Jump to content

Recommended Posts

DDS (Ver_10-03-17.01) - NTFSx86

Run by Charlotte at 14:28:49.62 on Fri 05/07/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.104 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Lavasoft Personal Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

c:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Documents and Settings\Charlotte\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [share-to-Web Namespace Daemon] c:\program files\hp\hp share-to-web\hpgs2wnd.exe

mRun: [<NO NAME>]

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [lavasoftFeedBack] "c:\program files\lavasoft\personal firewall\feedback.exe" /dump:os_startup

mRun: [lavasoftMonitor] c:\progra~1\lavasoft\person~1\op_mon.exe /tray /noservice

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: buy-security-essentials.com

Trusted Zone: download-soft-package.com

Trusted Zone: download-software-package.com

Trusted Zone: get-key-se10.com

Trusted Zone: is-software-download.com

Trusted Zone: buy-security-essentials.com

Trusted Zone: get-key-se10.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\lavasoft\person~1\wl_hook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charlo~1\applic~1\mozilla\firefox\profiles\gp0p4dt7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/index.cfm

FF - prefs.js: keyword.URL - hxxp://www.rumo.com/?toolid=60195&p=

FF - component: c:\documents and settings\charlotte\application data\mozilla\firefox\profiles\gp0p4dt7.default\extensions\{8734f68b-e9e9-403c-be81-284326b16987}\components\Engine.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-31 11608]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-5 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-5 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-5 108552]

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-5-6 449184]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 74480]

R2 acssrv;Lavasoft Client Security Service;c:\progra~1\lavasoft\person~1\acs.exe [2010-5-6 1171456]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-31 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-31 267432]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-5 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-5 297752]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-31 60936]

R3 afw;Lavasoft firewall driver;c:\windows\system32\drivers\afw.sys [2010-5-6 206400]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]

S2 gupdate1c991553c784072;Google Update Service (gupdate1c991553c784072);c:\program files\google\update\GoogleUpdate.exe [2009-2-17 133104]

=============== Created Last 30 ================

2010-05-07 21:13:59 0 ----a-w- c:\documents and settings\charlotte\defogger_reenable

2010-05-07 19:24:00 0 d-----w- c:\docume~1\charlo~1\applic~1\Avira

2010-05-07 03:54:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-05-07 03:36:39 49 ----a-w- c:\windows\transp.gif

2010-05-07 03:36:38 449184 ----a-w- c:\windows\system32\drivers\SandBox.sys

2010-05-07 03:36:36 206400 ----a-w- c:\windows\system32\drivers\afw.sys

2010-05-07 03:32:04 0 ----a-w- c:\windows\system32\ES15.exe

2010-05-07 03:32:02 0 ----a-w- c:\windows\system32\helpers32.dll

2010-05-07 02:03:35 0 dc----w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-05-07 02:02:29 0 d-----w- c:\program files\Lavasoft

2010-05-07 01:22:39 16 ----a-w- c:\docume~1\charlo~1\applic~1\woxcdv.dat

2010-05-03 22:36:24 0 dc-h--w- c:\windows\ie8

2010-05-03 21:08:45 0 d-----w- C:\2dc8ce77ca59e89f0c5e14618d46

2010-04-30 19:45:03 0 d-----w- c:\program files\MemTurbo 4

2010-04-14 17:10:22 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-04-14 17:10:22 215920 ----a-w- c:\windows\system32\muweb.dll

2010-04-14 17:10:22 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-17 16:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

============= FINISH: 14:31:08.84 ===============

Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/5/2008 3:59:29 PM

System Uptime: 5/7/2010 2:19:03 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GC-MX

Processor: Intel Pentium II processor | LGA 775 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 164.174 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\4&CF81C54&0&00F0

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\4&CF81C54&0&00F0

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\ATK0110\1010110

Manufacturer:

Name:

PNP Device ID: ACPI\ATK0110\1010110

Service:

==== System Restore Points ===================

RP451: 2/6/2010 12:43:13 PM - System Checkpoint

RP452: 2/7/2010 2:56:31 PM - System Checkpoint

RP453: 2/8/2010 3:55:06 PM - System Checkpoint

RP454: 2/9/2010 4:40:30 PM - System Checkpoint

RP455: 2/10/2010 11:49:04 AM - Software Distribution Service 3.0

RP456: 2/10/2010 11:53:53 AM - Installed Windows Internet Explorer 8.

RP457: 2/10/2010 11:54:49 AM - Software Distribution Service 3.0

RP458: 2/10/2010 12:01:20 PM - Software Distribution Service 3.0

RP459: 2/10/2010 3:00:16 PM - Software Distribution Service 3.0

RP460: 2/11/2010 5:33:56 PM - System Checkpoint

RP461: 2/13/2010 12:41:17 PM - System Checkpoint

RP462: 2/14/2010 5:18:30 PM - System Checkpoint

RP463: 2/15/2010 6:12:42 PM - System Checkpoint

RP464: 2/16/2010 8:19:20 PM - System Checkpoint

RP465: 2/17/2010 9:17:25 PM - System Checkpoint

RP466: 2/18/2010 9:53:44 PM - System Checkpoint

RP467: 2/19/2010 10:11:02 PM - System Checkpoint

RP468: 2/21/2010 5:37:44 PM - System Checkpoint

RP469: 2/22/2010 9:09:03 PM - System Checkpoint

RP470: 2/23/2010 10:55:58 PM - System Checkpoint

RP471: 2/24/2010 3:00:30 PM - Software Distribution Service 3.0

RP472: 2/25/2010 6:11:27 PM - System Checkpoint

RP473: 2/26/2010 3:14:18 PM - Avira AntiVir Personal - 2/26/2010 15:14

RP474: 2/26/2010 3:15:19 PM - Advanced Registry Optimizer 2010 - Before Installation

RP475: 2/26/2010 3:16:02 PM - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN

RP476: 2/26/2010 4:03:30 PM - Advanced Registry Optimizer 2010 Fri, Feb 26, 10 16:03

RP477: 2/27/2010 4:13:42 PM - System Checkpoint

RP478: 2/28/2010 4:51:45 PM - System Checkpoint

RP479: 3/1/2010 6:02:21 PM - System Checkpoint

RP480: 3/2/2010 6:27:29 PM - System Checkpoint

RP481: 3/3/2010 7:42:06 PM - System Checkpoint

RP482: 3/4/2010 10:23:22 PM - System Checkpoint

RP483: 3/6/2010 3:29:11 PM - System Checkpoint

RP484: 3/7/2010 4:15:22 PM - System Checkpoint

RP485: 3/8/2010 10:27:02 AM - Avg8 Update

RP486: 3/9/2010 3:51:34 PM - System Checkpoint

RP487: 3/10/2010 4:12:24 PM - System Checkpoint

RP488: 3/11/2010 3:00:20 PM - Software Distribution Service 3.0

RP489: 3/12/2010 4:34:44 PM - System Checkpoint

RP490: 3/13/2010 7:31:17 PM - System Checkpoint

RP491: 3/14/2010 10:23:56 PM - System Checkpoint

RP492: 3/16/2010 11:33:49 AM - System Checkpoint

RP493: 3/17/2010 2:07:58 PM - System Checkpoint

RP494: 3/18/2010 10:19:05 AM - Avg8 Update

RP495: 3/18/2010 10:20:51 AM - Avg8 Update

RP496: 3/19/2010 1:28:29 PM - System Checkpoint

RP497: 3/20/2010 1:35:21 PM - System Checkpoint

RP498: 3/21/2010 1:37:25 PM - System Checkpoint

RP499: 3/22/2010 3:07:12 PM - System Checkpoint

RP500: 3/23/2010 3:18:46 PM - System Checkpoint

RP501: 3/24/2010 4:30:06 PM - System Checkpoint

RP502: 3/25/2010 8:56:13 PM - System Checkpoint

RP503: 3/26/2010 9:32:04 PM - System Checkpoint

RP504: 3/28/2010 1:56:41 PM - System Checkpoint

RP505: 3/29/2010 2:12:48 PM - System Checkpoint

RP506: 3/30/2010 3:00:14 PM - Software Distribution Service 3.0

RP507: 3/31/2010 4:21:42 PM - System Checkpoint

RP508: 4/1/2010 7:30:33 PM - System Checkpoint

RP509: 4/2/2010 7:48:09 PM - System Checkpoint

RP510: 4/3/2010 8:24:59 PM - System Checkpoint

RP511: 4/4/2010 9:28:18 PM - System Checkpoint

RP512: 4/6/2010 11:58:44 AM - System Checkpoint

RP513: 4/7/2010 12:44:48 PM - System Checkpoint

RP514: 4/8/2010 1:01:04 PM - System Checkpoint

RP515: 4/9/2010 4:26:34 PM - System Checkpoint

RP516: 4/10/2010 7:01:44 PM - System Checkpoint

RP517: 4/11/2010 7:46:45 PM - System Checkpoint

RP518: 4/13/2010 1:52:27 PM - System Checkpoint

RP519: 4/13/2010 3:00:16 PM - Software Distribution Service 3.0

RP520: 4/14/2010 4:13:47 PM - System Checkpoint

RP521: 4/15/2010 3:00:23 PM - Software Distribution Service 3.0

RP522: 4/16/2010 3:58:52 PM - System Checkpoint

RP523: 4/17/2010 7:39:43 PM - System Checkpoint

RP524: 4/18/2010 3:00:18 PM - Software Distribution Service 3.0

RP525: 4/19/2010 3:07:46 PM - Software Distribution Service 3.0

RP526: 4/20/2010 5:51:16 PM - System Checkpoint

RP527: 4/21/2010 6:02:33 PM - System Checkpoint

RP528: 4/22/2010 6:36:37 PM - System Checkpoint

RP529: 4/24/2010 1:45:01 PM - System Checkpoint

RP530: 4/25/2010 4:01:36 PM - System Checkpoint

RP531: 4/26/2010 6:44:51 PM - System Checkpoint

RP532: 4/27/2010 9:42:45 PM - System Checkpoint

RP533: 4/28/2010 10:00:45 PM - System Checkpoint

RP534: 4/29/2010 11:30:54 PM - System Checkpoint

RP535: 4/30/2010 12:44:00 PM - Advanced Registry Optimizer 2010 - Before Installation

RP536: 5/1/2010 1:56:21 PM - System Checkpoint

RP537: 5/2/2010 2:57:18 PM - System Checkpoint

RP538: 5/3/2010 3:37:43 PM - Installed Windows Internet Explorer 8.

RP539: 5/3/2010 3:38:38 PM - Software Distribution Service 3.0

RP540: 5/3/2010 4:20:06 PM - Advanced Registry Optimizer 2010 - Before Installation

RP541: 5/4/2010 3:11:25 PM - Software Distribution Service 3.0

RP542: 5/5/2010 4:15:09 PM - System Checkpoint

RP543: 5/6/2010 7:52:35 PM - System Checkpoint

RP544: 5/6/2010 8:36:33 PM - Lavasoft Lavasoft Personal Firewall Restore Point: install

RP545: 5/6/2010 8:56:24 PM - Lavasoft Lavasoft Personal Firewall Restore Point: update

==== Installed Programs ======================

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.3

Adobe Reader Extended Language Support Font Pack

Advanced Registry Optimizer

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG Free 8.5

Avira AntiVir Personal - Free Antivirus

Bonjour

BufferChm

Coupon Printer for Windows

CP_AtenaShokunin1Config

CP_CalendarTemplates1

CP_Package_Basic1

CP_Panorama1Config

CueTour

CustomerResearchQFolder

Destinations

DeviceFunctionQFolder

DeviceManagementQFolder

eSupportQFolder

FOX News Live

FullDPAppQFolder

Google Earth Plug-in

Google Update Helper

Google Updater

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

HP Deskjet 5400 series

HP Extended Capabilities 5.0

HP Image Zone 5.0

HP Imaging Device Functions 5.0

HP Memories Disc

HP Photo and Imaging 1.0 - Scanjet 3500c Series

HP Photo and Imaging 2.0 - Scanners

HP Product Assistant

HP Solution Center & Imaging Support Tools 5.0

HP Update

HPDeskjet5400Series

HPProductAssistant

InstantShareDevices

Intel

Link to post
Share on other sites

Hello Charlotte.

eusa_hand.gif I am requesting you STOP creating any more new topics on this same problem. The forum is very much busy already to start with. Stay with this thread.

Make sure you have saved any open work documents/files. Close & exit programs you started.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gifIf you are a casual viewer, do NOT try this on your system!

If you are not avon4u and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Step 1

You must not have Tea Timer (from Spybot) active, as it will revert any fixes that need applying.

Right click the Spybot Icon (blue icon with lock teatimer-systemtray-en.1.png) in the system tray (notification area).

  • If you have the new version, click once on Resident Protection and make sure it is Unchecked.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
    If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    Exit Spybot S&D when done and reboot the system so the changes are in effect.

Step 2

Your system has 2 antivirus programs active, which leads to "deadly embrace" & conflicts.

You must only have 1 active antivirus application-program.

I would urge you de-install AVG and restart your system fresh.

Get and save then run the AVG Remover Tool

http://www.grisoft.com/download-tools

Restart your system fresh now.

Step 3

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Next:

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

Step 6

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :files
    c:\windows\system32\ES15.exe
    c:\windows\system32\helpers32.dll
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 7

Your MBAM needs updating for the latest definitions.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 8

Please download Rooter.exe and save to your desktop.

alternate download link

  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • Click the Scan button to begin.
  • Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
  • A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
  • Rooter will automatically close. If it doesn't, just press the Close button.
  • Copy and paste the contents of Rooter_#.txt in your next reply.

Important: Before performing a scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Step 9

Copy and Paste into a reply the contents of OTL MovedFiles log

the latest MBAM scan log

the Rooter report

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.