Avast Enhanced Protection Mode please help!!!!

Cant connect to internet through laptop (does find the wifi point and is connected) but browser wont go to website (either chrome or IE). Doing this post on a desktop, laptop is nephews’. Dwl Malbytes and rouge killer and doing scans. Win 7 platform. Will post logs of scans…do need help though. Do appreaciate it. Thank you.

This is the first report:

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRKgmailcom
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Alvarado [Admin rights]
Mode: Scan – Date : 07/30/2011 12:16:00

Bad processes: 11
[SVCHOST] svchost.exe – c:\windows\update.5.0\svchost.exe → KILLED
[SUSP PATH] sysdriver32.exe – c:\windows\sysdriver32.exe → KILLED
[SVCHOST] svchost.exe – c:\windows\update.2\svchost.exe → KILLED
[SUSP PATH] googletalk.exe – c:\users\alvarado\appdata\roaming\google\google talk\googletalk.exe → KILLED
[SVCHOST] svchost.exe – c:\windows\update.tray-7-0\svchost.exe → KILLED
[SUSP PATH] sysdriver32.exe – c:\windows\sysdriver32.exe → KILLED
[SUSP PATH] sysdriver32_.exe – c:\windows\sysdriver32_.exe → KILLED
[SUSP PATH] l1rezerv.exe – c:\windows\l1rezerv.exe → KILLED
[SUSP PATH] systemup.exe – c:\windows\systemup.exe → KILLED
[SUSP PATH] mbam-setup-1.51.1.1800.exe – c:\users\alvarado\desktop\mbam-setup-1.51.1.1800.exe → KILLED
[SUSP PATH] mbam-setup-1.51.1.1800.tmp – c:\users\alvarado\appdata\local\temp\is-mt649.tmp\mbam-setup-1.51.1.1800.tmp → KILLED

Registry Entries: 5
[SUSP PATH] HKCU[…]\Run : googletalk (C:\Users\Alvarado\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart) → FOUND
[SUSP PATH] HKUS\S-1-5-21-1302273170-3416456603-1724964319-1000[…]\Run : googletalk (C:\Users\Alvarado\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart) → FOUND
[HJ] HKLM[…]\System : EnableLUA (0) → FOUND
[HJ] HKLM[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) → FOUND
[HJ] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → FOUND

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[…]

Finished : << RKreport[1].txt >>
RKreport[1].txt

This is the second:

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRKgmailcom
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Alvarado [Admin rights]
Mode: Remove – Date : 07/30/2011 12:16:57

Bad processes: 0

Registry Entries: 4
[SUSP PATH] HKCU[…]\Run : googletalk (C:\Users\Alvarado\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart) → DELETED
[HJ] HKLM[…]\System : EnableLUA (0) → REPLACED (1)
[HJ] HKLM[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) → REPLACED (0)
[HJ] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[…]

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

I am currently running malabytes but it is stuckin onekline.

After running rouge killer i am able to connect and be online, yet only selected sites, mostly google related. malwarebytes still running full scan now. HELP is requested, thank you.

malwarebytes still running full scan now
you only have to run a quick scan....and post the log........and be sure it is updated before you start scanning

I dwl the 7/14/11 file, it tells me it is 24 days old.

mbam-setup-1.51.1.1800

the laptop wont let any program get updates,

Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/30/2011 3:10:48 PM
mbam-log-2011-07-30 (15-10-48).txt

Scan type: Full scan (C:|)
Objects scanned: 130823
Time elapsed: 18 minute(s), 0 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) → 1032 → Unloaded process successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) → 3172 → Unloaded process successfully.
c:\Windows\systemup.exe (Trojan.Agent) → 3476 → Unloaded process successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) → 1380 → Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) → Value: tray_ico0 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) → Value: systemup → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) → Value: wxpdrv → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) → Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) → Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\Windows\systemup.exe (Trojan.Agent) → Quarantined and deleted successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\Users\Alvarado\Desktop\rk_quarantine\systemup.exe.vir (Trojan.Agent) → Quarantined and deleted successfully.
c:\Users\Alvarado\downloads\flash-player (1).exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\Users\Alvarado\downloads\flash-player.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\Users\Alvarado\downloads\setupplaysushi.exe (PUP.PlaySushi) → Not selected for removal.

This was the first one

This was the 2nd:

Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

7/30/2011 4:10:54 PM
mbam-log-2011-07-30 (16-10-54).txt

Scan type: Full scan (C:|)
Objects scanned: 358629
Time elapsed: 31 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PremierOpinion (Trojan.Agent) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) → Value: l1rezerv.exe → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) → Value: sysdriver32.exe → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) → Value: sysdriver32_.exe → Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.

Folders Infected:
c:\Users\Alvarado\AppData\Roaming\HBLite (Adware.Hotbar) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\components (Trojan.Agent) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\premieropinion (Adware.PremierOpinion) → Quarantined and deleted successfully.

Files Infected:
c:\Users\Alvarado\downloads\setupplaysushi.exe (PUP.PlaySushi) → Not selected for removal.
c:\Windows\l1rezerv.exe (Trojan.Agent) → Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) → Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Delf) → Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) → Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\chrome.manifest (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\install.rdf (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\ncncf.dat (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\nscf.dat (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\pmls64.dll (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\pmoci.bin (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\pmph.dll (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\pmropn64.exe (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\pmservice.exe (Trojan.Agent) → Quarantined and deleted successfully.
c:\program files (x86)\premieropinion\pmxf.dll (Trojan.Agent) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\premieropinion\about premieropinion.lnk (Adware.PremierOpinion) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\premieropinion\privacy policy and user license agreement.lnk (Adware.PremierOpinion) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\premieropinion\Support.lnk (Adware.PremierOpinion) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\premieropinion\uninstall instructions.lnk (Adware.PremierOpinion) → Quarantined and deleted successfully.

The 3rd:

Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

7/30/2011 4:38:02 PM
mbam-log-2011-07-30 (16-38-02).txt

Scan type: Full scan (C:|)
Objects scanned: 64113
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Alvarado\downloads\setupplaysushi.exe (PUP.PlaySushi) → Quarantined and deleted successfully.

Just a few minutes ago:::

Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/30/2011 5:08:40 PM
mbam-log-2011-07-30 (17-08-40).txt

Scan type: Quick scan
Objects scanned: 190109
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

did you try to start in Safe mode with networking…and try to update Malwarebytes ?

no, will do that now.

agot error msg.

Malwarebytes’ Anti-Malware
An error has occurred. Please report this error code to our support team.

PROGRAM_ERROR_UPDATING (3, 0, Timeout)

The system cannot find the path specified.

If able to…

follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs HERE and not in the guide )

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log ) save OTS log as ANSI

Essexboy will look at the log when he arrive here tomorrow…

Looks very similar to the enhanced protection but updated allready !

I will analyse the OTS scan when attached

its not letting me attach it, it is saying it is too large, it was saved in ANSI.

http://www.mediafire.com/?jeb83v37a1vb30q

http://www.mediafire.com/file/jeb83v37a1vb30q/OTS.Txt

Looks like MBAM got the majority - so lets now kill the rest… On completion of this can you let me know what problems remain

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

 
[Unregister Dlls]
[Registry - All]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\] > -> 
YN -> HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> EC 51 3A C7 B4 84 CB 01  [binary data]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} -> C:\PROGRAM FILES (X86)\PREMIEROPINION
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {0974BA1E-64EC-11DE-B2A5-E43756D89593} [HKLM] -> [MediaBar]
YN -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {3fdba1ba-ae28-4045-9048-4ed2f3865629} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {574be437-25ae-4010-a53e-8c63b6ae02ff} [HKLM] -> [ooVoo Toolbar]
YN -> {9D425283-D487-4337-BAB6-AB8354A81457} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} [HKLM] -> [MediaBar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{0974BA1E-64EC-11DE-B2A5-E43756D89593}" [HKLM] -> [MediaBar]
YN -> "{574be437-25ae-4010-a53e-8c63b6ae02ff}" [HKLM] -> [ooVoo Toolbar]
YN -> "{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}" [HKLM] -> [MediaBar]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\] > -> HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{9565115D-C7D6-46D3-BD63-B67B481A4368}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "2047489.exe" -> ["C:\Users\Alvarado\AppData\Local\Temp\2047489.exe"]
YN -> "2602920.exe" -> ["C:\Windows\Temp\2602920.exe"]
YN -> "4951507.exe" -> ["C:\Windows\Temp\4951507.exe"]
YN -> "8186268.exe" -> ["C:\Windows\Temp\8186268.exe"]
YN -> "9585248-loader2.exe" -> ["C:\Windows\Temp\9585248-loader2.exe"]
YN -> "tray_ico" -> []
YN -> "tray_ico1" -> []
YN -> "tray_ico2" -> []
YN -> "tray_ico3" -> []
YN -> "tray_ico4" -> []
< Run [HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\] > -> HKEY_USERS\S-1-5-21-1302273170-3416456603-1724964319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "ares" -> ["C:\Program Files (x86)\Ares\Ares.exe" -h]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  ufa -> C:\Windows\ufa
NY ->  rpcminer -> C:\Windows\rpcminer
NY ->  phoenix -> C:\Windows\phoenix
NY ->  system64 -> C:\Windows\system64
NY ->  update.5.0 -> C:\Windows\update.5.0
NY ->  update.2 -> C:\Windows\update.2
NY ->  av_ico -> C:\Windows\av_ico
NY ->  update.1 -> C:\Windows\update.1
NY ->  update.tray-7-0-lnk -> C:\Windows\update.tray-7-0-lnk
NY ->  update.tray-7-0 -> C:\Windows\update.tray-7-0
[Files/Folders - Modified Within 30 Days]
NY ->  phoenix.rar -> C:\Windows\phoenix.rar
NY ->  rpcminer.rar -> C:\Windows\rpcminer.rar
NY ->  unrar.exe -> C:\Windows\unrar.exe
NY ->  info1 -> C:\Windows\info1
NY ->  geoiplist.rar -> C:\Windows\geoiplist.rar
NY ->  loader2.exe_ok -> C:\Windows\loader2.exe_ok
NY ->  geoiplist -> C:\Windows\geoiplist
[Files - No Company Name]
NY ->  phoenix.rar -> C:\Windows\phoenix.rar
NY ->  rpcminer.rar -> C:\Windows\rpcminer.rar
NY ->  ufa.rar -> C:\Windows\ufa.rar
NY ->  geoiplist -> C:\Windows\geoiplist
NY ->  geoiplist.rar -> C:\Windows\geoiplist.rar
NY ->  unrar.exe -> C:\Windows\unrar.exe
NY ->  info1 -> C:\Windows\info1
NY ->  loader2.exe_ok -> C:\Windows\loader2.exe_ok
[Custom Scans]
NY ->  explorer.exe : MD5=3C33B26F2F7FA61D882515F2D6078691 -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX0\procs\explorer.exe
NY ->  explorer.exe : MD5=3C33B26F2F7FA61D882515F2D6078691 -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX1\procs\explorer.exe
NY ->  explorer.exe : MD5=ABC6379205DE2618851C4FCBF72112EB -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX0\h\explorer.exe
NY ->  explorer.exe : MD5=ABC6379205DE2618851C4FCBF72112EB -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX1\h\explorer.exe
NY ->  userinit.exe : MD5=AC6094297CD882B8626466CDEB64F19F -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX0\userinit.exe
NY ->  userinit.exe : MD5=AC6094297CD882B8626466CDEB64F19F -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX1\userinit.exe
NY ->  winlogon.exe : MD5=AC6094297CD882B8626466CDEB64F19F -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX0\winlogon.exe
NY ->  winlogon.exe : MD5=AC6094297CD882B8626466CDEB64F19F -> C:\Users\Alvarado\AppData\Local\Temp\RarSFX1\winlogon.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!