system
1
hi.i desperately need help…my anti virus appear to be in enhanced protection mode and now i cant no longer access to facebook.com.Is there anybody can help me settle this problem??
*sory for my bad english…
Pondus
2
and now i cant no longer access to facebook.com
yea....no access to facebook means the world is going under... D'oh! ;D
relax, essexboy is notified… it may take some time before he arrive
Pondus
3
while waiting for essexboy you can try doing this
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here and not in the guide )
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTL log / aswMBR log ) save OTL log as ANSI
system
4
for ur info…im using avira anti-virus…but i hope u still can help me out…for the MBAM…i already scan it…n my pc is clean…n this for the OTL…but there is no extra.txt…
Pondus
5
and aswMBR log also please 
for the MBAM..i already scan it..n my pc is clean
was it updated when you did the scan ?
Looks like MBAM got some of it - so lets remove the rest
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O31 - SafeBoot: AlternateShell - services32.exe
[2011/08/24 00:03:15 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/08/24 00:03:15 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/08/24 00:00:16 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
[2011/08/23 23:59:11 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/08/23 23:57:54 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/08/23 23:56:36 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/08/23 23:54:53 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/08/23 23:54:51 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011/08/23 23:54:51 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011/08/24 00:04:26 | 000,000,200 | ---- | M] () -- C:\Windows\info1
[2011/08/24 00:03:14 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/08/24 00:03:14 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/08/24 00:03:14 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/08/24 00:03:14 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/08/23 23:59:50 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011/08/23 23:57:34 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/08/24 00:03:14 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011/08/24 00:03:14 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011/08/24 00:03:14 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011/08/23 23:58:39 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011/08/23 23:58:38 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011/08/23 23:58:38 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/08/23 23:57:53 | 000,000,200 | ---- | C] () -- C:\Windows\info1
[2011/08/23 23:57:09 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
:Files
ipconfig /flushdns /c
C:\Windows\services32.exe
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.
system
7
[quote author=Pondus link=topic=83560.msg680918#msg680918 date=1314188737]
and aswMBR log also please 
xtually im not using avast…im use avira…will the avast software not cause any bad effect to my pc?? ??? ???
system
8
for the MBAM..i already scan it..n my pc is clean
was it updated when you did the scan ?
[/quote]
yes..it was updated..:)
system
9
this is the results …
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell deleted successfully.
C:\Windows\ufa folder moved successfully.
C:\Windows\phoenix\kernels\poclbm folder moved successfully.
C:\Windows\phoenix\kernels\phatk folder moved successfully.
C:\Windows\phoenix\kernels folder moved successfully.
C:\Windows\phoenix folder moved successfully.
C:\Windows\update.7.1 folder moved successfully.
C:\Windows\update.5.0 folder moved successfully.
C:\Windows\update.2 folder moved successfully.
C:\Windows\av_ico folder moved successfully.
C:\Windows\update.1 folder moved successfully.
C:\Windows\update.tray-8-0-lnk folder moved successfully.
C:\Windows\update.tray-8-0 folder moved successfully.
C:\Windows\info1 moved successfully.
C:\Windows\phoenix.rar moved successfully.
C:\Windows\rpcminer.rar moved successfully.
C:\Windows\unrar.exe moved successfully.
C:\Windows\ufa.rar moved successfully.
C:\Windows\geoiplist.rar moved successfully.
C:\Windows\loader2.exe_ok moved successfully.
File C:\Windows\phoenix.rar not found.
File C:\Windows\rpcminer.rar not found.
File C:\Windows\ufa.rar not found.
C:\Windows\geoiplist moved successfully.
File C:\Windows\geoiplist.rar not found.
File C:\Windows\unrar.exe not found.
File C:\Windows\info1 not found.
File C:\Windows\loader2.exe_ok not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\FAIQ\Downloads\cmd.bat deleted successfully.
C:\Users\FAIQ\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\services32.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: FAIQ
->Temp folder emptied: 1005031 bytes
->Temporary Internet Files folder emptied: 2966058 bytes
->FireFox cache emptied: 74182630 bytes
->Flash cache emptied: 1088 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 571945 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 75.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: FAIQ
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08252011_135246
Files\Folders moved on Reboot…
Registry entries deleted on Reboot…
system
10
just wonder…when i restart my pc and this message pop-up…(see the image)
how to remove this error??
Does it state what profile cannot be loaded - Are your desktop and settings loading normally
Could you run a fresh OTL scan please and ensure all users is selected
system
12
i dont have any idea what it is…my pc running well…but i dont know…i think my pc runs a little bit slower than before…
result for fresh otl i just attach it if u dont mind…
n the picture is how i run the otl(tell me if i done anything wrong)
Yep that is right but there should be nothing in the scan/fixes box for this resacn
system
14
ouh ya??huhu…so do i need to rescan this again ??
ok…here the new scan…