avon4u Posted May 8, 2010 ID:246552 Share Posted May 8, 2010 DDS (Ver_10-03-17.01) - NTFSx86 Run by Charlotte at 14:28:49.62 on Fri 05/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.104 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: Lavasoft Personal Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exec:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exec:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\Documents and Settings\Charlotte\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uInternet Settings,ProxyServer = http=127.0.0.1:5555uInternet Settings,ProxyOverride = <local>BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -remmRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [WinampAgent] "c:\program files\winamp\winampa.exe"mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressbootmRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [share-to-Web Namespace Daemon] c:\program files\hp\hp share-to-web\hpgs2wnd.exemRun: [<NO NAME>] mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [lavasoftFeedBack] "c:\program files\lavasoft\personal firewall\feedback.exe" /dump:os_startupmRun: [lavasoftMonitor] c:\progra~1\lavasoft\person~1\op_mon.exe /tray /noserviceStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exemPolicies-system: EnableLUA = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: buy-security-essentials.comTrusted Zone: download-soft-package.comTrusted Zone: download-software-package.comTrusted Zone: get-key-se10.comTrusted Zone: is-software-download.comTrusted Zone: buy-security-essentials.comTrusted Zone: get-key-se10.comDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: avgrsstarter - avgrsstx.dllNotify: igfxcui - igfxdev.dllAppInit_DLLs: c:\progra~1\lavasoft\person~1\wl_hook.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLLSA: Authentication Packages = msv1_0 nwprovau================= FIREFOX ===================FF - ProfilePath - c:\docume~1\charlo~1\applic~1\mozilla\firefox\profiles\gp0p4dt7.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/index.cfmFF - prefs.js: keyword.URL - hxxp://www.rumo.com/?toolid=60195&p=FF - component: c:\documents and settings\charlotte\application data\mozilla\firefox\profiles\gp0p4dt7.default\extensions\{8734f68b-e9e9-403c-be81-284326b16987}\components\Engine.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-31 11608]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-5 335240]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-5 27784]R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-5 108552]R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-5-6 449184]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 74480]R2 acssrv;Lavasoft Client Security Service;c:\progra~1\lavasoft\person~1\acs.exe [2010-5-6 1171456]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-31 135336]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-31 267432]R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-5 908056]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-5 297752]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-31 60936]R3 afw;Lavasoft firewall driver;c:\windows\system32\drivers\afw.sys [2010-5-6 206400]R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]S2 gupdate1c991553c784072;Google Update Service (gupdate1c991553c784072);c:\program files\google\update\GoogleUpdate.exe [2009-2-17 133104]=============== Created Last 30 ================2010-05-07 21:13:59 0 ----a-w- c:\documents and settings\charlotte\defogger_reenable2010-05-07 19:24:00 0 d-----w- c:\docume~1\charlo~1\applic~1\Avira2010-05-07 03:54:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software2010-05-07 03:36:39 49 ----a-w- c:\windows\transp.gif2010-05-07 03:36:38 449184 ----a-w- c:\windows\system32\drivers\SandBox.sys2010-05-07 03:36:36 206400 ----a-w- c:\windows\system32\drivers\afw.sys2010-05-07 03:32:04 0 ----a-w- c:\windows\system32\ES15.exe2010-05-07 03:32:02 0 ----a-w- c:\windows\system32\helpers32.dll2010-05-07 02:03:35 0 dc----w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}2010-05-07 02:02:29 0 d-----w- c:\program files\Lavasoft2010-05-07 01:22:39 16 ----a-w- c:\docume~1\charlo~1\applic~1\woxcdv.dat2010-05-03 22:36:24 0 dc-h--w- c:\windows\ie82010-05-03 21:08:45 0 d-----w- C:\2dc8ce77ca59e89f0c5e14618d462010-04-30 19:45:03 0 d-----w- c:\program files\MemTurbo 42010-04-14 17:10:22 274288 ----a-w- c:\windows\system32\mucltui.dll2010-04-14 17:10:22 215920 ----a-w- c:\windows\system32\muweb.dll2010-04-14 17:10:22 16736 ----a-w- c:\windows\system32\mucltui.dll.mui==================== Find3M ====================2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll2010-02-17 16:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll============= FINISH: 14:31:08.84 =============== Link to post Share on other sites More sharing options...
avon4u Posted May 8, 2010 Author ID:246554 Share Posted May 8, 2010 UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 12/5/2008 3:59:29 PMSystem Uptime: 5/7/2010 2:19:03 PM (0 hours ago)Motherboard: ASUSTeK Computer INC. | | P5GC-MXProcessor: Intel Pentium II processor | LGA 775 | 1800/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 186 GiB total, 164.174 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is Removable==== Disabled Device Manager Items =============Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: PCI Simple Communications ControllerDevice ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\4&CF81C54&0&00F0Manufacturer: Name: PCI Simple Communications ControllerPNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\4&CF81C54&0&00F0Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Device ID: ACPI\ATK0110\1010110Manufacturer: Name: PNP Device ID: ACPI\ATK0110\1010110Service: ==== System Restore Points ===================RP451: 2/6/2010 12:43:13 PM - System CheckpointRP452: 2/7/2010 2:56:31 PM - System CheckpointRP453: 2/8/2010 3:55:06 PM - System CheckpointRP454: 2/9/2010 4:40:30 PM - System CheckpointRP455: 2/10/2010 11:49:04 AM - Software Distribution Service 3.0RP456: 2/10/2010 11:53:53 AM - Installed Windows Internet Explorer 8.RP457: 2/10/2010 11:54:49 AM - Software Distribution Service 3.0RP458: 2/10/2010 12:01:20 PM - Software Distribution Service 3.0RP459: 2/10/2010 3:00:16 PM - Software Distribution Service 3.0RP460: 2/11/2010 5:33:56 PM - System CheckpointRP461: 2/13/2010 12:41:17 PM - System CheckpointRP462: 2/14/2010 5:18:30 PM - System CheckpointRP463: 2/15/2010 6:12:42 PM - System CheckpointRP464: 2/16/2010 8:19:20 PM - System CheckpointRP465: 2/17/2010 9:17:25 PM - System CheckpointRP466: 2/18/2010 9:53:44 PM - System CheckpointRP467: 2/19/2010 10:11:02 PM - System CheckpointRP468: 2/21/2010 5:37:44 PM - System CheckpointRP469: 2/22/2010 9:09:03 PM - System CheckpointRP470: 2/23/2010 10:55:58 PM - System CheckpointRP471: 2/24/2010 3:00:30 PM - Software Distribution Service 3.0RP472: 2/25/2010 6:11:27 PM - System CheckpointRP473: 2/26/2010 3:14:18 PM - Avira AntiVir Personal - 2/26/2010 15:14RP474: 2/26/2010 3:15:19 PM - Advanced Registry Optimizer 2010 - Before InstallationRP475: 2/26/2010 3:16:02 PM - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUNRP476: 2/26/2010 4:03:30 PM - Advanced Registry Optimizer 2010 Fri, Feb 26, 10 16:03RP477: 2/27/2010 4:13:42 PM - System CheckpointRP478: 2/28/2010 4:51:45 PM - System CheckpointRP479: 3/1/2010 6:02:21 PM - System CheckpointRP480: 3/2/2010 6:27:29 PM - System CheckpointRP481: 3/3/2010 7:42:06 PM - System CheckpointRP482: 3/4/2010 10:23:22 PM - System CheckpointRP483: 3/6/2010 3:29:11 PM - System CheckpointRP484: 3/7/2010 4:15:22 PM - System CheckpointRP485: 3/8/2010 10:27:02 AM - Avg8 UpdateRP486: 3/9/2010 3:51:34 PM - System CheckpointRP487: 3/10/2010 4:12:24 PM - System CheckpointRP488: 3/11/2010 3:00:20 PM - Software Distribution Service 3.0RP489: 3/12/2010 4:34:44 PM - System CheckpointRP490: 3/13/2010 7:31:17 PM - System CheckpointRP491: 3/14/2010 10:23:56 PM - System CheckpointRP492: 3/16/2010 11:33:49 AM - System CheckpointRP493: 3/17/2010 2:07:58 PM - System CheckpointRP494: 3/18/2010 10:19:05 AM - Avg8 UpdateRP495: 3/18/2010 10:20:51 AM - Avg8 UpdateRP496: 3/19/2010 1:28:29 PM - System CheckpointRP497: 3/20/2010 1:35:21 PM - System CheckpointRP498: 3/21/2010 1:37:25 PM - System CheckpointRP499: 3/22/2010 3:07:12 PM - System CheckpointRP500: 3/23/2010 3:18:46 PM - System CheckpointRP501: 3/24/2010 4:30:06 PM - System CheckpointRP502: 3/25/2010 8:56:13 PM - System CheckpointRP503: 3/26/2010 9:32:04 PM - System CheckpointRP504: 3/28/2010 1:56:41 PM - System CheckpointRP505: 3/29/2010 2:12:48 PM - System CheckpointRP506: 3/30/2010 3:00:14 PM - Software Distribution Service 3.0RP507: 3/31/2010 4:21:42 PM - System CheckpointRP508: 4/1/2010 7:30:33 PM - System CheckpointRP509: 4/2/2010 7:48:09 PM - System CheckpointRP510: 4/3/2010 8:24:59 PM - System CheckpointRP511: 4/4/2010 9:28:18 PM - System CheckpointRP512: 4/6/2010 11:58:44 AM - System CheckpointRP513: 4/7/2010 12:44:48 PM - System CheckpointRP514: 4/8/2010 1:01:04 PM - System CheckpointRP515: 4/9/2010 4:26:34 PM - System CheckpointRP516: 4/10/2010 7:01:44 PM - System CheckpointRP517: 4/11/2010 7:46:45 PM - System CheckpointRP518: 4/13/2010 1:52:27 PM - System CheckpointRP519: 4/13/2010 3:00:16 PM - Software Distribution Service 3.0RP520: 4/14/2010 4:13:47 PM - System CheckpointRP521: 4/15/2010 3:00:23 PM - Software Distribution Service 3.0RP522: 4/16/2010 3:58:52 PM - System CheckpointRP523: 4/17/2010 7:39:43 PM - System CheckpointRP524: 4/18/2010 3:00:18 PM - Software Distribution Service 3.0RP525: 4/19/2010 3:07:46 PM - Software Distribution Service 3.0RP526: 4/20/2010 5:51:16 PM - System CheckpointRP527: 4/21/2010 6:02:33 PM - System CheckpointRP528: 4/22/2010 6:36:37 PM - System CheckpointRP529: 4/24/2010 1:45:01 PM - System CheckpointRP530: 4/25/2010 4:01:36 PM - System CheckpointRP531: 4/26/2010 6:44:51 PM - System CheckpointRP532: 4/27/2010 9:42:45 PM - System CheckpointRP533: 4/28/2010 10:00:45 PM - System CheckpointRP534: 4/29/2010 11:30:54 PM - System CheckpointRP535: 4/30/2010 12:44:00 PM - Advanced Registry Optimizer 2010 - Before InstallationRP536: 5/1/2010 1:56:21 PM - System CheckpointRP537: 5/2/2010 2:57:18 PM - System CheckpointRP538: 5/3/2010 3:37:43 PM - Installed Windows Internet Explorer 8.RP539: 5/3/2010 3:38:38 PM - Software Distribution Service 3.0RP540: 5/3/2010 4:20:06 PM - Advanced Registry Optimizer 2010 - Before InstallationRP541: 5/4/2010 3:11:25 PM - Software Distribution Service 3.0RP542: 5/5/2010 4:15:09 PM - System CheckpointRP543: 5/6/2010 7:52:35 PM - System CheckpointRP544: 5/6/2010 8:36:33 PM - Lavasoft Lavasoft Personal Firewall Restore Point: installRP545: 5/6/2010 8:56:24 PM - Lavasoft Lavasoft Personal Firewall Restore Point: update==== Installed Programs ======================Ad-AwareAd-Aware Email Scanner for OutlookAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 8.1.3Adobe Reader Extended Language Support Font PackAdvanced Registry OptimizerAnswerWorks 5.0 English RuntimeApple Application SupportApple Mobile Device SupportApple Software UpdateAVG Free 8.5Avira AntiVir Personal - Free AntivirusBonjourBufferChmCoupon Printer for WindowsCP_AtenaShokunin1ConfigCP_CalendarTemplates1CP_Package_Basic1CP_Panorama1ConfigCueTourCustomerResearchQFolderDestinationsDeviceFunctionQFolderDeviceManagementQFoldereSupportQFolderFOX News LiveFullDPAppQFolderGoogle Earth Plug-inGoogle Update HelperGoogle UpdaterHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)HP Deskjet 5400 seriesHP Extended Capabilities 5.0HP Image Zone 5.0HP Imaging Device Functions 5.0HP Memories DiscHP Photo and Imaging 1.0 - Scanjet 3500c SeriesHP Photo and Imaging 2.0 - ScannersHP Product AssistantHP Solution Center & Imaging Support Tools 5.0HP UpdateHPDeskjet5400SeriesHPProductAssistantInstantShareDevicesIntel Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 8, 2010 ID:246743 Share Posted May 8, 2010 (edited) Hello Charlotte. I am requesting you STOP creating any more new topics on this same problem. The forum is very much busy already to start with. Stay with this thread.Make sure you have saved any open work documents/files. Close & exit programs you started.You will want to print out or copy these instructions to Notepad for offline reference!If you are a casual viewer, do NOT try this on your system! If you are not avon4u and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use! Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Step 1You must not have Tea Timer (from Spybot) active, as it will revert any fixes that need applying.Right click the Spybot Icon (blue icon with lock ) in the system tray (notification area).If you have the new version, click once on Resident Protection and make sure it is Unchecked. If you have Version 1.4, Click on Exit Spybot S&D ResidentIf Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.Exit Spybot S&D when done and reboot the system so the changes are in effect.Step 2Your system has 2 antivirus programs active, which leads to "deadly embrace" & conflicts.You must only have 1 active antivirus application-program.I would urge you de-install AVG and restart your system fresh.Get and save then run the AVG Remover Toolhttp://www.grisoft.com/download-toolsRestart your system fresh now.Step 3Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from >>> here <<< Double-click FixPolicies.exe. Click the "Install" button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd. A black box will briefly appear and then close. This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.Next:1. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 4Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Step 5Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If your antivirus program gives a prompt message, respond positive to allow RKILL to run.If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILLStep 6Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************:filesc:\windows\system32\ES15.exec:\windows\system32\helpers32.dllC:\recyclerD:\recyclere:\recyclerf:\recyclerg:\recyclerh:\recycler:Commands[purity][emptytemp][CREATERESTOREPOINT]*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.Close any browser(s) windows that may be open.Using your mouse, click on the red-lettered button Run Fix.Once you see a message box "Fix complete! Click OK to open the fix log."Click the OK buttonThe log will open in Notepad (your default text editor).Save the log. Post a copy of that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.Step 7Your MBAM needs updating for the latest definitions.Start your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button. When done, click the Scanner tab.Do a FULL Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Step 8Please download Rooter.exe and save to your desktop.alternate download linkDouble-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...Click the Scan button to begin.Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.Rooter will automatically close. If it doesn't, just press the Close button.Copy and paste the contents of Rooter_#.txt in your next reply.Important: Before performing a scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.Disconnect from the Internet or physically unplug you Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Step 9Copy and Paste into a reply the contents of OTL MovedFiles logthe latest MBAM scan logthe Rooter reportBe sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Edited May 8, 2010 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 14, 2010 ID:249846 Share Posted May 14, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts