hi.i desperately need help…my anti virus appear to be in enhanced protection mode and now i cant no longer access to facebook.com.Is there anybody can help me settle this problem??
*sory for my bad english…
and now i cant no longer access to facebook.comyea....no access to facebook means the world is going under... D'oh! ;D
relax, essexboy is notified… it may take some time before he arrive
while waiting for essexboy you can try doing this
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here and not in the guide )
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTL log / aswMBR log ) save OTL log as ANSI
for ur info…im using avira anti-virus…but i hope u still can help me out…for the MBAM…i already scan it…n my pc is clean…n this for the OTL…but there is no extra.txt…
and aswMBR log also please 
for the MBAM..i already scan it..n my pc is cleanwas it updated when you did the scan ?
Looks like MBAM got some of it - so lets remove the rest
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O4 - HKLM..\Run: [tray_ico] File not found O4 - HKLM..\Run: [tray_ico1] File not found O4 - HKLM..\Run: [tray_ico2] File not found O4 - HKLM..\Run: [tray_ico3] File not found O4 - HKLM..\Run: [tray_ico4] File not found O31 - SafeBoot: AlternateShell - services32.exe [2011/08/24 00:03:15 | 000,000,000 | ---D | C] -- C:\Windows\ufa [2011/08/24 00:03:15 | 000,000,000 | ---D | C] -- C:\Windows\phoenix [2011/08/24 00:00:16 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1 [2011/08/23 23:59:11 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0 [2011/08/23 23:57:54 | 000,000,000 | -H-D | C] -- C:\Windows\update.2 [2011/08/23 23:56:36 | 000,000,000 | ---D | C] -- C:\Windows\av_ico [2011/08/23 23:54:53 | 000,000,000 | -H-D | C] -- C:\Windows\update.1 [2011/08/23 23:54:51 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk [2011/08/23 23:54:51 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0 [2011/08/24 00:04:26 | 000,000,200 | ---- | M] () -- C:\Windows\info1 [2011/08/24 00:03:14 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar [2011/08/24 00:03:14 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar [2011/08/24 00:03:14 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe [2011/08/24 00:03:14 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar [2011/08/23 23:59:50 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar [2011/08/23 23:57:34 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok [2011/08/24 00:03:14 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar [2011/08/24 00:03:14 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar [2011/08/24 00:03:14 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar [2011/08/23 23:58:39 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist [2011/08/23 23:58:38 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar [2011/08/23 23:58:38 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe [2011/08/23 23:57:53 | 000,000,200 | ---- | C] () -- C:\Windows\info1 [2011/08/23 23:57:09 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok:Files
ipconfig /flushdns /c
C:\Windows\services32.exe:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
[quote author=Pondus link=topic=83560.msg680918#msg680918 date=1314188737]
and aswMBR log also please
xtually im not using avast…im use avira…will the avast software not cause any bad effect to my pc?? ??? ???
for the MBAM..i already scan it..n my pc is cleanwas it updated when you did the scan ? [/quote] yes..it was updated..:)
this is the results …
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell deleted successfully.
C:\Windows\ufa folder moved successfully.
C:\Windows\phoenix\kernels\poclbm folder moved successfully.
C:\Windows\phoenix\kernels\phatk folder moved successfully.
C:\Windows\phoenix\kernels folder moved successfully.
C:\Windows\phoenix folder moved successfully.
C:\Windows\update.7.1 folder moved successfully.
C:\Windows\update.5.0 folder moved successfully.
C:\Windows\update.2 folder moved successfully.
C:\Windows\av_ico folder moved successfully.
C:\Windows\update.1 folder moved successfully.
C:\Windows\update.tray-8-0-lnk folder moved successfully.
C:\Windows\update.tray-8-0 folder moved successfully.
C:\Windows\info1 moved successfully.
C:\Windows\phoenix.rar moved successfully.
C:\Windows\rpcminer.rar moved successfully.
C:\Windows\unrar.exe moved successfully.
C:\Windows\ufa.rar moved successfully.
C:\Windows\geoiplist.rar moved successfully.
C:\Windows\loader2.exe_ok moved successfully.
File C:\Windows\phoenix.rar not found.
File C:\Windows\rpcminer.rar not found.
File C:\Windows\ufa.rar not found.
C:\Windows\geoiplist moved successfully.
File C:\Windows\geoiplist.rar not found.
File C:\Windows\unrar.exe not found.
File C:\Windows\info1 not found.
File C:\Windows\loader2.exe_ok not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\FAIQ\Downloads\cmd.bat deleted successfully.
C:\Users\FAIQ\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\services32.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: FAIQ
->Temp folder emptied: 1005031 bytes
->Temporary Internet Files folder emptied: 2966058 bytes
->FireFox cache emptied: 74182630 bytes
->Flash cache emptied: 1088 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 571945 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 75.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: FAIQ
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08252011_135246
Files\Folders moved on Reboot…
Registry entries deleted on Reboot…
just wonder…when i restart my pc and this message pop-up…(see the image)
how to remove this error??
Does it state what profile cannot be loaded - Are your desktop and settings loading normally
Could you run a fresh OTL scan please and ensure all users is selected
i dont have any idea what it is…my pc running well…but i dont know…i think my pc runs a little bit slower than before…
result for fresh otl i just attach it if u dont mind…
n the picture is how i run the otl(tell me if i done anything wrong)
Yep that is right but there should be nothing in the scan/fixes box for this resacn
ouh ya??huhu…so do i need to rescan this again ??
ok…here the new scan…
Could that be related to this software http://doubledesktop.software.informer.com/