1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

search engines dont work

Discussion in 'Virus & Other Malware Removal' started by klion, May 7, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. klion

    klion Thread Starter

    Joined:
    May 7, 2008
    Messages:
    4
    OK, not sure how but something got on my computer. Weirdest thing, I can navigate the internet via URLs and links somewhat, but if i go to a search engine (google, webcrawler) and click search, it will never returns results. I have also noticed a few random popups when I'm at sites I don't expect them from, but uncertain if thats a symptom as well. Some sites such as yahoo, altavista, askjeeves won't load even if I go directly to them.

    I managed to temporarily fix this yesterday; I ran a few scans with adaware and some other utils, deleted some suspicious looking things with hijackthis, then before I went to sleep I ran adaware again to do a full scan, and when I woke up the problem was back.

    Heres the hijackthis/dss log, theres at least one obviously suspicious file, but hijackthis can't delete it or else it keeps being remade when I click "fix this". There was 2 that kept comming back yesterday (with different names each time), the other seems to be gone now though.

    O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s

    Hopefully someone's encountered this before (I did see another post about this problem, but following it didn't quite work)

    ____________________________________________________________________

    Deckard's System Scanner v20071014.68
    Run by Klion on 2008-05-07 13:00:30
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    5: 2008-05-07 20:00:38 UTC - RP454 - Deckard's System Scanner Restore Point
    4: 2008-05-06 21:56:12 UTC - RP453 - Installed GetDataBack for FAT
    3: 2008-05-06 21:55:17 UTC - RP452 - Installed EasyCleaner
    2: 2008-05-06 20:37:18 UTC - RP451 - Installed Ad-Aware 2007
    1: 2008-05-06 11:36:09 UTC - RP450 - Removed Nero 8


    Backed up registry hives.
    Performed disk cleanup.

    System Drive C: has 17.46 GiB (less than 15%) free.


    -- HijackThis (run as Klion.exe) -----------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 1:02:06 PM, on 07/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Klion\Desktop\dss.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\Klion\Desktop\Klion.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {24691C06-95E8-40EB-B061-3E3E79EE3EBC} - C:\WINDOWS\system32\opnomlLB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: {96418552-e05d-d648-1054-28a1f2ae7ffb} - {bff7ea2f-1a82-4501-846d-d50e25581469} - C:\WINDOWS\system32\eeykprxo.dll
    O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - C:\WINDOWS\system32\nnnljhgD.dll
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
    O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://192.168.0.101:6666/tsweb/msrdp.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: nnnljhgD - C:\WINDOWS\SYSTEM32\nnnljhgD.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Simply Accounting Database Connection Manager - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (file missing)
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe


    -- HijackThis Fixed Entries (C:\DOCUME~1\Klion\Desktop\backups\) ---------------

    backup-20080506-134035-345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    backup-20080506-134035-566 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    backup-20080506-134035-586 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/ca/ý
    backup-20080506-134035-627 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    backup-20080506-134035-804 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    backup-20080506-134035-990 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    backup-20080506-134350-450 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    backup-20080506-134352-545 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    backup-20080506-134354-178 O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://192.168.0.101:6666/tsweb/msrdp.cab
    backup-20080506-141437-122 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
    backup-20080506-141437-205 O4 - HKLM\..\Run: [80d2dc43] rundll32.exe "C:\WINDOWS\system32\ybtqgibo.dll",b
    backup-20080506-141511-918 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
    backup-20080506-141546-767 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
    backup-20080506-141554-151 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
    backup-20080506-144025-312 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\ctelrxlp.dll",s
    backup-20080507-122524-193 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
    backup-20080507-122524-549 O4 - HKLM\..\Run: [80d2dc43] rundll32.exe "C:\WINDOWS\system32\vschisvw.dll",b
    backup-20080507-122614-850 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
    backup-20080507-123840-320 O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (file missing)
    backup-20080507-124024-410 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
    backup-20080507-124330-388 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    backup-20080507-124330-993 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
    backup-20080507-124342-969 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
    backup-20080507-125026-446 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s
    backup-20080507-125258-723 O4 - HKLM\..\Run: [BM83e1efdf] Rundll32.exe "C:\WINDOWS\system32\eauyupyy.dll",s

    -- File Associations -----------------------------------------------------------

    .scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
    R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
    R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
    R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
    R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
    R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
    R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

    S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
    S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
    S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20070117.002\symidsco.sys (file missing)
    S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
    S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
    S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
    R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
    R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>

    S2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\D15F9CEA80DA0
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\D15F9CEA80DA0
    Service: NIC1394

    Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Description: SCSI/RAID Host Controller
    Device ID: ACPI\PNPA000\4&66EE762C&1
    Manufacturer: (Standard mass storage controllers)
    Name: SCSI/RAID Host Controller
    PNP Device ID: ACPI\PNPA000\4&66EE762C&1
    Service: ae1c1q9o


    -- Files created between 2008-04-07 and 2008-05-07 -----------------------------

    2008-05-07 02:26:26 2112 --a------ C:\WINDOWS\system32\ocbkpino.exe
    2008-05-07 02:23:26 96832 --a------ C:\WINDOWS\system32\vschisvw.dll
    2008-05-07 02:20:26 106560 --a------ C:\WINDOWS\system32\eeykprxo.dll
    2008-05-07 02:17:49 105024 --a------ C:\WINDOWS\system32\eauyupyy.dll
    2008-05-06 15:05:42 0 dr-h----- C:\Documents and Settings\Klion\Recent
    2008-05-06 14:56:12 0 d-------- C:\Program Files\Runtime Software
    2008-05-06 14:55:18 0 d-------- C:\Program Files\ToniArts
    2008-05-06 14:48:32 0 d-------- C:\Program Files\AMUST
    2008-05-06 13:37:24 0 d-------- C:\Program Files\Lavasoft
    2008-05-06 13:37:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-06 02:24:55 107584 --a------ C:\WINDOWS\system32\kfcldcgi.dll
    2008-05-06 02:21:55 95808 --a------ C:\WINDOWS\system32\ybtqgibo.dll
    2008-05-06 02:18:55 105536 --a------ C:\WINDOWS\system32\ctelrxlp.dll
    2008-05-05 14:15:49 195780 --ahs---- C:\WINDOWS\system32\BLlmonpo.ini2
    2008-05-05 14:15:43 280064 --a------ C:\WINDOWS\system32\opnomlLB.dll
    2008-05-05 14:10:40 41984 --a------ C:\WINDOWS\system32\nnnljhgD.dll
    2008-05-05 13:45:26 0 d-------- C:\Documents and Settings\Klion\Application Data\Nero
    2008-05-05 13:41:57 0 d-------- C:\Program Files\Common Files\Nero
    2008-05-05 13:41:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-05-04 01:53:02 0 d-------- C:\Program Files\VirtualNetwork
    2008-05-04 01:53:02 0 d-------- C:\Program Files\BitAccelerator
    2008-04-19 00:19:14 0 d-------- C:\Program Files\Ventrilo
    2008-04-11 01:58:13 0 d-------- C:\Program Files\Polar
    2008-04-11 01:57:58 0 d-------- C:\WINDOWS\Downloaded Installations
    2008-04-10 22:12:10 0 d-------- C:\Program Files\Common Files\INCA Shared
    2008-04-10 21:51:24 0 d-------- C:\AeriaGames


    -- Find3M Report ---------------------------------------------------------------

    2008-05-07 12:58:51 0 d-------- C:\Program Files\Mozilla Thunderbird
    2008-05-07 12:43:08 0 d-------- C:\Documents and Settings\Klion\Application Data\.purple
    2008-05-07 03:36:11 0 d-------- C:\Program Files\Warcraft III
    2008-05-06 14:59:49 0 d-------- C:\Program Files\zMUD
    2008-05-06 14:59:49 0 d-------- C:\Documents and Settings\Klion\Application Data\uTorrent
    2008-05-06 14:59:49 0 d-------- C:\Documents and Settings\Klion\Application Data\LimeWire
    2008-05-06 14:56:12 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-06 13:36:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-06 04:43:10 0 d-------- C:\Program Files\Nero
    2008-05-06 04:27:25 0 d-------- C:\Program Files\Toshiba
    2008-05-06 04:27:11 0 d-------- C:\Program Files\ZAR
    2008-05-05 13:41:57 0 d-------- C:\Program Files\Common Files
    2008-05-02 20:04:52 0 d-------- C:\Program Files\Digital Photo Recovery
    2008-03-30 17:23:55 0 d-------- C:\Documents and Settings\Klion\Application Data\GARMIN
    2008-03-26 16:10:06 0 d-------- C:\Program Files\Winamp
    2008-03-22 18:15:11 0 d-------- C:\Program Files\Java
    2008-03-20 20:52:28 0 d-------- C:\Program Files\PowerQuest
    2008-03-19 23:58:51 0 d-------- C:\Program Files\DiskInternals


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24691C06-95E8-40EB-B061-3E3E79EE3EBC}]
    05/05/2008 02:15 PM 280064 --a------ C:\WINDOWS\system32\opnomlLB.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bff7ea2f-1a82-4501-846d-d50e25581469}]
    07/05/2008 02:20 AM 106560 --a------ C:\WINDOWS\system32\eeykprxo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7F6584C-864B-411D-A410-BB2DE0D33CA1}]
    05/05/2008 02:10 PM 41984 --a------ C:\WINDOWS\system32\nnnljhgD.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NDSTray.exe"="NDSTray.exe" []
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/03/2006 01:02 AM]
    "TPSMain"="TPSMain.exe" [31/05/2005 10:00 PM C:\WINDOWS\system32\TPSMain.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 05:00 AM]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [10/08/2004 05:00 AM]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [10/08/2004 05:00 AM]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 05:00 AM]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 05:00 AM]
    "CFSServ.exe"="CFSServ.exe" []
    "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [21/05/2003 02:21 AM]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/05/2006 01:04 AM]
    "nwiz"="nwiz.exe" [01/05/2006 01:04 AM C:\WINDOWS\system32\nwiz.exe]
    "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [01/05/2006 01:04 AM]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/05/2006 01:04 AM]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [26/06/2006 09:46 AM]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/06/2007 02:24 PM]
    "ConnectionManager"="C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [09/10/2007 01:00 AM]
    "BM83e1efdf"="C:\WINDOWS\system32\eauyupyy.dll" [07/05/2008 02:17 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [01/03/2007 4:34:15 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{F7F6584C-864B-411D-A410-BB2DE0D33CA1}"= C:\WINDOWS\system32\nnnljhgD.dll [05/05/2008 02:10 PM 41984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnljhgD]
    nnnljhgD.dll 05/05/2008 02:10 PM 41984 C:\WINDOWS\system32\nnnljhgD.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnomlLB

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
    backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Klion^Start Menu^Programs^Startup^Trillian.lnk]
    path=C:\Documents and Settings\Klion\Start Menu\Programs\Startup\Trillian.lnk

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
    CFSServ.exe -NoClient

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    KHALMNPR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet /keeploaded /nodetect

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
    TFncKy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
    C:\Program Files\Toshiba\Tvs\TvsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized




    -- End of Deckard's System Scanner: finished at 2008-05-07 13:03:01 ------------

    w
     

    Attached Files:

  2. klion

    klion Thread Starter

    Joined:
    May 7, 2008
    Messages:
    4
    Bump. I don't wanna reformat.
     
  3. klion

    klion Thread Starter

    Joined:
    May 7, 2008
    Messages:
    4
    I downloaded a program called "Unlocker" and used that to delete that dll file, it hasn't come back so I guess I fixed it.


    Edit: It came back with a friend. How can I track down the program that is recreating them?
     
  4. klion

    klion Thread Starter

    Joined:
    May 7, 2008
    Messages:
    4
    u all fail at viruses. thx for all the helpful advice :(
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/710473