sparky55

Hi, I understand about the P2P programs. I installed these some time ago to download some music. I haven't used them in quite awhile. I'll get them removed and then check back in. I'm also not receiving email notifications of posts to this subject. I thought I had notifications enabled. I'll check one more time. Where is the setting for email notifications located? Thanks again and I'll get back here shortly. Regards, Monty

Hi Daledoc1, Thanks for replying to me. I didn't receive an email notification so I'll check my preferences. Attached are the 2 files you requested. I'll look forward to hearing back from you and thanks again! Regards, Monty attach.txt dds.txt

Hi, In the past couple of weeks or so my desktop computer began to open to a blank desktop whenever I'd log out and then login. I've tried restoring the system to several earlier points but this does nothing. If someone could help me with figuring this out I'd sure appreciate it. Thanks in advance for your help and advice.on this. Regards, Monty

Hi mountaintree16, Thanks for your reply. I do have the paid version of malwarebytes and under Settings>Updater Settings I have the box "Download and install program update if available" checked. It doesn't mention database updates. Can you tell me where I should be looking? Thanks for your help! Monty

Hi, Is there a way to have the most current databases download and install automatically? I've looked under all of the tabs and can't seem to find a way to accomplish this. Thanks for any help or advice you can give me on this. Monty Wix XP SP3 Malwarebytes V1.46

Thanks, Borislav! You take care!!!!! Monty

Hi Borislav, OK, I deleted combofix, DDS and GMER as well as the associated log files. I'm a little confused about JavaRa. I don't remember that as being part of this process. Do I need to do a search, find it and delete it? Also thanks for the link to how to prevent malware. There appears to be a wealth of information there. Let me know about the JavaRa and thanks again for all your help. Monty P.S. - I didn't get an email notification again for your last post. It must be a bug in malwarebytes?????

Hi Borislav, All right!!!!! I can now open IE7 and perform web searches and images in OE6 work now. What an ordeal! I can't thank you enough for your help with this malware removal. You take care and have a great weekend! Best regards, Monty P.S. - As soon as I ran combofix I started receiving email notifications from your replies to this post. Seems kind strange.

Hi Borislav, OK, I finally got it through my head what you wanted me to do. I copied and pasted the lines you posted into notepad, saved it to the desktop and drug it into combofix. Attached is the resulting log. Thanks again for your patience and I'll look forward to hearing back from you. Monty combofix.txt

Hi Borislav, To be honest I don't understand at all what you're asking me to do. I thought that I'd already done what you'd ask me to do. I ran combo-fix as instructed. Wasn't the log file I attached the right one? When I ran combo-fix and when it finsihed the only log file that presented itself was the file I copied and attached. Did I do something wrong? Please advise and thanks again for your help and patience. Monty

Hi Borislav, Thanks for getting back to me. To be honest I don't understand your instructions. Could you please elaborate / expalin. Sorry! Monty

Hi Borislav, I've attached the combo-fix log.txt file as you instructed. Thanks again for all your help and I'll look forward to hearing back from you. Monty log.txt

Sorry about that. Here's the scan log below. Thanks again for your help. Monty Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3991 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/15/2010 10:41:43 AM mbam-log-2010-04-15 (10-41-43).txt Scan type: Quick scan Objects scanned: 124425 Time elapsed: 13 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Hi Borislav, OK, I've deleted everything you suggested. Attached are the 2 logs you requested. I did try both IE7 and OE6 after removing the programs, but there's still no change. Hopefully we can work through this. Thanks again for your help with this. Monty P.S. - I'm still not receiving email notifications for some reason. I've checked my webmail spam filter but there's nothing there from malwarebytes. DDS.txt protection_log_2010_04_15.txt

Hi Borislav, Thanks for your reply. For some reason I didn't receive an email notification even though I have that option checked. The only programs I have the option to remove in Control Panel-Add Remove programs are Ask Toolbar, Adobe Acrobat 8.1.6 Professional and Search Settings v1.2.3. The other 2 Adobe items aren't listed. I'm curious why these programs are causing my IE7 and OE6 problems. Are they corrupted somehow or malware? If I'm not able to remove the other 2 programs will this still be a problem? Thanks for your help and as soon as I hear back from you I'll proceed. Monty

Hi Borislav, Thanks for your help with this problem. I downloaded the programs you recommended, ran them and have attached the logs below. I'll look forward to hearing back from you and thanks again! Monty GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-13 23:57:21 Windows 5.1.2600 Service Pack 3 Running: 0gvrxlzf.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfrorpob.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xBA54F392] .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9026360, 0x24BB1D, 0xE8000020] .text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xAE1B2000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xAE1D5050] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA}@hakfpgojjnjhmlcm 0x6E 0x61 0x62 0x69 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA}@jalfmgigmgnalcokmeji 0x65 0x62 0x63 0x69 ... ---- EOF - GMER 1.0.15 ---- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/6/2009 6:39:23 AM System Uptime: 4/13/2010 9:54:02 AM (6 hours ago) Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570 Processor: AMD Athlon XP 1700+ | Socket A | 1470/133mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 149 GiB total, 83.364 GiB free. D: is FIXED (NTFS) - 56 GiB total, 12.24 GiB free. E: is Removable F: is CDROM () G: is FIXED (NTFS) - 298 GiB total, 125.766 GiB free. H: is FIXED (FAT32) - 29 GiB total, 20.291 GiB free. I: is FIXED (NTFS) - 269 GiB total, 12.544 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\3&13C0B0C5&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\3&13C0B0C5&0 Service: i8042prt ==== System Restore Points =================== RP111: 2/19/2010 6:55:49 PM - System Checkpoint RP112: 2/20/2010 6:58:20 PM - System Checkpoint RP113: 2/21/2010 3:59:34 AM - RegZooka Safe Scan Backup RP114: 2/22/2010 5:00:11 AM - System Checkpoint RP115: 2/23/2010 5:05:14 AM - System Checkpoint RP116: 2/24/2010 5:26:27 AM - System Checkpoint RP117: 2/25/2010 7:08:52 AM - System Checkpoint RP118: 2/26/2010 7:38:06 AM - System Checkpoint RP119: 2/27/2010 8:41:33 AM - System Checkpoint RP120: 2/28/2010 9:03:22 AM - System Checkpoint RP121: 3/1/2010 10:18:15 AM - System Checkpoint RP122: 3/2/2010 10:46:02 AM - System Checkpoint RP123: 3/3/2010 11:01:28 AM - System Checkpoint RP124: 3/4/2010 11:47:49 AM - System Checkpoint RP125: 3/5/2010 12:46:38 PM - System Checkpoint RP126: 3/6/2010 1:46:39 PM - System Checkpoint RP127: 3/7/2010 2:19:21 PM - System Checkpoint RP128: 3/8/2010 3:19:20 PM - System Checkpoint RP129: 3/9/2010 4:19:21 PM - System Checkpoint RP130: 3/10/2010 5:19:21 PM - System Checkpoint RP131: 3/11/2010 6:19:21 PM - System Checkpoint RP132: 3/12/2010 7:18:40 PM - System Checkpoint RP133: 3/13/2010 9:18:41 PM - System Checkpoint RP134: 3/14/2010 9:42:42 PM - System Checkpoint RP135: 3/16/2010 2:28:29 AM - System Checkpoint RP136: 3/16/2010 9:02:45 AM - Avg8 Update RP137: 3/16/2010 9:05:40 AM - Avg Update RP138: 3/17/2010 8:18:02 AM - Avg Update RP139: 3/18/2010 8:54:06 AM - System Checkpoint RP140: 3/19/2010 9:51:47 AM - System Checkpoint RP141: 3/20/2010 10:19:44 AM - System Checkpoint RP142: 3/21/2010 11:19:44 AM - System Checkpoint RP143: 3/22/2010 12:19:43 PM - System Checkpoint RP144: 3/23/2010 1:19:43 PM - System Checkpoint RP145: 3/24/2010 2:19:44 PM - System Checkpoint RP146: 3/25/2010 2:32:11 PM - System Checkpoint RP147: 3/27/2010 8:31:26 AM - System Checkpoint RP148: 3/28/2010 9:12:12 AM - System Checkpoint RP149: 3/29/2010 9:21:59 AM - System Checkpoint RP150: 3/30/2010 11:14:17 AM - System Checkpoint RP151: 3/31/2010 11:15:07 AM - System Checkpoint RP152: 4/1/2010 9:58:42 AM - Avg Update RP153: 4/1/2010 10:00:17 AM - Avg Update RP154: 4/2/2010 12:39:35 PM - System Checkpoint RP155: 4/3/2010 12:49:56 PM - System Checkpoint RP156: 4/5/2010 6:33:56 AM - System Checkpoint RP157: 4/6/2010 7:34:14 AM - System Checkpoint RP158: 4/7/2010 8:33:42 AM - System Checkpoint RP159: 4/7/2010 11:35:26 AM - Restore Operation RP160: 4/7/2010 11:38:47 AM - Restore Operation RP161: 4/7/2010 11:41:50 AM - Restore Operation RP162: 4/7/2010 11:51:26 AM - Avg Update RP163: 4/7/2010 11:54:57 AM - Restore Operation RP164: 4/8/2010 8:40:12 AM - Avg Update RP165: 4/9/2010 9:02:43 AM - System Checkpoint RP166: 4/10/2010 10:04:33 AM - System Checkpoint RP167: 4/11/2010 10:14:05 AM - System Checkpoint RP168: 4/12/2010 7:23:36 AM - Software Distribution Service 3.0 RP169: 4/12/2010 7:39:52 AM - Software Distribution Service 3.0 RP170: 4/13/2010 8:18:10 AM - System Checkpoint RP171: 4/13/2010 9:50:46 AM - Installed Windows NLSDownlevelMapping. RP172: 4/13/2010 9:51:17 AM - Installed Windows IDNMitigationAPIs. RP173: 4/13/2010 9:51:36 AM - Installed Windows Internet Explorer 7. ==== Installed Programs ====================== DDS.txt

Hi, On 4/5/10 I contracted some malware from, I believe, AVsoft. I ran a full malwarebytes scan in safe-mode and 7 items were found. I removed the items and re-booted windows normally. Ever since then my IE7 will only open to a blank page and you can't search the web at all. Also my OE6 will now not display images or pictures. All you get are boxes with red X's in them. I downloaded and re-installed IE7 but this made no difference. I'm really hoping that someone can help me solve this problem. Thanks in advance for your help with this. Monty

Hi, On 4/5/10 I contracted some malware from, I believe, AVsoft. I ran a full scan in safe-mode and 7 items were found. I removed the items and re-booted windows normally. Ever since then my IE7 will only open to a blank page and you can't search the web at all. Also my OE6 will now not display images or pictures. All you get are boxes with red X's in them. I'm hoping that someone can help me solve this problem. Thanks in advance for your help with this. Monty