[Win XP Pro - Desktop missing after log off and login]

Hi,

I understand about the P2P programs. I installed these some time ago to download some music. I haven't used them in quite awhile. I'll get them removed and then check back in. I'm also not receiving email notifications of posts to this subject. I thought I had notifications enabled. I'll check one more time. Where is the setting for email notifications located? Thanks again and I'll get back here shortly.

Regards,

Monty

[Win XP Pro - Desktop missing after log off and login]

Hi Daledoc1,

Thanks for replying to me. I didn't receive an email notification so I'll check my preferences. Attached are the 2 files you requested. I'll look forward to hearing back from you and thanks again!

Regards,

Monty

attach.txt

dds.txt

[Win XP Pro - Desktop missing after log off and login]

Hi,

In the past couple of weeks or so my desktop computer began to open to a blank desktop whenever I'd log out and then login. I've tried restoring the system to several earlier points but this does nothing. If someone could help me with figuring this out I'd sure appreciate it. Thanks in advance for your help and advice.on this.

Regards,

Monty

[How to have database download automatically?]

Hi mountaintree16,

Thanks for your reply. I do have the paid version of malwarebytes and under Settings>Updater Settings I have the box "Download and install program update if available" checked. It doesn't mention database updates. Can you tell me where I should be looking? Thanks for your help!

Monty

[How to have database download automatically?]

Hi,

Is there a way to have the most current databases download and install automatically? I've looked under all of the tabs and can't seem to find a way to accomplish this. Thanks for any help or advice you can give me on this.

Monty

Wix XP SP3

Malwarebytes V1.46

[Removal of malware disabled IE7]

Thanks, Borislav! You take care!!!!!

Monty

[Removal of malware disabled IE7]

Hi Borislav,

OK, I deleted combofix, DDS and GMER as well as the associated log files. I'm a little confused about JavaRa. I don't remember that as being part of this process. Do I need to do a search, find it and delete it? Also thanks for the link to how to prevent malware. There appears to be a wealth of information there. Let me know about the JavaRa and thanks again for all your help.

Monty

P.S. - I didn't get an email notification again for your last post. It must be a bug in malwarebytes?????

[Removal of malware disabled IE7]

Hi Borislav,

All right!!!!! I can now open IE7 and perform web searches and images in OE6 work now. What an ordeal! I can't thank you enough for your help with this malware removal. You take care and have a great weekend!

Best regards,

Monty

P.S. - As soon as I ran combofix I started receiving email notifications from your replies to this post. Seems kind strange.

[Removal of malware disabled IE7]

Hi Borislav,

OK, I finally got it through my head what you wanted me to do. I copied and pasted the lines you posted into notepad, saved it to the desktop and drug it into combofix. Attached is the resulting log. Thanks again for your patience and I'll look forward to hearing back from you.

Monty

combofix.txt

[Removal of malware disabled IE7]

Hi Borislav,

To be honest I don't understand at all what you're asking me to do. I thought that I'd already done what you'd ask me to do. I ran combo-fix as instructed. Wasn't the log file I attached the right one? When I ran combo-fix and when it finsihed the only log file that presented itself was the file I copied and attached. Did I do something wrong? Please advise and thanks again for your help and patience.

Monty

[Removal of malware disabled IE7]

Hi Borislav,

Thanks for getting back to me. To be honest I don't understand your instructions. Could you please elaborate / expalin. Sorry!

Monty

[Removal of malware disabled IE7]

Hi Borislav,

I've attached the combo-fix log.txt file as you instructed. Thanks again for all your help and I'll look forward to hearing back from you.

Monty

log.txt

[Removal of malware disabled IE7]

Sorry about that. Here's the scan log below. Thanks again for your help.

Monty

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3991

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

4/15/2010 10:41:43 AM

mbam-log-2010-04-15 (10-41-43).txt

Scan type: Quick scan

Objects scanned: 124425

Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Removal of malware disabled IE7]

Hi Borislav,

OK, I've deleted everything you suggested. Attached are the 2 logs you requested. I did try both IE7 and OE6 after removing the programs, but there's still no change. Hopefully we can work through this. Thanks again for your help with this.

Monty

P.S. - I'm still not receiving email notifications for some reason. I've checked my webmail spam filter but there's nothing there from malwarebytes.

DDS.txt

protection_log_2010_04_15.txt

[Removal of malware disabled IE7]

Hi Borislav,

Thanks for your reply. For some reason I didn't receive an email notification even though I have that option checked. The only programs I have the option to remove in Control Panel-Add Remove programs are Ask Toolbar, Adobe Acrobat 8.1.6 Professional and Search Settings v1.2.3. The other 2 Adobe items aren't listed. I'm curious why these programs are causing my IE7 and OE6 problems. Are they corrupted somehow or malware? If I'm not able to remove the other 2 programs will this still be a problem? Thanks for your help and as soon as I hear back from you I'll proceed.

Monty

[Removal of malware disabled IE7]

Hi Borislav,

Thanks for your help with this problem. I downloaded the programs you recommended, ran them and have attached the logs below. I'll look forward to hearing back from you and thanks again!

Monty

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-13 23:57:21

Windows 5.1.2600 Service Pack 3

Running: 0gvrxlzf.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfrorpob.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xBA54F392]

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9026360, 0x24BB1D, 0xE8000020]

.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xAE1B2000, 0x2892, 0xE8000020]

.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xAE1D5050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA}@hakfpgojjnjhmlcm 0x6E 0x61 0x62 0x69 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E393298B-796B-5E42-419C-1C07D5EF91CA}@jalfmgigmgnalcokmeji 0x65 0x62 0x63 0x69 ...

---- EOF - GMER 1.0.15 ----

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/6/2009 6:39:23 AM

System Uptime: 4/13/2010 9:54:02 AM (6 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570

Processor: AMD Athlon XP 1700+ | Socket A | 1470/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 149 GiB total, 83.364 GiB free.

D: is FIXED (NTFS) - 56 GiB total, 12.24 GiB free.

E: is Removable

F: is CDROM ()

G: is FIXED (NTFS) - 298 GiB total, 125.766 GiB free.

H: is FIXED (FAT32) - 29 GiB total, 20.291 GiB free.

I: is FIXED (NTFS) - 269 GiB total, 12.544 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\3&13C0B0C5&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\3&13C0B0C5&0

Service: i8042prt

==== System Restore Points ===================

RP111: 2/19/2010 6:55:49 PM - System Checkpoint

RP112: 2/20/2010 6:58:20 PM - System Checkpoint

RP113: 2/21/2010 3:59:34 AM - RegZooka Safe Scan Backup

RP114: 2/22/2010 5:00:11 AM - System Checkpoint

RP115: 2/23/2010 5:05:14 AM - System Checkpoint

RP116: 2/24/2010 5:26:27 AM - System Checkpoint

RP117: 2/25/2010 7:08:52 AM - System Checkpoint

RP118: 2/26/2010 7:38:06 AM - System Checkpoint

RP119: 2/27/2010 8:41:33 AM - System Checkpoint

RP120: 2/28/2010 9:03:22 AM - System Checkpoint

RP121: 3/1/2010 10:18:15 AM - System Checkpoint

RP122: 3/2/2010 10:46:02 AM - System Checkpoint

RP123: 3/3/2010 11:01:28 AM - System Checkpoint

RP124: 3/4/2010 11:47:49 AM - System Checkpoint

RP125: 3/5/2010 12:46:38 PM - System Checkpoint

RP126: 3/6/2010 1:46:39 PM - System Checkpoint

RP127: 3/7/2010 2:19:21 PM - System Checkpoint

RP128: 3/8/2010 3:19:20 PM - System Checkpoint

RP129: 3/9/2010 4:19:21 PM - System Checkpoint

RP130: 3/10/2010 5:19:21 PM - System Checkpoint

RP131: 3/11/2010 6:19:21 PM - System Checkpoint

RP132: 3/12/2010 7:18:40 PM - System Checkpoint

RP133: 3/13/2010 9:18:41 PM - System Checkpoint

RP134: 3/14/2010 9:42:42 PM - System Checkpoint

RP135: 3/16/2010 2:28:29 AM - System Checkpoint

RP136: 3/16/2010 9:02:45 AM - Avg8 Update

RP137: 3/16/2010 9:05:40 AM - Avg Update

RP138: 3/17/2010 8:18:02 AM - Avg Update

RP139: 3/18/2010 8:54:06 AM - System Checkpoint

RP140: 3/19/2010 9:51:47 AM - System Checkpoint

RP141: 3/20/2010 10:19:44 AM - System Checkpoint

RP142: 3/21/2010 11:19:44 AM - System Checkpoint

RP143: 3/22/2010 12:19:43 PM - System Checkpoint

RP144: 3/23/2010 1:19:43 PM - System Checkpoint

RP145: 3/24/2010 2:19:44 PM - System Checkpoint

RP146: 3/25/2010 2:32:11 PM - System Checkpoint

RP147: 3/27/2010 8:31:26 AM - System Checkpoint

RP148: 3/28/2010 9:12:12 AM - System Checkpoint

RP149: 3/29/2010 9:21:59 AM - System Checkpoint

RP150: 3/30/2010 11:14:17 AM - System Checkpoint

RP151: 3/31/2010 11:15:07 AM - System Checkpoint

RP152: 4/1/2010 9:58:42 AM - Avg Update

RP153: 4/1/2010 10:00:17 AM - Avg Update

RP154: 4/2/2010 12:39:35 PM - System Checkpoint

RP155: 4/3/2010 12:49:56 PM - System Checkpoint

RP156: 4/5/2010 6:33:56 AM - System Checkpoint

RP157: 4/6/2010 7:34:14 AM - System Checkpoint

RP158: 4/7/2010 8:33:42 AM - System Checkpoint

RP159: 4/7/2010 11:35:26 AM - Restore Operation

RP160: 4/7/2010 11:38:47 AM - Restore Operation

RP161: 4/7/2010 11:41:50 AM - Restore Operation

RP162: 4/7/2010 11:51:26 AM - Avg Update

RP163: 4/7/2010 11:54:57 AM - Restore Operation

RP164: 4/8/2010 8:40:12 AM - Avg Update

RP165: 4/9/2010 9:02:43 AM - System Checkpoint

RP166: 4/10/2010 10:04:33 AM - System Checkpoint

RP167: 4/11/2010 10:14:05 AM - System Checkpoint

RP168: 4/12/2010 7:23:36 AM - Software Distribution Service 3.0

RP169: 4/12/2010 7:39:52 AM - Software Distribution Service 3.0

RP170: 4/13/2010 8:18:10 AM - System Checkpoint

RP171: 4/13/2010 9:50:46 AM - Installed Windows NLSDownlevelMapping.

RP172: 4/13/2010 9:51:17 AM - Installed Windows IDNMitigationAPIs.

RP173: 4/13/2010 9:51:36 AM - Installed Windows Internet Explorer 7.

==== Installed Programs ======================

DDS.txt

[Removal of malware disabled IE7]

Hi,

On 4/5/10 I contracted some malware from, I believe, AVsoft. I ran a full malwarebytes scan in safe-mode and 7 items were found. I removed the items and re-booted windows normally. Ever since then my IE7 will only open to a blank page and you can't search the web at all. Also my OE6 will now not display images or pictures. All you get are boxes with red X's in them. I downloaded and re-installed IE7 but this made no difference. I'm really hoping that someone can help me solve this problem. Thanks in advance for your help with this.

Monty

[Removal of malware corrupted IE7]

Hi,

On 4/5/10 I contracted some malware from, I believe, AVsoft. I ran a full scan in safe-mode and 7 items were found. I removed the items and re-booted windows normally. Ever since then my IE7 will only open to a blank page and you can't search the web at all. Also my OE6 will now not display images or pictures. All you get are boxes with red X's in them. I'm hoping that someone can help me solve this problem. Thanks in advance for your help with this.

Monty