Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I'm infected with Backdoor.Ulrbot.C


  • Please log in to reply
23 replies to this topic

#1 duffman7

duffman7

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 01 December 2008 - 03:41 PM

Hi there

Yesterday, I tried to open my firefox as per usual, but I got an error message telling me that it had crashed, I tried to send an error report but that wouldn't work either. I followed all the instructions on the mozilla site but nothing worked. All that I've gathered is that I seem to be infected with Backdoor.Ulrbot.C. It simply won't open at all, all that comes up when I click on it is the crash dialogue box. It's Firefox 3.0.4.

Also, I had to rebuild my WMP library, I'm not sure if this was related, but I'd hazzard a guiess that the two are related.

Hoping somebody can help me. I've ran an McAfee scan, came up clear, I have also used Ccleaner to clean my registry and cookies so there shouldn't be any tracker cookies or anything like that.

Not entirely sure what information you may need to help me, I'm running XP Service Pack 3. If you need to know anything else, just let me know how to grab the info and I'll post it up. Really hope somebody can help me fix this as I've two college essays to start next week on this and the last thing I need is some dodgy computer.

Thanks in advance
Duff.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 01 December 2008 - 05:30 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 duffman7

duffman7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 01 December 2008 - 06:11 PM

Thanks for the reply

Malwarebytes' Anti-Malware 1.30
Database version: 1443
Windows 5.1.2600 Service Pack 3

01/12/2008 23:09:38
mbam-log-2008-12-01 (23-09-38).txt

Scan type: Quick Scan
Objects scanned: 55698
Time elapsed: 16 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 01 December 2008 - 06:22 PM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 duffman7

duffman7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 01 December 2008 - 07:22 PM

SDFix: Version 1.240
Run by Ciaran on 02/12/2008 at 00:03

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\antiv.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 00:07:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"="C:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe:*:Enabled:Printer Device Monitor"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Lexmark 4800 Series\\FRun.exe"="C:\\Program Files\\Lexmark 4800 Series\\FRun.exe:*:Enabled:Printing Application"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Kontiki\\KHost.exe"="C:\\Program Files\\Kontiki\\KHost.exe:*:Enabled:Delivery Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Fri 12 Sep 2008 4,348 ..SHR --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 18 Sep 2008 0 A.SHR --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 3 Dec 2007 24,064 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Writtan Language\Michaelmas Term\~WRL0003.tmp"
Mon 3 Dec 2007 25,088 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Writtan Language\Michaelmas Term\~WRL0860.tmp"
Mon 3 Dec 2007 24,064 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Writtan Language\Michaelmas Term\~WRL0962.tmp"
Thu 20 Mar 2008 26,624 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Texts\Hiliary Term\~WRL0003.tmp"
Thu 20 Mar 2008 27,648 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Texts\Hiliary Term\~WRL0004.tmp"
Thu 20 Mar 2008 26,624 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Texts\Hiliary Term\~WRL0005.tmp"
Thu 20 Mar 2008 26,624 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Texts\Hiliary Term\~WRL1108.tmp"
Thu 20 Mar 2008 27,136 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Texts\Hiliary Term\~WRL1879.tmp"
Thu 20 Mar 2008 27,136 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Texts\Hiliary Term\~WRL2570.tmp"
Thu 20 Mar 2008 27,648 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Texts\Hiliary Term\~WRL2789.tmp"
Thu 20 Mar 2008 27,648 A.SHR --- "C:\Documents and Settings\Ciaran\Desktop\College\Junior Freshman\French\Texts\Hiliary Term\~WRL3157.tmp"

Finished!

Still firefox doesn't open and now I get this dialogue box on start-up.

Posted Image

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 01 December 2008 - 09:10 PM

Right click on the C drive in Explorer and go Properties > Tools > Check Now (under Error Checking). Check both boxes then click "Start Now". A message will pop up saying that Error Checking will run after you restart the computer. Restart the computer and Error Checking will run automatically after the restart. After it’s finished it will restart into Windows automatically.

Post back what it reports.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 duffman7

duffman7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 03 December 2008 - 11:26 AM

It didn't say anything, it just checked all the files, got to 100% then it went to check free space, got to 100% and then restarted windows.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 03 December 2008 - 04:25 PM

Have a look in the Event Viewer for any errors at the time of the crashes.

To open the Event Viewer go to Start > Control Panel > Administrative Tools > Event Viewer. Alternately, go to Start > Run and type in "eventvwr.msc" (without the quotes) and press Enter.

Check in all the categories.

If you find an error that occurred at the time right-click on it and select properties. Copy the information in the window and post it back here. This will help us diagnose your problem.

How To Use the Event Viewer
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 duffman7

duffman7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 03 December 2008 - 08:16 PM

12/04/08 (MM/DD/YY) 1:13 = I click on Mozilla Firefox Icon

Most recent event in the Event Viewer is from 1:08, a DHCP warning
"Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016CF91E6C9. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at [url="http://go.microsoft.com/fwlink/events.asp.""]http://go.microsoft.com/fwlink/events.asp."[/url]

Presumably because my laptop was on standby.

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 03 December 2008 - 10:33 PM

Is the problem mainly with FireFox? Maybe you could try reinstalling it.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 duffman7

duffman7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 04 December 2008 - 10:40 AM

I have, I deleted and all traces of it, and re-installed it but still the same problem. When I switch on my laptop I get that dialogue box (above) saying that Delivery Manager Service failed to open.

Edited by duffman7, 04 December 2008 - 10:40 AM.


#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 04 December 2008 - 03:58 PM

Maybe this applies to you:

http://www.pcdoctor-guide.com/wordpress/?p=2452
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 duffman7

duffman7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 04 December 2008 - 04:17 PM

I don't think so, I ran that KClean programme but all it seemed to do was remove the KHost's I had for a similar service I have to view Channel four programmes on the computer. Here's what the report said.

Remove File : OK C:\Program Files\Kontiki\KService.exe
Delete Reg Key: OK HKEY_CLASSES_ROOT\AppID\{56724B57-3A7D-4FDF-9C9A-654BB1C44A6D}
Delete Reg Key: OK HKEY_CLASSES_ROOT\AppID\KService.EXE
Delete Reg Key: OK HKEY_CLASSES_ROOT\TypeLib\{56724B57-3A7D-4FDF-9C9A-654BB1C44A6D}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KService.KDMPeerMonitorApi
Delete Reg Key: OK HKEY_CLASSES_ROOT\KService.KDMPeerMonitorApi.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{4062161c-19e8-48f5-aaad-22b55435b1a5}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KService.KDMProviderUserApi
Delete Reg Key: OK HKEY_CLASSES_ROOT\KService.KDMProviderUserApi.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{83D70C88-12F2-4B69-B4E7-D2AF6DA1079B}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KService.KDMProviderManagerApi
Delete Reg Key: OK HKEY_CLASSES_ROOT\KService.KDMProviderManagerApi.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{8C9813D0-9FEA-4F37-AAF0-89D9C805B89F}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KService.KDMServiceApi
Delete Reg Key: OK HKEY_CLASSES_ROOT\KService.KDMServiceApi.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{F4524160-9145-49C9-8810-46CBC1EA0021}
Delete Reg Key: OK HKEY_LOCAL_MACHINE\Software\Kontiki\
Delete Reg Key: OK HKEY_CLASSES_ROOT\AppID\{A02E97ED-44E7-4695-A0EE-66B7E9E8E4BB}
Delete Reg Key: OK HKEY_CLASSES_ROOT\AppID\KHost.EXE
Delete Reg Key: OK HKEY_CLASSES_ROOT\TypeLib\{7A59F47C-63FE-4C17-A8C8-DE3BF7FE6A35}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.Host
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.Host.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{7A4A795E-E9AC-4E2D-9EE9-935ED1030422}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.SecureUI
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.SecureUI.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{5FB8530A-5A4B-45A5-9E38-B34244C54360}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.SecureFrame
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.SecureFrame.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{3E31FA99-FBFB-4CB7-A31D-493901BC0CCA}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.SecureApi
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.SecureApi.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{D1C9B084-BF92-4555-B187-E7B9BCF1928E}
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.SecureInstall
Delete Reg Key: OK HKEY_CLASSES_ROOT\KDX.SecureInstall.1
Delete Reg Key: OK HKEY_CLASSES_ROOT\CLSID\{A7ECD556-D6F6-4F41-8C6B-14AB246801A0}
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od.swf
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_button.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_event.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_html_launch_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_html_launch_offline.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_html_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_html_offline.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_html_player_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_html_player_offline.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_tooltip.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4od_tooltip.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\4odmedium.swf
Remove File : OK C:\Program Files\Kontiki\4od1\cache\button_continue.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\button_delete_selected.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\button_launch_4oD.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\button_view_my_downloads.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_background.jpg
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_btn_dlg.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_button-continue.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_button-close.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_button-downloads.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_complete.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_eventDefault.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_grass.jpg
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_home.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_kdx.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_kdx_init.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_kdx_playing.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_kdx_sweep.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_kdx_util.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_lowdiskspace.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_menuTray.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_offline.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_popuplogo.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_profileTemplate.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_script.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_spacer.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_styles.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_tray0.ico
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_tray1.ico
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4_tray2.ico
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4player.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\c4player.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\config.xml
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_6_4od.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_6_4od_button.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_6_4od_html_launch_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_6_4od_html_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_6_4od_html_player_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_6_4od_tooltip.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_6_launch_list.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_7_4od.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_7_4od_button.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_7_4od_html_launch_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_7_4od_html_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_7_4od_html_player_offline.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\ie_7_4od_tooltip.css
Remove File : OK C:\Program Files\Kontiki\4od1\cache\launch.vod-body.headline.b.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\launch.vod-body.headline.t.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\launch_list.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\launch_player.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\myDownloads.html
Remove File : OK C:\Program Files\Kontiki\4od1\cache\player.js
Remove File : OK C:\Program Files\Kontiki\4od1\cache\player01.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\player02.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\player03.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\player_help.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\png.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\question_mark.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\rating_g.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\right_arrow.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\status_launch_player.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\status_pay_and_play.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\status_play.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\status_ready_to_play.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\tooltip_question_mark.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_body_arrow_b_d.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_body_arrow_b_d.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_body_arrow_b_r.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_body_arrow_b_r.png
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_body_device.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_body_headline_b.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_body_headline_t.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_head_4od_offline.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_head_arrow_b_d.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_head_arrow_g_r.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_head_my_downloads.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_neck_arrow_b_r.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_neck_arrow_w_d.gif
Remove File : OK C:\Program Files\Kontiki\4od1\cache\vod_neck_arrow_w_u.gif
Remove Dir : OK C:\Program Files\Kontiki\4od1\cache\
Remove File : OK C:\Program Files\Kontiki\4od1\zprefs_db_netman.xml.read
Remove Dir : OK C:\Program Files\Kontiki\4od1\
Remove File : OK C:\Program Files\Kontiki\KHost.exe
Remove File : OK C:\Program Files\Kontiki\errorlog.cfg
Remove File : OK C:\Program Files\Kontiki\kdx.inf
Remove Dir : OK C:\Program Files\Kontiki\


Firefox still crashes on opening. Hmm, perhaps it's not this backdoor bot thing, it's very puzzeling.

Any further advice?!

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 04 December 2008 - 04:27 PM

When Firefox crashes does it give you an error message?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 duffman7

duffman7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 04 December 2008 - 04:50 PM

This window pops up straight away:

Posted Image

When I go to view the details of this report, it says:

Add-ons: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4
BuildID: 2008102920
CrashTime: 1228426934
Email:
InstallTime: 1226710363
ProductName: Firefox
SecondsSinceLastCrash: 360834
StartupTime: 1228426932
Theme: classic/1.0
URL:
UserID: 2805a9b4-3e53-42a0-a28e-15f78aa8d97d
Vendor: Mozilla
Version: 3.0.4

This report also contains technical information about the state of the application when it crashed.

I've tried sending the reports days ago, but with no joy. They never respond to them.

Here are the codes for some of the ones I've submitted previously

Crash ID: bp-6d32d359-7f29-45fa-aaa0-add342081130
Crash ID: bp-6efa8243-651e-429d-bac9-ec0fa2081130
Crash ID: bp-62cb59c5-c1ea-40fa-a96c-646892081130
Crash ID: bp-afd2cb29-9952-44aa-a943-501d92081130
Crash ID: bp-cb54575f-a530-4a39-8e08-eb66b2081130
Crash ID: bp-e4907ebe-725e-4da2-abe7-ee8372081130
Crash ID: bp-f46f53b9-8aca-4558-8365-3c9242081130

Not sure if these will help at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users