| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 107985 | 2010-03-10 01:09:00 | Stopping add-ons | katharinem (3459) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 865456 | 2010-03-10 01:09:00 | Friend is using Int Explorer and cannot download emails as add-ons keep appearing and stop/interfere with, the receiving emails process. She is on dial-up. Have used various cleaning programmes and have ticked the "stop pop-ups" box in Internet Connections. I have checked the Manage Add-ons tab but am not sure which to disable or which to leave alone. I'm not sure whether or not to use the 'Starting Int Exp with all add-ons disabled' as it is not my computer. See attached lists. I have also advised her to use Opera, Mozilla or Google Chrome. Most of them have "http://adserve.cpxinteractive...." at the top. Help and advice as always will be much appreciated! 1187 1188 |
katharinem (3459) | ||
| 865457 | 2010-03-10 01:36:00 | Add-ons are just that and stopping them will not affect IE working. Try "Int Exp with all add-ons disabled' " |
kjaada (253) | ||
| 865458 | 2010-03-10 01:52:00 | Most of them have "http://adserve.cpxinteractive...." at the top. Help and advice as always will be much appreciated! Sounds far more like you are getting pop-ups caused by malware, than actual browser add-ons causing issues. Try running a scan with a good, upto date antivirus, and something like Spybot & Malwarebytes AntiMalware. |
inphinity (7274) | ||
| 865459 | 2010-03-10 03:26:00 | She has Spybot, Adaware and told me she runs them regularly. Has Microsoft Security essentials and Kerio firewall and I did a cleanup with Tune Up Utilities. Guess I'll have to trek up to the farm through the wilderness again. What if I do a startup check? Would they show up on this? They seem to come in straight after computer has started and connected. Thanks. Will try with them all disabled as well. | katharinem (3459) | ||
| 865460 | 2010-03-10 03:35:00 | I would consider a HiJack log and let someone here at PF1 such as Speedy have a look at it. Could be Malware or Spyware since you mention that it starts as soon as the computer is started and connected. Maybe also download and run in safemode something like Malwarebyte from www.malwarebytes.org/ and Trojan remover available from http: Make sure they are both updated as well. |
PinoyKiw (9675) | ||
| 865461 | 2010-03-10 03:36:00 | Well I cant see what the attachment is, because it asks me to log in. I'm already logged in | Speedy Gonzales (78) | ||
| 865462 | 2010-03-10 03:51:00 | Well I cant see what the attachment is, because it asks me to log in. I'm already logged in are you logged into forums.pcworld.co.nz or pressf1.co.nz or pressf1.pcworld.co.nz or the other one that i can't remember It is a pain and i wish they would redirects them all to one to see those attachements you need to be logged into forums.pcworld.co.nz either that or you need to change the link to whatever version you are logged into eg pressf1.pcworld.co.nz or pressf1.co.nz |
Morgenmuffel (187) | ||
| 865463 | 2010-03-10 03:59:00 | The 1st one at the mo | Speedy Gonzales (78) | ||
| 865464 | 2010-03-10 06:42:00 | She has Spybot, Adaware and told me she runs them regularly. . Adaware is useless, ditrch it and get Malware Bytes instead. You say she runs Spybot regularly - I have found people who do that BUT never UPDATE them first. Is it up to date? It should be well over 900,000 malwares by now., |
pctek (84) | ||
| 865465 | 2010-03-11 04:15:00 | Good cleanup with Malawarebytes Anti...and Spybot found a few things as well. HijackThis log follows. After restart only two, whatever they are, popped up - still unable to download and see emails but have bypassed that by going through xtra.co.nz website. Wish I had thought of that yesterday. Log to follow-think I got it all. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:47:12 p.m., on 11/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ie.redirect.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC54CB3-E829-4938-93FD-10F313B6C4EE}: NameServer = 202.27.184.3 202.27.184.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{1EC54CB3-E829-4938-93FD-10F313B6C4EE}: NameServer = 202.27.184.3 202.27.184.5 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 6558 bytes Appreciate your help. |
katharinem (3459) | ||
| 1 2 | |||||