Avast Enhanced Protection Mode please help!!!!

[andres_f]

Looks very similar to the enhanced protection but updated allready !

I will analyse the OTS scan when attached

its not letting me attach it, it is saying it is too large, it was saved in ANSI.

[DavidR]

- You can use a file sharing site such as Mediafire.com - Upload to http://www.mediafire.com/ and post the sharing link.

[andres_f]

http://www.mediafire.com/?jeb83v37a1vb30q

http://www.mediafire.com/file/jeb83v37a1vb30q/OTS.Txt

[essexboy]

Looks like MBAM got the majority - so lets now kill the rest..  On completion of this can you let me know what problems remain

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]


[Unregister Dlls]
[Registry - All]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\] > ->
YN -> HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> EC 51 3A C7 B4 84 CB 01  [binary data]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} -> C:\PROGRAM FILES (X86)\PREMIEROPINION
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {0974BA1E-64EC-11DE-B2A5-E43756D89593} [HKLM] -> [MediaBar]
YN -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {3fdba1ba-ae28-4045-9048-4ed2f3865629} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {574be437-25ae-4010-a53e-8c63b6ae02ff} [HKLM] -> [ooVoo Toolbar]
YN -> {9D425283-D487-4337-BAB6-AB8354A81457} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} [HKLM] -> [MediaBar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{0974BA1E-64EC-11DE-B2A5-E43756D89593}" [HKLM] -> [MediaBar]
YN -> "{574be437-25ae-4010-a53e-8c63b6ae02ff}" [HKLM] -> [ooVoo Toolbar]
YN -> "{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}" [HKLM] -> [MediaBar]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\] > -> HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{9565115D-C7D6-46D3-BD63-B67B481A4368}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "2047489.exe" -> ["C:\Users\Alvarado\AppData\Local\Temp\2047489.exe"]
YN -> "2602920.exe" -> ["C:\Windows\Temp\2602920.exe"]
YN -> "4951507.exe" -> ["C:\Windows\Temp\4951507.exe"]
YN -> "8186268.exe" -> ["C:\Windows\Temp\8186268.exe"]
YN -> "9585248-loader2.exe" -> ["C:\Windows\Temp\9585248-loader2.exe"]
YN -> "tray_ico" -> []
YN -> "tray_ico1" -> []
YN -> "tray_ico2" -> []
YN -> "tray_ico3" -> []
YN -> "tray_ico4" -> []
< Run [HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\] > -> HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "ares" -> ["C:\Program Files (x86)\Ares\Ares.exe" -h]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  ufa -> C:\Windows\ufa
NY ->  rpcminer -> C:\Windows\rpcminer
NY ->  phoenix -> C:\Windows\phoenix
NY ->  system64 -> C:\Windows\system64
NY ->  update.5.0 -> C:\Windows\update.5.0
NY ->  update.2 -> C:\Windows\update.2
NY ->  av_ico -> C:\Windows\av_ico
NY ->  update.1 -> C:\Windows\update.1
NY ->  update.tray-7-0-lnk -> C:\Windows\update.tray-7-0-lnk
NY ->  update.tray-7-0 -> C:\Windows\update.tray-7-0
[Files/Folders - Modified Within 30 Days]
NY ->  phoenix.rar -> C:\Windows\phoenix.rar
NY ->  rpcminer.rar -> C:\Windows\rpcminer.rar
NY ->  unrar.exe -> C:\Windows\unrar.exe
NY ->  info1 -> C:\Windows\info1
NY ->  geoiplist.rar -> C:\Windows\geoiplist.rar
NY ->  loader2.exe_ok -> C:\Windows\loader2.exe_ok
NY ->  geoiplist -> C:\Windows\geoiplist
[Files - No Company Name]
NY ->  phoenix.rar -> C:\Windows\phoenix.rar
NY ->  rpcminer.rar -> C:\Windows\rpcminer.rar
NY ->  ufa.rar -> C:\Windows\ufa.rar
NY ->  geoiplist -> C:\Windows\geoiplist
NY ->  geoiplist.rar -> C:\Windows\geoiplist.rar
NY ->  unrar.exe -> C:\Windows\unrar.exe
NY ->  info1 -> C:\Windows\info1
NY ->  loader2.exe_ok -> C:\Windows\loader2.exe_ok
[Custom Scans]
NY ->  explorer.exe : MD5=3C33B26F2F7FA61D882515F2D6078691 -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX0\procs\explorer.exe
NY ->  explorer.exe : MD5=3C33B26F2F7FA61D882515F2D6078691 -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX1\procs\explorer.exe
NY ->  explorer.exe : MD5=ABC6379205DE2618851C4FCBF72112EB -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX0\h\explorer.exe
NY ->  explorer.exe : MD5=ABC6379205DE2618851C4FCBF72112EB -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX1\h\explorer.exe
NY ->  userinit.exe : MD5=AC6094297CD882B8626466CDEB64F19F -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX0\userinit.exe
NY ->  userinit.exe : MD5=AC6094297CD882B8626466CDEB64F19F -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX1\userinit.exe
NY ->  winlogon.exe : MD5=AC6094297CD882B8626466CDEB64F19F -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX0\winlogon.exe
NY ->  winlogon.exe : MD5=AC6094297CD882B8626466CDEB64F19F -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX1\winlogon.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!