Jump to content

Recommended Posts

Posted (edited)

Hi,

 

Can someone shed some light on this problem. I use cashback site for on-line shoping, but recently I get this site when I follow the required link: hxxp://www.awin1.com (replace "xx" with "tt" to get the site address but proceed with extreme caution). I have "Googled" this site, & I get the feeling it way be a bit suspect or seen to be a bit suspect. (possible phishing or malware etc site)

 

I use mainly Opera browser but sometimes IE8 & Firefox. All 3 browsers give me this message using windows 7. If I use an old Laptop with Windows XP I get no problem.

 

When Opera blocks it, I get a question mark in the address bar, when I click on that I get a window asking/telling me that the site is unsafe & I should perform fraud check I do this, but then it tells me to report the site for either Malware or fraud. I can't understand why I've got this issue as I have used cashback sites after I upgraded to Windows 7.

There is a link to another site called "netcraft phishtank"

I have a simular problem when I use IE 8 & Firefox

This would tell me that Either Windows is blocking the site or I have a Virus/keylogger ETC on my PC? - but I have scanned with Kaspersky & Ad-aware with no viruses/malware ETC found!

I have also been recieving some suspect E-mails off Banks that ask me to follow links to confirm details - YEAH RIGHT! particularly as I don't bank with them!

Not sure if it is releated, if it is then that brings me back to the fact I may mave malware or virus ETC on PC - very frustrating!

 

Sorry for the long winded message.

 

Dazzac1965

Edited by Goku

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • Replies 29
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Hello Dazzac. Based on your symptoms, I am almost certain that this is a Malware related issue. Therefore I am moving it to the Malware removal Forums just in case.

 

Our experts will be with you shortly so please be patient. :)

 

-- Goku

Posted
Hello Dazzac. Based on your symptoms, I am almost certain that this is a Malware related issue. Therefore I am moving it to the Malware removal Forums just in case.

 

Our experts will be with you shortly so please be patient. :)

 

-- Goku

 

Hi Goku,

 

Thanks for doing this I'll keep a look out for answers.

 

Dazzac;)

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • ExTS Admin
Posted (edited)

Hi dazzac,

 

Cardiff? ... just along the motorway from me.

 

You don't say if you have MalwareBytes AntiMalware installed... i'll assume not and give you full instructions.

 

 

Step 1

 

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

 

Note:

If you already have MBAM installed, please update it and run a scan.

 

Step 2

  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png


    Now copy the lines in the codebox below.
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    

  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

In your next reply, please submit:

MBAM scan report

Both reports from OTL (if they are too big to post, please add them as attachments)

 

 

Thanks.

Edited by Starbuck

Member of:

UNITE

Posted

Hi Starbuck,

 

Thanks for the advice, I do have superAntispyware installed. I have scanned using this, & it found 3 suspect items. I have quarrantined them & provided no problems with my PC, I will delete them. My problem still Exists so I'm going to install & scan using your reccomended software. I'll post results when done.

 

Dazzac

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

Posted
Ok, thanks dazzac,

 

i'll wait for the reports.

 

Hi Starbuck,

 

Here's the first report:

 

Malwarebytes' Anti-Malware 1.46

Malwarebytes

 

Database version: 4275

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

05/07/2010 12:39:18

mbam-log-2010-07-05 (12-39-18).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 235424

Time elapsed: 2 hour(s), 0 minute(s), 28 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

As you can see, nothing found. I'm now going to try your 2nd option wilth OTL.

 

Will post results shortly.

 

Thanks,

Dazzac

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

Posted
Ok, thanks dazzac,

 

The OTL reports will be a lot more detailed.

 

OTL "Extras" report:

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Add to Converter List] -- "C:\Program Files\Converter\Converter.exe" "%L" (Full Multimedia)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter

"{6131E662-D675-46F1-AECD-DD8ED067759C}_is1" = Converter

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX

"{9B3F9AD8-E6BC-40FA-BEF7-324D167B8889}" = PC Sync Manager

"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010

"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Any Video Converter_is1" = Any Video Converter 3.0.4

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0

"Cashback Alerter" = Cashback Alerter

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Family Tree Builder" = MyHeritage Family Tree Builder

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010

"Jewel Quest Mysteries Trail of the Midnight Heart 1.00" = Jewel Quest Mysteries Trail of the Midnight Heart 1.00

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"OpenAL" = OpenAL

"outlookEMLandMSGconverter_is1" = outlookEMLandMSGconverter 3.1

"Shop for HP Supplies" = Shop for HP Supplies

"UseNeXT_is1" = UseNeXT

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.0.1

"Warzone 2100" = Warzone 2100

"Warzone2100" = Warzone2100

"WinRAR archiver" = WinRAR archiver

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 26/06/2010 15:02:13 | Computer Name = Liz-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 690 Start

Time: 01cb14f792f6bcf4 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

 

Report

Id: 03ad8394-8155-11df-81a5-0003254324bc

 

Error - 27/06/2010 06:17:31 | Computer Name = Liz-PC | Source = Microsoft Office 12 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

 

Error - 27/06/2010 10:01:15 | Computer Name = Liz-PC | Source = Google Update | ID = 20

Description =

 

Error - 27/06/2010 10:52:25 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 28/06/2010 16:17:00 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 01/07/2010 15:56:43 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 04/07/2010 04:45:21 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 04/07/2010 05:01:06 | Computer Name = Liz-PC | Source = Google Update | ID = 20

Description =

 

Error - 04/07/2010 16:01:10 | Computer Name = Liz-PC | Source = Google Update | ID = 20

Description =

 

Error - 04/07/2010 16:05:03 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621

Description =

 

[ Media Center Events ]

Error - 03/04/2010 14:01:14 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 19:01:14 - Error connecting to the internet. 19:01:14 - Unable

to contact server..

 

Error - 03/04/2010 14:01:38 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 19:01:29 - Error connecting to the internet. 19:01:29 - Unable

to contact server..

 

Error - 03/04/2010 15:15:09 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 20:13:59 - Error connecting to the internet. 20:13:59 - Unable

to contact server..

 

Error - 03/04/2010 16:01:58 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 20:17:12 - Error connecting to the internet. 20:17:13 - Unable

to contact server..

 

Error - 04/04/2010 13:31:40 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 18:25:44 - Error connecting to the internet. 18:25:45 - Unable

to contact server..

 

Error - 04/04/2010 14:21:22 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 18:43:26 - Error connecting to the internet. 18:43:26 - Unable

to contact server..

 

Error - 04/04/2010 15:30:41 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 20:29:25 - Error connecting to the internet. 20:29:25 - Unable

to contact server..

 

Error - 04/04/2010 15:49:17 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 20:33:57 - Error connecting to the internet. 20:33:57 - Unable

to contact server..

 

Error - 04/07/2010 04:56:15 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 09:56:15 - Error connecting to the internet. 09:56:15 - Unable

to contact server..

 

Error - 04/07/2010 04:56:39 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0

Description = 09:56:21 - Error connecting to the internet. 09:56:21 - Unable

to contact server..

 

[ System Events ]

Error - 03/07/2010 12:06:29 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the WMPNetworkSvc service.

 

Error - 03/07/2010 12:06:59 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the WMPNetworkSvc service.

 

Error - 03/07/2010 12:07:36 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

 

Error - 03/07/2010 14:35:51 | Computer Name = Liz-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 19:34:47 on ?03/?07/?2010 was unexpected.

 

Error - 03/07/2010 16:43:36 | Computer Name = Liz-PC | Source = DCOM | ID = 10010

Description =

 

Error - 04/07/2010 04:47:23 | Computer Name = Liz-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 09:45:03 on ?04/?07/?2010 was unexpected.

 

Error - 04/07/2010 11:16:05 | Computer Name = Liz-PC | Source = DCOM | ID = 10010

Description =

 

Error - 04/07/2010 16:05:02 | Computer Name = Liz-PC | Source = DCOM | ID = 10010

Description =

 

Error - 05/07/2010 06:41:47 | Computer Name = Liz-PC | Source = ACPI | ID = 327693

Description = : The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC hardware or

firmware or that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations, this error

may cause the computer to function incorrectly.

 

Error - 05/07/2010 08:50:23 | Computer Name = Liz-PC | Source = ACPI | ID = 327693

Description = : The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC hardware or

firmware or that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations, this error

may cause the computer to function incorrectly.

 

 

< End of report >

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

Posted (edited)

OTL Report:

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Liz\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\Liz\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Converter\WatcherService.exe (Ata alla zangenh madar)

PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Liz\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (WatcherService) -- C:\Program Files\Converter\WatcherService.exe (Ata alla zangenh madar)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation )

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)

DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()

DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search

IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "MDKTagged Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2562131&SearchSource=3&q={searchTerms}"

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: {5d3caffe-04f1-4a3c-9012-d76f9467dbf0}:2.6.0.15

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/07 13:23:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/02/27 20:36:23 | 000,000,000 | ---D | M]

 

[2010/04/14 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla\Extensions

[2010/05/18 13:50:00 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions

[2010/04/21 12:50:10 | 000,000,000 | ---D | M] (MDKTagged Toolbar) -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions\{5d3caffe-04f1-4a3c-9012-d76f9467dbf0}

[2010/05/18 13:48:13 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

[2010/04/21 12:53:22 | 000,000,921 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\searchplugins\conduit.xml

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (SWWBHO) - {6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - C:\Program Files\Cashback Alerter\CA.dll File not found

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

 

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/07/03 20:47:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Malwarebytes

[2010/07/03 19:21:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/07/03 19:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/03 19:20:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/07/03 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/26 22:03:30 | 000,000,000 | ---D | C] -- C:\f1807a55de47a6d282b8

[2010/06/24 11:33:30 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\SUPERAntiSpyware.com

[2010/06/23 22:34:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/06/23 22:34:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/06/23 22:34:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/06/23 19:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2010/06/23 19:54:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/06/23 19:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/06/23 12:52:22 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2010/06/23 12:52:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll

[2010/06/23 12:52:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010/06/23 12:52:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010/06/09 11:48:46 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/06/09 11:48:37 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/06/09 11:48:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/06/09 11:48:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/06/09 10:40:55 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/06/09 10:39:09 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/06/09 10:27:08 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/06/09 10:27:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

 

========== Files - Modified Within 30 Days ==========

 

[2010/07/05 14:21:35 | 002,621,440 | -HS- | M] () -- C:\Users\Liz\NTUSER.DAT

[2010/07/05 14:01:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002UA.job

[2010/07/05 08:36:00 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/05 08:36:00 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/05 08:27:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/07/05 08:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/05 08:27:01 | 1558,794,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/04 21:05:00 | 001,338,852 | -H-- | M] () -- C:\Users\Liz\AppData\Local\IconCache.db

[2010/07/04 20:01:02 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002Core.job

[2010/07/03 19:22:59 | 000,001,007 | ---- | M] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/07/03 19:22:20 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/02 15:57:56 | 000,730,320 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/07/02 15:57:56 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/07/02 15:57:56 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/07/01 09:04:24 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/06/27 09:38:13 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/06/23 19:54:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/06/22 20:37:42 | 000,005,120 | ---- | M] () -- C:\Users\Liz\Documents\CF3 0JD to Kirkcudbright.axe

[2010/06/12 16:52:57 | 000,284,160 | ---- | M] () -- C:\Users\Liz\Documents\2010SHIFT PATTERN.xls

[2010/06/09 19:07:00 | 000,415,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2010/07/03 19:22:40 | 000,001,007 | ---- | C] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/07/03 19:22:00 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/27 09:38:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/06/22 20:37:42 | 000,005,120 | ---- | C] () -- C:\Users\Liz\Documents\CF3 0JD to Kirkcudbright.axe

[2010/06/04 09:41:57 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/02/27 18:33:35 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll

[2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2007/01/25 22:11:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

 

========== LOP Check ==========

 

[2010/04/05 16:48:28 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\AnvSoft

[2010/04/14 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\CashbackAlerter

[2010/06/04 09:52:07 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DAEMON Tools Pro

[2010/03/29 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ImTOO Software Studio

[2010/02/28 22:10:47 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\MyHeritage

[2010/02/27 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Opera

[2010/02/27 18:33:35 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\The Complete Genealogy Reporter - FTB

[2010/07/02 15:53:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\UseNeXT

[2010/04/19 21:07:45 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\uTorrent

[2010/06/27 09:38:13 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2010/06/04 12:26:29 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2008/04/14 06:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-57989841-117609710-1606980848-1003\Dc13\Backup\Driver Backup 1-4-2010-182534\Primary IDE Channel\atapi.sys

[2008/04/14 06:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-57989841-117609710-1606980848-1003\Dc13\Backup\Driver Backup 1-4-2010-182534\Secondary IDE Channel\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/06/04 09:41:57 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C5CE2DF6

 

< End of report >

 

Both reports listed - no prompts given after scans

Cheers,

Dazzac

Edited by dazzac1965

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • ExTS Admin
Posted

Hi dazzac,

 

 

 

There's nothing actually bad showing in the reports, but there are some entries that are 'open to debate':

We'll run a small fix and then take a closer look:

 

These entries....

 

O2 - BHO: (SWWBHO) - {6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - C:\Program Files\Cashback Alerter\CA.dll File not found

O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()

 

relate to:

 

MyHeritage.com Family / Celebrity Toolbar - a Softomate/Besttoolbars Toolbar variant - Softomate customizes toolbars to customers needs. The dll files for their toolbars can contain some spyware/adware functionality, although not all of the toolbars use this. Your choice.

 

i've added the 1st one to the fix because part of the BHO is missing, so it won't work properly anyway.

 

Step 1

Double click on OTL.exe to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SWWBHO) - {6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - C:\Program Files\Cashback Alerter\CA.dll File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C5CE2DF6

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

Step 2

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If running Vista, you may not see this screen
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

In your next reply, please submit:

Otl fix report

Combofix.txt

 

 

Thanks.

Member of:

UNITE

Posted

Hi Starbuck,

 

OTL report:

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

Combofix report to follow shortly.

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • ExTS Admin
Posted

Hi dazzac,

 

Can you take a look here:

C:\_OTL\MovedFiles

 

and see if the OTL fix report is there, if so please post the whole report.

 

Thanks.

Member of:

UNITE

Posted

Hi Starbuck,

 

That is the full report.

 

Combofix crashed during running. Windows gave me an error saying it had stopped working & had to re-boot PC. On restart, it booted into safe mode & promted me to restore from last restore point.

Dazzac

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • ExTS Admin
Posted

Hi dazzac,

 

Combofix crashed during running. Windows gave me an error saying it had stopped working & had to re-boot PC.
There could be a number of reasons for this.

Can you remember at what point did Combofix crash?

Can you remember the 'stage n/o'?

Was combofix at the stage of preparing the report?

Were you running any other programs?

Did you click on the screen at any time once the program was running?

Had you stopped your resident Anti Virus?

Have you tried running it again since the problem? ... if not try running it in Safe mode. ( i see you have Daemon Tools running, this has been known to cause problems in the past)

Member of:

UNITE

Posted
Hi dazzac,

 

There could be a number of reasons for this.

Can you remember at what point did Combofix crash? - Near the end of the green bar (loading??)

Can you remember the 'stage n/o'? - No stage No. displayed.

Was combofix at the stage of preparing the report? - No

Were you running any other programs? - No

Did you click on the screen at any time once the program was running? - Don't think so

Had you stopped your resident Anti Virus? - Yes

Have you tried running it again since the problem? ... if not try running it in Safe mode. ( i see you have Daemon Tools running, this has been known to cause problems in the past)

- No not tried it again

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

Posted
Ok, please try running Combofix in safe mode then.

 

Sure no probs, Im away for a few days so I'll post the report as soon as I sort it out - might be a while. Although the problem seems to have gone??!

 

Dazzac

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • ExTS Admin
Posted

Hi Dazzac,

 

I'll post the report as soon as I sort it out - might be a while.
No problem at all.

 

Although the problem seems to have gone
It may well be ok now, the CF scan is a double check just to make sure.

Best to be safe than sorry. :)

Member of:

UNITE

  • 2 weeks later...
Posted

Hi Starbuck,

Here is Combofix report - run in safe mode.

 

 

((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))

.

 

2010-07-27 10:44 . 2010-07-27 10:44 -------- d-----w- C:\32788R22FWJFW

2010-07-13 15:33 . 2010-07-13 15:33 -------- d-----w- c:\users\Liz\AppData\Roaming\Template

2010-07-06 08:01 . 2010-07-06 08:01 -------- d-----w- C:\_OTL

2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\users\Liz\AppData\Roaming\Malwarebytes

2010-07-03 18:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-03 18:20 . 2010-07-03 18:20 -------- d-----w- c:\programdata\Malwarebytes

2010-07-03 18:20 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-03 18:20 . 2010-07-03 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-27 09:06 . 2010-02-27 19:35 -------- d-----w- c:\programdata\Kaspersky Lab

2010-07-25 16:41 . 2010-02-27 19:27 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2010-07-25 16:40 . 2010-05-19 09:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2010-07-25 16:40 . 2010-04-05 15:29 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-07-18 14:25 . 2010-02-27 19:31 -------- d-----w- c:\users\Liz\AppData\Roaming\UseNeXT

2010-07-14 10:52 . 2010-02-27 17:32 -------- d-----w- c:\program files\Opera

2010-07-13 16:03 . 2010-07-13 15:24 102 ----a-w- c:\users\Liz\AppData\Roaming\wklnhst.dat

2010-07-13 15:24 . 2010-02-27 17:09 111680 ----a-w- c:\users\Liz\AppData\Local\GDIPFONTCACHEV1.DAT

2010-07-13 15:19 . 2010-02-27 18:34 -------- d-----w- c:\program files\Microsoft Works

2010-07-04 09:57 . 2010-04-05 15:30 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2010-07-04 09:57 . 2010-05-20 17:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2010-07-04 09:57 . 2010-02-27 19:26 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-07-03 18:20 . 2010-06-02 19:27 -------- d-----w- c:\program files\Warzone 2100

2010-06-27 14:48 . 2010-02-27 21:34 -------- d-----w- c:\users\Liz\AppData\Roaming\vlc

2010-06-27 14:47 . 2010-06-23 18:50 -------- d-----w- c:\programdata\Lavasoft

2010-06-27 09:15 . 2010-02-27 18:31 -------- d-----w- c:\program files\Microsoft.NET

2010-06-24 10:34 . 2010-06-24 10:34 63488 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-24 10:34 . 2010-06-24 10:34 52224 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-24 10:34 . 2010-06-24 10:34 117760 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-24 10:33 . 2010-06-24 10:33 -------- d-----w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com

2010-06-23 18:54 . 2010-06-23 18:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-15 11:13 . 2010-06-15 11:13 133648 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-06-15 11:13 . 2010-06-15 11:13 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-06-04 08:52 . 2010-06-04 08:40 -------- d-----w- c:\users\Liz\AppData\Roaming\DAEMON Tools Pro

2010-06-04 08:42 . 2010-06-04 08:40 -------- d-----w- c:\program files\DAEMON Tools Pro

2010-06-04 08:41 . 2010-06-04 08:41 697328 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-06-04 08:40 . 2010-06-04 08:40 -------- d-----w- c:\programdata\DAEMON Tools Pro

2010-06-02 19:28 . 2010-03-08 20:44 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2010-06-02 19:28 . 2010-03-08 20:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2010-05-27 07:24 . 2010-06-09 09:27 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49 . 2010-06-09 09:27 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 13:14 . 2010-02-27 17:43 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-21 05:18 . 2010-06-09 10:48 977920 ----a-w- c:\windows\system32\wininet.dll

2010-05-09 09:14 . 2010-06-23 11:52 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-05-09 09:14 . 2010-06-23 11:52 417792 ----a-w- c:\windows\system32\msdri.dll

2010-05-05 16:12 . 2010-02-27 19:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-05-05 16:12 . 2010-02-27 19:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-05-01 14:49 . 2010-06-09 09:40 2326528 ----a-w- c:\windows\system32\win32k.sys

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

 

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]

2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

 

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

 

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-25 136176]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-04 697328]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 WatcherService;WatcherService;c:\program files\Converter\WatcherService.exe [2008-09-04 16384]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1812512]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002Core.job

- c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 08:34]

 

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002UA.job

- c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 08:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.myheritage.com

mStart Page = hxxp://search.myheritage.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - c:\program files\Cashback Alerter\CA.dll

HKLM-RunOnce-<NO NAME> - (no file)

AddRemove-Cashback Alerter - c:\program files\Cashback Alerter\uninstall.exe

 

 

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-07-27 11:55:07

ComboFix-quarantined-files.txt 2010-07-27 10:55

 

Pre-Run: 15,214,579,712 bytes free

Post-Run: 18,640,953,344 bytes free

 

- - End Of File - - 0D23513D5B80448E1F53AD6EA633B7BD

 

The problem has not gone away before I ran Combo-fix. It seems to affect any shopping site.

Cheers,

Dazzac

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • ExTS Admin
Posted

Hi dazzac,

 

I've had a bit more time to go over all the reports and posts again.

 

Seems there's nothing to worry about.

 

I use cashback site for on-line shoping, but recently I get this site when I follow the required link: hxxp://www.awin1.com (replace "xx" with "tt" to get the site address but proceed with extreme caution).
it's actually a legit marketing site.

 

awin1.com | McAfee SiteAdvisor Software – Website Safety Ratings and Secure Search

 

Affiliate Marketing – Affiliate Window – Affiliate Network

 

Affiliate Marketing – Affiliate Window – Affiliate Network

Affiliate Window handle over 750 merchants, ranging from blue-chip brands such as Dixons, Boots and Vodafone, to niche retailers looking to grow their online presence. Affiliate Window is committed to developing market-leading technology to assist the performance of both merchants and publishers.
Seems the shopping sites may be using this company for market research purposes.

 

All 3 browsers give me this message using windows 7. If I use an old Laptop with Windows XP I get no problem.
Obviously you have something installed on this system which you don't on the other system.

What is this program in your uninstall list:

MarketResearch

I can't find any info on it.

 

There is a link to another site called "netcraft phishtank"
Perfectly legit. it's there to actually protect you.

Fraud Protection, enabled by default in Opera 10 and later, warns you about suspicious Web pages by checking the page you request against a database of known “phishing” and “malware” Web sites, such as Netcraft, PhishTank and TRUSTe.

quote taken from:

Opera Web Browser | Security

 

also see here:

Netcraft Anti-Phishing Toolbar

toolbar.netcraft.com | WOT Reputation Scorecard | WOT Web of Trust

 

I'd say if you do use these shopping sites frequently .... you are going to see these things.

Member of:

UNITE

Posted

OK That's re-assuring to know.

But how do I stop this awin1.com & netcraft fishtank from blocking all access to these sites.? It's just started to block virginmedia.com too which is frustrating as I can't seem to find away round it. Virginmedia is my ISP, so I use it quite often

Thanks

 

Dazzac

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • ExTS Admin
Posted

Let's find out if it's something that's been added to the browsers.

Try running IE and Firefox without any addons and see if the problem still occurs.

 

Internet Explorer:

Click on Start >> All Programs >> Accessories >> System Tools >> Internet Explorer (no Add-ons).

This opens up IE without ActiveX controls and browser extensions.

 

Firefox:

Click on Start >> All Programs >> Mozilla Firefox >> Mozilla Firefox (safe mode)

Member of:

UNITE

Posted
Let's find out if it's something that's been added to the browsers.

Try running IE and Firefox without any addons and see if the problem still occurs.

 

Internet Explorer:

Click on Start >> All Programs >> Accessories >> System Tools >> Internet Explorer (no Add-ons).

This opens up IE without ActiveX controls and browser extensions.

 

Firefox:

Click on Start >> All Programs >> Mozilla Firefox >> Mozilla Firefox (safe mode)

 

OK I've tried IE.

Ive followed your instructions & the problem still occurs. I have tried going into Add-ons manager and individually disabling each Add - On.

 

Firefox I do not use that often, but I'll try it any way. I use Opera more - this is my main browser.

 

Thanks again for your help

Dazzac

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

  • 2 weeks later...
Posted

I can't seem to disable add-ons in Opeera any ideas?

 

Tried Firefox & this is OK when I run it off my memory stick with it configured to "private browsing" I.E. won't store cookies & delete history on exit ETC.

 

Dazzac

Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),

2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...