Would anyone please shed some light on this problem? Was after a boot-time scan?

[MikeSab7]

Alright, last night, I wanted to run a boot-time scan. This is something I do every so often, to make sure I "stay on top of" my computer's security, by scanning regularly.

So, I scheduled the boot-time scan, and re-started the computer. Things were running smoothly. Since it usually takes 3-5 hours for the scan to complete, I had myself a nap. When I woke up, this morning, (not sure how long I was asleep), I looked at the computer's scan results (before the computer had booted), and it said it found one infected file. So, I suppose I accidentally pressed the wrong thing, and instead of deleting the file at the result's screen, the computer booted. So, I thought: "No problem, I'll just delete it from the scan-log results."

When the computer booted, in the lower right-hand corner of the screen, there's a small message on my desktop saying the following:

"Windows Vista (TM)
  Build 6002
  This copy of Windows is not genuine"

I researched this a bit, and found others have had the same problem after an Avast! boot-time scan.

HOWEVER, this is NOT the only problem. When I opened Avast!, and went to the scan-logs, and the results, it said "virus found" for the result of my last scan. Here's my issue. When I try to move it to the chest, it says, Error: Error 0xC0000022. (-1073741790). When I try to delete, it says, Error: Access is denied (5). I have not tried repairing it, yet, because my 'go to' response is usually deleting virus files.

Here is the file name. C:\Program Files\...\uinstall.exe\  .... It says the severity level is low, and the status is: PUP: Win32InstallBrain-C [PUP]

I can't afford to lose this computer, and I don't have the money to have it seen by a professional. PLEASE, please help me on this. I have also posted screenshots below of both problems. Any help is appreciated, and please keep in mind that I'm not the most computer-knowledgeable person, so try to explain things 'simply' to me, as I probably won't understand too many 'tech terms'. Thank you, all, in advance for any help and light you may shed on this.

Virus error screenshot: http://imageshack.us/f/41/viruserror.jpg/ (You might have to magnify it with the little icon.)

Windows problems screenshot: http://imageshack.us/photo/my-images/191/windowsproblem.jpg/

[Pondus]

go to' response is usually deleting virus files.

not smart

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

It says the severity level is low, and the status is: PUP: Win32InstallBrain-C [PUP]

PUP - not a virus = Possible Unwanted Program
avast is telling you that you have a program that can be good or bad if abused....



PUP scan is default off in quick/full scan but default on in boot scan.......
and boot scan is not meant to be used as a regular scanner, but a scanner to be used when something is wrong



in the scan result.... if you put the mouse cursor on the vertical bar just in front of "Severity" and dragg sideways.... then you get the full file path... post that

[MikeSab7]

Thank you so much for your help thus far!

This is the full pathway you wanted.

C:\Program Files\Uninstall Information\ib_uninst_391\uninstall.exe

Please, when you figure out what I'm supposed to do, explain it step-by-step? Thanks again!

[Pondus]

is this a program you know/have installed ?   http://www.veoh.com/download     it seems that file comes from that player


you may upload the file to www.virustotal.com and test with 40+ malware scanners
when you have the result, post the scan link here for us to see

[MikeSab7]

Yes, I installed this a while ago, perhaps a month and a half so that I could watch a movie. It was a required download from a video-site. (My girlfriend at the time suggested this.) When I installed this, I ended up with "Babylon Search" as my home-page. After a while, I had to follow steps I researched online to restore my home-page. I can't remember those steps. It wouldn't let me change my homepage naturally. I also was and am (currently) using the latest Firefox as my browser, if that's any help.

But yes, I did download that file in the past, and that's when "Babylon" became my homepage. I also know others have had bad things to say about Babylon, and I couldn't ever fully install that program. (Veoh) I have my homepage back to "Google" now, though.

What should I do?

[Pondus]

What should I do?

so you want that file/program removed ?




follow this guide  http://forum.avast.com/index.php?topic=53253.0

run malwarebytes.. remove what it find if anything and post the log
run OTL and attach the log then essexboy will remove all toolbars and crap files he see in there

[MikeSab7]

Thank you so much! One question, what is a OLT? How do I run this?

[Pondus]

Thank you so much! One question, what is a OLT? How do I run this?

it is a diagnostic tool....if you browse this forum section you will see it in use in almost every post below yours

just follow the instructions in the link i gave you above

[MikeSab7]

I couldn't find the OLT tool you mentioned here. But, here are the logs from the Malwarebytes scan.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [administrator]

Protection: Enabled

8/14/2012 12:15:07 AM
mbam-log-2012-08-14 (00-15-07).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 813164
Time elapsed: 6 hour(s), 23 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Admin\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Admin\Downloads\SoftonicDownloader_for_winboard.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Information\ib_uninst_391\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

(end)

[Pondus]

I couldn't find the OLT tool you mentioned here. But, here are the logs from the Malwarebytes scan.

did you use the link i posted above ?  this http://forum.avast.com/index.php?topic=53253.0
it is just below malwarebytes instructions ...... and the download link is market OTL
there is a secondary link just under ....... and a big picture of the program .... so how can you not see it ?