Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another report of set blocking clkh71yhks66.com and zl00zxcv1.com continuously


  • This topic is locked This topic is locked
2 replies to this topic

#1 guitareth

guitareth

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 13 July 2010 - 10:44 AM

I am encountering very similar problems to post at http://www.bleepingcomputer.com/forums/t/330759/eset-blocking-clkh71yhks66com-and-zl00zxcv1com-continuously/ as posted on 11th July 10.

Yesterday when I started up my windows Vista PC, when it came to the user login window there was an error box titled “loginui.exe – Corrupt file” with message in the box stating “C:\Program Files\Windows NT\TableTextServicce is corrupt and unreadable. Please run the CHKDSK utility”. However, I found if I ignored that window (or click on the warning several times until it eventually closes) I could login OK.

However, a further issue was that when I opened my web browser (Firefox) and opened any web pages I found that Eset NOD32 Antivirus (my default antivirus program) has started repeatedly popping up red warning windows “Address has been blocked” and referring to long URL’s which commence with either clkh71yhks66.com (IP address: 78.47.249.228:80) or zl00zxcv1.com (IP address: 91.212.226.179:80). I also found this happens when I use Internet Explorer as my browser. I ran Malwarebytes Anti-malware in Quick Scan mode and it found a couple of things which I let it remove (sorry I did not note them down). However, whilst this has resolved the issue of the “loginui.exe – Corrupt file” at windows login, the Eset NOD32 Antivirus red warning windows “Address has been blocked” still keep popping up as described above.

I have tried to run System Restore, to which it says I need to run CHKDSK first so did that, but on then setting System Restore to restore to backups taken a few days ago it appears to work, restarts my PC, but then always reports that it failed to do the restore.

I’ve since run Malwarebytes full scans, but they now do not detect any problems. I tried to run a full scan by NOD32 Antivirus, and using Sophos Ant-Rootkit but my PC crashes approx 80% into those!

I have also discovered that if I now try to run the Windows Update service, when I click “Check for updates” it starts the process but quickly just jumps straight back to the “Check for updates” window – with no message saying it’s found updates or not.

NOTE: I followed your instructions re progs to run and files to attach to this post. DDS.scr ran fine and I've included and attached relevant details.

However, every time I have tried to run GMER (with the setting you gave) after about 1 minute into the scan it pops up a message saying GMER cannot continue. On some occasions GMER has even brought up a blue screen of death and crashed my PC. I've also tried killing as many running background progs as possible before running GMER, and also tried running it when PC was started in Safe mode, but its still gives up after around a minute. I AM THEREFORE UNABLE TO ATTACH AN ark.txt FILE FROM GMER


I’d very much appreciate any help anyone can give me in resolving these issues.


DDS.txt log as follows:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gareth Davies at 16:40:21.10 on 13/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.2045.600 [GMT 2:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Eazy-Ware\ezSched.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Users\Gareth Davies\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0070525
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: []
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Second Copy] "c:\program files\seccopy\SecCopy.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\gareth davies\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [EazyScheduler] c:\program files\eazy-ware\ezSched.exe
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: []
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\users\gareth~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\no-ipd~1.lnk - c:\program files\no-ip\DUC20.exe
StartupFolder: c:\users\gareth davies\appdata\roaming\microsoft\windows\start menu\programs\startup\syscron.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {E5BEE4AE-9071-4C3C-936F-2699B48234DD} = 208.67.222.222,208.67.222.220
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\windows\system32\wowctl2.dll
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - c:\windows\system32\eztoolslib2.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll
mASetup: ccc-core-static - msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb

================= FIREFOX ===================

FF - ProfilePath - c:\users\gareth~1\appdata\roaming\mozilla\firefox\profiles\n3sp7tf5.default\
FF - prefs.js: browser.search.selectedEngine - Google UK
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.ftp - 83.170.113.116
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 83.170.113.116
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 83.170.113.116
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 83.170.113.116
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 83.170.113.116
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\gareth davies\appdata\roaming\mozilla\firefox\profiles\n3sp7tf5.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: c:\program files\opera\program\plugins\NPSibelius.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\users\gareth davies\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-15 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-10-22 20376]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2008-11-7 25824]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-4-10 5120]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9da2519eac895;Google Update Service (gupdate1c9da2519eac895);c:\program files\google\update\GoogleUpdate.exe [2009-5-21 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S2 TeamViewer5;TeamViewer 5;"c:\program files\teamviewer\version4\teamviewer_service.exe" -service --> c:\program files\teamviewer\version4\TeamViewer_Service.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-2-2 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-24 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-13 13:03:05 286133739 ----a-w- c:\windows\MEMORY.DMP
2010-07-13 10:35:08 0 d-----w- c:\program files\Sophos
2010-07-13 09:19:00 0 d-----w- c:\program files\Yahoo!
2010-07-13 09:18:45 0 d-----w- c:\program files\CCleaner
2010-07-13 09:14:52 214820 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-13 08:21:37 0 d-sh--w- C:\found.001
2010-06-23 06:43:37 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-06-23 06:43:02 40448 ----a-w- c:\windows\system32\winrs.exe
2010-06-23 06:43:02 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-06-23 06:43:02 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-06-23 06:35:07 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 06:35:07 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 06:35:07 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 06:35:07 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 06:35:07 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 06:33:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 06:33:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

==================== Find3M ====================

2010-07-13 14:34:07 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-11 08:16:59 772126 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-11 08:16:59 177058 ----a-w- c:\windows\system32\perfc00A.dat
2010-06-23 06:40:00 86016 ----a-w- c:\windows\inf\infpub.dat
2010-06-23 06:39:59 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-23 06:39:59 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 06:50:00 98504 ----a-w- c:\windows\fonts\consola.ttf
2010-05-13 06:50:00 97752 ----a-w- c:\windows\fonts\leelawad.ttf
2010-05-13 06:50:00 5178844 ----a-w- c:\windows\fonts\kaiu.ttf
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-12 12:02:57 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
2009-11-07 20:17:56 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-16 22:48:12 44 ---h--w- c:\program files\e5abb4f4.tmp
2009-02-26 11:43:17 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2009-02-26 11:43:17 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2009-02-26 11:43:16 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2009-02-26 11:43:16 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2009-02-02 17:06:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-10-14 07:27:35 108 --sha-r- c:\windows\neoqaz2.dll
2010-04-03 17:36:04 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-03 17:36:04 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-03 17:36:04 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-04-09 11:29:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-04-09 11:29:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-04-09 11:29:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2002-04-16 08:27:54 5 --sha-w- c:\windows\system32\CdI5T.drv
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2007-05-25 01:20:13 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:47:43.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 guitareth

guitareth
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 15 July 2010 - 08:13 AM

Just to update, and also to save wasting anyone else's time on this! I cross-posted this to the Malwarebytes forum and a guy there very promptly and very thoroughly took me through the stages of resolving this issue. It's now fully resolved and my PC is clean again tongue.gif laugh.gif If anyone is interested in his suggestions and outcome see this thread on the Malwarebytes forum thumbup2.gif

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 15 July 2010 - 04:45 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users