sparky55
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by sparky55
-
-
Hi Daledoc1,
Thanks for replying to me. I didn't receive an email notification so I'll check my preferences. Attached are the 2 files you requested. I'll look forward to hearing back from you and thanks again!
Regards,
Monty
-
Hi,
In the past couple of weeks or so my desktop computer began to open to a blank desktop whenever I'd log out and then login. I've tried restoring the system to several earlier points but this does nothing. If someone could help me with figuring this out I'd sure appreciate it. Thanks in advance for your help and advice.on this.
Regards,
Monty
-
Hi mountaintree16,
Thanks for your reply. I do have the paid version of malwarebytes and under Settings>Updater Settings I have the box "Download and install program update if available" checked. It doesn't mention database updates. Can you tell me where I should be looking? Thanks for your help!
Monty
-
Hi,
Is there a way to have the most current databases download and install automatically? I've looked under all of the tabs and can't seem to find a way to accomplish this. Thanks for any help or advice you can give me on this.
Monty
Wix XP SP3
Malwarebytes V1.46
-
Thanks, Borislav! You take care!!!!!
Monty
-
Hi Borislav,
OK, I deleted combofix, DDS and GMER as well as the associated log files. I'm a little confused about JavaRa. I don't remember that as being part of this process. Do I need to do a search, find it and delete it? Also thanks for the link to how to prevent malware. There appears to be a wealth of information there. Let me know about the JavaRa and thanks again for all your help.
Monty
P.S. - I didn't get an email notification again for your last post. It must be a bug in malwarebytes?????
-
Hi Borislav,
All right!!!!! I can now open IE7 and perform web searches and images in OE6 work now. What an ordeal! I can't thank you enough for your help with this malware removal. You take care and have a great weekend!
Best regards,
Monty
P.S. - As soon as I ran combofix I started receiving email notifications from your replies to this post. Seems kind strange.
-
Hi Borislav,
OK, I finally got it through my head what you wanted me to do. I copied and pasted the lines you posted into notepad, saved it to the desktop and drug it into combofix. Attached is the resulting log. Thanks again for your patience and I'll look forward to hearing back from you.
Monty
-
Hi Borislav,
To be honest I don't understand at all what you're asking me to do. I thought that I'd already done what you'd ask me to do. I ran combo-fix as instructed. Wasn't the log file I attached the right one? When I ran combo-fix and when it finsihed the only log file that presented itself was the file I copied and attached. Did I do something wrong? Please advise and thanks again for your help and patience.
Monty
-
Hi Borislav,
Thanks for getting back to me. To be honest I don't understand your instructions. Could you please elaborate / expalin. Sorry!
Monty
-
Hi Borislav,
I've attached the combo-fix log.txt file as you instructed. Thanks again for all your help and I'll look forward to hearing back from you.
Monty
-
Sorry about that. Here's the scan log below. Thanks again for your help.
Monty
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3991
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
4/15/2010 10:41:43 AM
mbam-log-2010-04-15 (10-41-43).txt
Scan type: Quick scan
Objects scanned: 124425
Time elapsed: 13 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Hi Borislav,
OK, I've deleted everything you suggested. Attached are the 2 logs you requested. I did try both IE7 and OE6 after removing the programs, but there's still no change. Hopefully we can work through this. Thanks again for your help with this.
Monty
P.S. - I'm still not receiving email notifications for some reason. I've checked my webmail spam filter but there's nothing there from malwarebytes.
-
Hi Borislav,
Thanks for your reply. For some reason I didn't receive an email notification even though I have that option checked. The only programs I have the option to remove in Control Panel-Add Remove programs are Ask Toolbar, Adobe Acrobat 8.1.6 Professional and Search Settings v1.2.3. The other 2 Adobe items aren't listed. I'm curious why these programs are causing my IE7 and OE6 problems. Are they corrupted somehow or malware? If I'm not able to remove the other 2 programs will this still be a problem? Thanks for your help and as soon as I hear back from you I'll proceed.
Monty
-
Hi Borislav,
Thanks for your help with this problem. I downloaded the programs you recommended, ran them and have attached the logs below. I'll look forward to hearing back from you and thanks again!
Monty
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-13 23:57:21
Windows 5.1.2600 Service Pack 3
Running: 0gvrxlzf.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfrorpob.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xBA54F392]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9026360, 0x24BB1D, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xAE1B2000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xAE1D5050]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA}@hakfpgojjnjhmlcm 0x6E 0x61 0x62 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA}@jalfmgigmgnalcokmeji 0x65 0x62 0x63 0x69 ...
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/6/2009 6:39:23 AM
System Uptime: 4/13/2010 9:54:02 AM (6 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon XP 1700+ | Socket A | 1470/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 83.364 GiB free.
D: is FIXED (NTFS) - 56 GiB total, 12.24 GiB free.
E: is Removable
F: is CDROM ()
G: is FIXED (NTFS) - 298 GiB total, 125.766 GiB free.
H: is FIXED (FAT32) - 29 GiB total, 20.291 GiB free.
I: is FIXED (NTFS) - 269 GiB total, 12.544 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&13C0B0C5&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&13C0B0C5&0
Service: i8042prt
==== System Restore Points ===================
RP111: 2/19/2010 6:55:49 PM - System Checkpoint
RP112: 2/20/2010 6:58:20 PM - System Checkpoint
RP113: 2/21/2010 3:59:34 AM - RegZooka Safe Scan Backup
RP114: 2/22/2010 5:00:11 AM - System Checkpoint
RP115: 2/23/2010 5:05:14 AM - System Checkpoint
RP116: 2/24/2010 5:26:27 AM - System Checkpoint
RP117: 2/25/2010 7:08:52 AM - System Checkpoint
RP118: 2/26/2010 7:38:06 AM - System Checkpoint
RP119: 2/27/2010 8:41:33 AM - System Checkpoint
RP120: 2/28/2010 9:03:22 AM - System Checkpoint
RP121: 3/1/2010 10:18:15 AM - System Checkpoint
RP122: 3/2/2010 10:46:02 AM - System Checkpoint
RP123: 3/3/2010 11:01:28 AM - System Checkpoint
RP124: 3/4/2010 11:47:49 AM - System Checkpoint
RP125: 3/5/2010 12:46:38 PM - System Checkpoint
RP126: 3/6/2010 1:46:39 PM - System Checkpoint
RP127: 3/7/2010 2:19:21 PM - System Checkpoint
RP128: 3/8/2010 3:19:20 PM - System Checkpoint
RP129: 3/9/2010 4:19:21 PM - System Checkpoint
RP130: 3/10/2010 5:19:21 PM - System Checkpoint
RP131: 3/11/2010 6:19:21 PM - System Checkpoint
RP132: 3/12/2010 7:18:40 PM - System Checkpoint
RP133: 3/13/2010 9:18:41 PM - System Checkpoint
RP134: 3/14/2010 9:42:42 PM - System Checkpoint
RP135: 3/16/2010 2:28:29 AM - System Checkpoint
RP136: 3/16/2010 9:02:45 AM - Avg8 Update
RP137: 3/16/2010 9:05:40 AM - Avg Update
RP138: 3/17/2010 8:18:02 AM - Avg Update
RP139: 3/18/2010 8:54:06 AM - System Checkpoint
RP140: 3/19/2010 9:51:47 AM - System Checkpoint
RP141: 3/20/2010 10:19:44 AM - System Checkpoint
RP142: 3/21/2010 11:19:44 AM - System Checkpoint
RP143: 3/22/2010 12:19:43 PM - System Checkpoint
RP144: 3/23/2010 1:19:43 PM - System Checkpoint
RP145: 3/24/2010 2:19:44 PM - System Checkpoint
RP146: 3/25/2010 2:32:11 PM - System Checkpoint
RP147: 3/27/2010 8:31:26 AM - System Checkpoint
RP148: 3/28/2010 9:12:12 AM - System Checkpoint
RP149: 3/29/2010 9:21:59 AM - System Checkpoint
RP150: 3/30/2010 11:14:17 AM - System Checkpoint
RP151: 3/31/2010 11:15:07 AM - System Checkpoint
RP152: 4/1/2010 9:58:42 AM - Avg Update
RP153: 4/1/2010 10:00:17 AM - Avg Update
RP154: 4/2/2010 12:39:35 PM - System Checkpoint
RP155: 4/3/2010 12:49:56 PM - System Checkpoint
RP156: 4/5/2010 6:33:56 AM - System Checkpoint
RP157: 4/6/2010 7:34:14 AM - System Checkpoint
RP158: 4/7/2010 8:33:42 AM - System Checkpoint
RP159: 4/7/2010 11:35:26 AM - Restore Operation
RP160: 4/7/2010 11:38:47 AM - Restore Operation
RP161: 4/7/2010 11:41:50 AM - Restore Operation
RP162: 4/7/2010 11:51:26 AM - Avg Update
RP163: 4/7/2010 11:54:57 AM - Restore Operation
RP164: 4/8/2010 8:40:12 AM - Avg Update
RP165: 4/9/2010 9:02:43 AM - System Checkpoint
RP166: 4/10/2010 10:04:33 AM - System Checkpoint
RP167: 4/11/2010 10:14:05 AM - System Checkpoint
RP168: 4/12/2010 7:23:36 AM - Software Distribution Service 3.0
RP169: 4/12/2010 7:39:52 AM - Software Distribution Service 3.0
RP170: 4/13/2010 8:18:10 AM - System Checkpoint
RP171: 4/13/2010 9:50:46 AM - Installed Windows NLSDownlevelMapping.
RP172: 4/13/2010 9:51:17 AM - Installed Windows IDNMitigationAPIs.
RP173: 4/13/2010 9:51:36 AM - Installed Windows Internet Explorer 7.
==== Installed Programs ======================
-
Hi,
On 4/5/10 I contracted some malware from, I believe, AVsoft. I ran a full malwarebytes scan in safe-mode and 7 items were found. I removed the items and re-booted windows normally. Ever since then my IE7 will only open to a blank page and you can't search the web at all. Also my OE6 will now not display images or pictures. All you get are boxes with red X's in them. I downloaded and re-installed IE7 but this made no difference. I'm really hoping that someone can help me solve this problem. Thanks in advance for your help with this.
Monty
-
Hi,
On 4/5/10 I contracted some malware from, I believe, AVsoft. I ran a full scan in safe-mode and 7 items were found. I removed the items and re-booted windows normally. Ever since then my IE7 will only open to a blank page and you can't search the web at all. Also my OE6 will now not display images or pictures. All you get are boxes with red X's in them. I'm hoping that someone can help me solve this problem. Thanks in advance for your help with this.
Monty
Win XP Pro - Desktop missing after log off and login
in General Windows PC Help
Posted
Hi,
I understand about the P2P programs. I installed these some time ago to download some music. I haven't used them in quite awhile. I'll get them removed and then check back in. I'm also not receiving email notifications of posts to this subject. I thought I had notifications enabled. I'll check one more time. Where is the setting for email notifications located? Thanks again and I'll get back here shortly.
Regards,
Monty