Does AVG show the enhanced mode as well
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Processes - Safe List]
YY -> svchost.exe -> C:\WINDOWS\update.5.0\svchost.exe
YY -> svchost.exe -> C:\WINDOWS\update.2\svchost.exe
YY -> svchost.exe -> C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
YY -> svchost.exe -> C:\WINDOWS\update.1\svchost.exe
YY -> ufa.exe -> C:\WINDOWS\ufa\ufa.exe
[Win32 Services - Safe List]
YY -> (srvsysdriver32) srvsysdriver32 [Auto | Stopped] -> C:\WINDOWS\sysdriver32.exe
YY -> (srvbtcclient) srvbtcclient [Auto | Running] -> C:\WINDOWS\update.5.0\svchost.exe
YY -> (srviecheck) srviecheck [Auto | Running] -> C:\WINDOWS\update.2\svchost.exe
YY -> (wxpdrivers) wxpdrivers [Auto | Running] -> C:\WINDOWS\update.1\svchost.exe
[Registry - Safe List]
< HOSTS File > ([2011.07.25 19:47:00 | 000,203,160 | -H-- | M] - 100105 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> Reset Hosts ->
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "avast5" -> [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui]
YN -> "wxpdrv" -> [C:\WINDOWS\services32.exe]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\services32.exe" -> [C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe]
YY -> "C:\WINDOWS\update.1\svchost.exe" -> C:\WINDOWS\update.1\svchost.exe [C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe]
YY -> "C:\WINDOWS\update.2\svchost.exe" -> C:\WINDOWS\update.2\svchost.exe [C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe]
YY -> "C:\WINDOWS\update.tray-7-0\svchost.exe" -> C:\WINDOWS\update.tray-7-0\svchost.exe [C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe]
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
YN -> "AlternateShell" -> services32.exe
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{ae29bd69-06dd-11e0-ad6f-8cc07d22ad93}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae29bd69-06dd-11e0-ad6f-8cc07d22ad93}\Shell\AutoRun\command ->
YN -> \{ae29bd69-06dd-11e0-ad6f-8cc07d22ad93}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL app1.EXE]
YN -> \{da5f22c2-f0bf-11de-ab2a-aa4e7a1752ce}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da5f22c2-f0bf-11de-ab2a-aa4e7a1752ce}\Shell\AutoRun\command ->
YN -> \{da5f22c2-f0bf-11de-ab2a-aa4e7a1752ce}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL app1.EXE]
[Files/Folders - Created Within 30 Days]
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs
NY -> update.tray-12-0-lnk -> C:\WINDOWS\update.tray-12-0-lnk
NY -> update.tray-12-0 -> C:\WINDOWS\update.tray-12-0
NY -> ufa -> C:\WINDOWS\ufa
NY -> rpcminer -> C:\WINDOWS\rpcminer
NY -> phoenix -> C:\WINDOWS\phoenix
NY -> update.5.0 -> C:\WINDOWS\update.5.0
NY -> update.2 -> C:\WINDOWS\update.2
NY -> WinRAR -> C:\Documents and Settings\LocalService\Application Data\WinRAR
NY -> av_ico -> C:\WINDOWS\av_ico
NY -> update.1 -> C:\WINDOWS\update.1
NY -> update.tray-7-0-lnk -> C:\WINDOWS\update.tray-7-0-lnk
NY -> update.tray-7-0 -> C:\WINDOWS\update.tray-7-0
[Files/Folders - Modified Within 30 Days]
NY -> info1 -> C:\WINDOWS\info1
NY -> sysdriver32_.exe -> C:\WINDOWS\sysdriver32_.exe
NY -> sysdriver32.exe -> C:\WINDOWS\sysdriver32.exe
NY -> Skype.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
NY -> phoenix.rar -> C:\WINDOWS\phoenix.rar
NY -> unrar.exe -> C:\WINDOWS\unrar.exe
NY -> ufa.rar -> C:\WINDOWS\ufa.rar
NY -> rpcminer.rar -> C:\WINDOWS\rpcminer.rar
NY -> systemup.exe -> C:\WINDOWS\systemup.exe
NY -> l1rezerv.exe -> C:\WINDOWS\l1rezerv.exe
NY -> geoiplist.rar -> C:\WINDOWS\geoiplist.rar
NY -> loader2.exe_ok -> C:\WINDOWS\loader2.exe_ok
NY -> geoiplist -> C:\WINDOWS\geoiplist
[Files - No Company Name]
NY -> phoenix.rar -> C:\WINDOWS\phoenix.rar
NY -> rpcminer.rar -> C:\WINDOWS\rpcminer.rar
NY -> systemup.exe -> C:\WINDOWS\systemup.exe
NY -> l1rezerv.exe -> C:\WINDOWS\l1rezerv.exe
NY -> geoiplist -> C:\WINDOWS\geoiplist
NY -> geoiplist.rar -> C:\WINDOWS\geoiplist.rar
NY -> unrar.exe -> C:\WINDOWS\unrar.exe
NY -> info1 -> C:\WINDOWS\info1
NY -> loader2.exe_ok -> C:\WINDOWS\loader2.exe_ok
NY -> sysdriver32_.exe -> C:\WINDOWS\sysdriver32_.exe
NY -> sysdriver32.exe -> C:\WINDOWS\sysdriver32.exe
[Custom Scans]
YY -> svchost.exe : MD5=B29DC60E06AF2B9ED13E6C6935BC3670 -> C:\WINDOWS\update.2\svchost.exe
YY -> svchost.exe : MD5=DDE08469DED554140851ACFFCB8F4802 -> C:\WINDOWS\update.5.0\svchost.exe
YY -> svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.1\svchost.exe
YY -> svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.tray-12-0\svchost.exe
YY -> svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.tray-12-0-lnk\svchost.exe
YY -> svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.tray-7-0\svchost.exe
YY -> svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!