager"="C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [09/10/2007 01:00 AM]
"BM83e1efdf"="C:\WINDOWS\system32\eauyupyy.dll" [07/05/2008 02:17 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [01/03/2007 4:34:15 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{F7F6584C-864B-411D-A410-BB2DE0D33CA1}"= C:\WINDOWS\system32\nnnljhgD.dll [05/05/2008 02:10 PM 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnljhgD]
nnnljhgD.dll 05/05/2008 02:10 PM 41984 C:\WINDOWS\system32\nnnljhgD.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnomlLB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Klion^Start Menu^Programs^Startup^Trillian.lnk]
path=C:\Documents and Settings\Klion\Start Menu\Programs\Startup\Trillian.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized




-- End of Deckard's System Scanner: finished at 2008-05-07 13:03:01 ------------

w
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

Last edited by klion; 08-May-2008 at 01:27 AM..
klion's Avatar
klion klion is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Einstein
08-May-2008, 01:30 AM #2
Bump. I don't wanna reformat.
klion's Avatar
klion klion is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Einstein
08-May-2008, 08:59 PM #3
I downloaded a program called "Unlocker" and used that to delete that dll file, it hasn't come back so I guess I fixed it.


Edit: It came back with a friend. How can I track down the program that is recreating them?

Last edited by klion; 09-May-2008 at 12:01 AM..
klion's Avatar
klion klion is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: May 2008
Experience: Einstein
10-May-2008, 12:06 AM #4
u all fail at viruses. thx for all the helpful advice
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑