User profile cannot be loaded

kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />


To fix the issue with the error "The User Profile Service failed the logon" we need to create a new user Account on your computer.

Try this Articles.
http://support.microsoft.com/kb/947215
 
S

sbcs

New Member
Thread author
Jun 17, 2013
7
Thank you, Kuttus! The first of the three methods allowed me to log in to Windows.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Great to hear that.......

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply


Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)


Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

 
Last edited by a moderator:
S

sbcs

New Member
Thread author
Jun 17, 2013
7
The Windows Security Service is running. I appreciate your help.
Here are the requested logs:

# AdwCleaner v2.303 - Logfile created 06/18/2013 at 09:57:05
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Steve - OFFICE
# Boot Mode : Normal
# Running from : C:\Users\Steve\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Steve\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\searchplugins\search-here.xml
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\Steve\AppData\Local\Conduit
Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\Steve\AppData\Local\PackageAware
Folder Deleted : C:\Users\Steve\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Steve\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Steve\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Steve\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Steve\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Steve\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Steve\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\prefs.js

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\user.js ... Deleted !

Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Steve\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6100 octets] - [18/06/2013 09:57:05]

########## EOF - C:\AdwCleaner[S1].txt - [6160 octets] ##########


====================================================================


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Steve on Tue 06/18/2013 at 10:05:44.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{200EFE6E-9971-475A-AACF-01900B8FA7E7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8E19848-715B-43FF-AE7F-16A475C51915}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1A8C9475-3BE1-4E6C-A5C1-33D95AB249BB}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{248D7D6D-BA93-4BCB-9141-9F94561C0C1F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2C30AB5F-3560-4DF5-874B-E7A644842093}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{45AB4B3A-8968-4C30-8425-6E9D0949951B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4645FD04-7C4D-41A9-86DA-D723586CB882}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4800F9B8-856A-419E-A387-89271E3CDD05}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4D63569B-25EE-49B3-932D-CF5D2CB50F18}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4D7082AE-055B-4C3C-98F7-10FEC8E5104D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4E6B0182-52E6-4877-A2D4-8F4926AA287D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4ECAC928-FF57-4744-904B-5F4FFE55084B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{510d3662-78a2-3009-94b6-0e30754d007b}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{51E69F84-4E16-4BA1-860A-B62FF9EE5D28}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{535BDCCE-622E-4235-B7F0-F87C5E1D2386}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{53FCED83-ADF5-42AD-83D3-A31A56FF2A12}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5A118C80-1B07-4D62-A9A4-EFBEBC5313A7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{64E0AFBB-7589-4B71-9930-5FF268EAECF7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6FA82842-2D26-4C4D-8719-1F972D129C58}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{77F9F3C3-09BA-4EC5-B3FA-3D85A9DC127B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7BDA706A-796F-48CF-A01C-B1C80F9F888D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7EEBC780-D4B9-422E-ABAE-F5E0B0842B24}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7F130B31-18E6-49A8-A9E8-92E278BBD05D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{83B53B7A-B204-4D93-83B1-0E3F796BB1C8}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{90897ABC-F91C-4FF6-99FE-85007923E93F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{98E9EEB8-05A1-41B3-8FA5-07473A1B9C65}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9EF69437-C230-4AD3-837A-8F3742E16AAF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A9BCCD5B-503B-4F2C-9101-DC3F618326A3}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BE9B579B-EC52-45F4-AC2E-160006F5611E}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C5FB2E66-AB33-42F2-80C4-F6E975CED238}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C6D63F3A-FD67-4C94-B749-8D5349CE57F1}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C7D3191A-91D2-474F-BA7F-99A716EEEE68}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C867F629-DB3F-44EB-ADAA-3A6BC5E96F3F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D937BE60-DCDE-4494-A1FB-0C573427FF45}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E2290EC0-AC46-4024-91DF-DBB5EEF3876A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F38E51AD-8404-4A65-BBBE-731A338F16EA}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F8C99EFF-7E3B-4F57-AB97-80ACB35F39B7}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FE772C7D-B91E-4B14-A080-E6B04ADB3D89}



~~~ FireFox

Successfully deleted the following from C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\pi3lwl05.default\prefs.js

user_pref("extensions.addon@defaulttab.com.install-event-fired", true);
user_pref("extensions.defaulttab.active.affiliate", 2628);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20120728,18175,0,0,0");
user_pref("extensions.defaulttab.browserID", "3b63c7b8a79a80292d8004c81abfd778");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4");
Emptied folder: C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\pi3lwl05.default\minidumps [70 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Steve\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/18/2013 at 10:11:04.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



====================================================================


Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Steve :: OFFICE [administrator]

6/18/2013 10:19:04 AM
mbar-log-2013-06-18 (10-19-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P
Scan options disabled: PUP
Objects scanned: 366257
Time elapsed: 1 hour(s), 33 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



===========================================================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.600000 GHz
Memory total: 8312995840, free: 5845188608

Downloaded database version: v2013.06.18.04
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
06/18/2013 10:19:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sprs.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\ahcix64s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\c2scsi64.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\??\C:\Users\Steve\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kbdhid.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmci.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa80096f6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa8009718770
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa80096f6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa8009718770
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa80096f2790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000092\
Lower Device Object: 0xfffffa8009417b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80096f1790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000091\
Lower Device Object: 0xfffffa8008202060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8008201790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xfffffa80096f0b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8009418790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008f\
Lower Device Object: 0xfffffa8009416750
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009433060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xfffffa8009154b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007815060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa800764c9c0
Lower Device Driver Name: \Driver\ahcix64s\
Driver name found: ahcix64s
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007815060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007815b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007815060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800764c9c0, DeviceName: \Device\00000070\, DriverName: \Driver\ahcix64s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a014f6c150, 0xfffffa8007815060, 0xfffffa800c70f090
Lower DeviceData: 0xfffff8a0127f1890, 0xfffffa800764c9c0, 0xfffffa800852f4c0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1439074304

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1439281152 Numsec = 25864192

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009433060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009155b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009433060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009038c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8009154b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01325a5e0, 0xfffffa8009433060, 0xfffffa800b936090
Lower DeviceData: 0xfffff8a017ff2520, 0xfffffa8009154b60, 0xfffffa800c3ef710
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5C74AE42

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 488392002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8009418790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008201040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009418790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008202c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8009416750, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8008201790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80096f1040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008201790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008202590, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80096f0b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80096f1790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80096f2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80096f1790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800942c5b0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8008202060, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa80096f2790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80096f3040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80096f2790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009417700, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8009417b60, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa80096f6060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80096f6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80096f6060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009718040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8009718770, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "c:\programdata\avg2013\chjw\40e04010e03ea8e.dat:06375845-c7f2-423e-a4ca-fa6e65249624" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished



============================================================================


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Steve :: OFFICE [administrator]

6/18/2013 11:55:21 AM
mbam-log-2013-06-18 (11-55-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292601
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />

STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 3: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> <em>(This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</em></li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />
 
Last edited by a moderator:
S

sbcs

New Member
Thread author
Jun 17, 2013
7
I had some trouble with these scans. HitmanPro ran OK, ESET took 7 hours but completed (logs below), Kaspersky initial install failed (Client register error:-2147024894). Installed after re-boot but ran for over two hours, completing only 17%, then stopped running. I re-downloaded and re-installed and started to run again, but it's saying estimated finish time over 24 hours.

Code: 
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : OFFICE
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Office\Steve
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)

   Scan date . . . . . . : 2013-06-18 13:24:32
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 8s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 24
   Traces  . . . . . . . : 1293

   Objects scanned . . . : 2,743,976
   Files scanned . . . . : 130,577
   Remnants scanned  . . : 1,025,045 files / 1,588,354 keys

Malware remnants ____________________________________________________________

   C:\Users\Steve\AppData\Local\{510d3662-78a2-3009-94b6-0e30754d007b}\@ (ZeroAccess) -> Deleted
   C:\Users\Steve\AppData\Local\{510d3662-78a2-3009-94b6-0e30754d007b}\L\ (ZeroAccess) -> Deleted
   C:\Users\Steve\AppData\Local\{510d3662-78a2-3009-94b6-0e30754d007b}\U\ (ZeroAccess) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.imarketservices.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.usa-1.net
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\0DNCTBSF.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\2QU170VX.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\4RUQ0M8R.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\6G5OWAVK.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\6PRI22FR.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\6VWNNLMY.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\7XCTTIDF.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\9XLF1HY7.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\BF98XYW0.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\DCAOD7QV.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\ELEEYE2U.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\FFW05VBE.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\FIV8JWVR.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\HN1MOG6H.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\IA8906QN.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\IJE39JIL.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\IQVID565.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\JE7NL4IR.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\K1ZGI24N.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\LA7P44SJ.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\MOGVB3A2.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\MVWYTE3M.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\O22NS0X5.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\PEND66VO.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\PJUL14DO.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\Q421NZGE.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\QEKSQWD3.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\QGN94TYP.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\QJX97HW8.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\U9L9T532.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\UPXLOI1V.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\UZ0FTF28.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\VAPTK67J.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\VBX2PEHN.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\VF001YIP.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\VST2DZ3L.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\WO6IR6HG.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\XD7D71O2.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\Y0RBL7OV.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\Z9L40NON.txt
   C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\ZRMU33H3.txt
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:247realmedia.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:a1.interclick.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ad.360yield.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ad.doubleclick.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ad.media6degrees.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:adinterax.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ads.nba.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ads.netcraft.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ads.p161.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ads.undertone.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:adserver.adtechus.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:adtech.de
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:adtechus.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:advertising.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ar.atwola.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:at.atwola.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:atdmt.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:atwola.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:burstnet.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:c.atdmt.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:c1.atdmt.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:casalemedia.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:collective-media.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:dmtracker.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:doubleclick.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:emjcd.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:fastclick.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:googleads.g.doubleclick.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:in.getclicky.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:interclick.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:invitemedia.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:kontera.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:media6degrees.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:mediaplex.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:mm.chitika.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:network.realmedia.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:overture.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:pointroll.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:realmedia.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:ru4.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:serving-sys.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:specificclick.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:statcounter.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:stats.24ways.org
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:stats.paypal.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:stats.townnews.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:stats.unionleader.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:track.adform.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:trackalyzer.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:tribalfusion.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:xiti.com
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:yieldmanager.net
   C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\cookies.sqlite:zedo.com



=================================================================================


ESET


C:\Users\Steve\AppData\Local\Temp\jar_cache1808775077642180434.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache1881355637878252355.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache2213850044511297411.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache2449183917111447936.tmp a variant of Java/Exploit.Agent.OMZ trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache4161397723958577893.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache4307241272274954331.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache4448140131393372928.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache5765318736076338880.tmp Java/Exploit.CVE-2012-1723.DS trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache5839398088021513950.tmp Java/Exploit.Agent.NMO trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache6037760708985442783.tmp a variant of Java/Exploit.CVE-2012-0507.FQ trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache6537582285666117442.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache6784545065887473798.tmp a variant of Java/Exploit.Agent.NIA trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache691705485188748435.tmp Java/Exploit.CVE-2012-0507.BS trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache7066131573606346794.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache7473678596661484011.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache7714752550073180606.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache7898895736192564967.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache8177815478118975146.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache8796861203876893410.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\WUAUNR multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6c4d940a-54d27f11 multiple threats cleaned by deleting - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f8255ac-5c5b3cfe a variant of Java/Exploit.CVE-2012-0507.FA trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2e8cf178-4225f298 multiple threats cleaned by deleting - quarantined
K:\OFFICE\Backup Set 2013-05-12 194350\Backup Files 2013-05-12 194350\Backup files 6.zip JS/TrojanDownloader.Twetti.NAB trojan deleted - quarantined
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay. Just try to run it once more and if it is not working leave the scan and try the following..

STEP 1: Download and Run Windows Repair (all in one)

Download Windows Repair (all in one)

  • Install the program then run it.
  • Go to step 2 and allow it to run Disc check by clicking Do It
  • Go to step 3 and allow it to run SFC
  • Go to start repairs tab select advanced mode and click start.
  •  Check the box next to "Restart/Shutdown system when finished" and ensure the following is checked along with the default checks
    1. Reset File Permissions
    2. Register System Files
    3. Repair WMI
    4. Remove Policies Set By Infections
    5. Remove Temp Files
  •   Then click Start.
 
S

sbcs

New Member
Thread author
Jun 17, 2013
7
I was able to run a Kaspersky Anti Virus scan on the C drive--no threats detected. I did not scan D drive (factory image) and external K drive (backups)--will run them tonight.

I did not run Windows Repair.
Any idea why it took 7+ hours each for the Kaspersky and ESET scans--isn't that unusual?
 
S

sbcs

New Member
Thread author
Jun 17, 2013
7
Here is the Kaspersky Anti Virus log for the D:\ and K:\ drives:

Status: Disinfected (events: 3)
6/19/2013 6:19:55 PM Disinfected Trojan program Trojan.JS.Iframe.wo File K:\OFFICE\Backup Set 2013-05-12 194350\Backup Files 2013-05-12 194350\ Backup files 5.zip High
6/19/2013 6:19:55 PM Disinfected Trojan program Trojan.JS.Iframe.wo File K:\OFFICE\Backup Set 2013-05-12 194350\Backup Files 2013-05-12 194350\Backup files 5.zip/C\web\Enhansulin\web\bloodsugar\ index.php.1317078069 High
6/19/2013 6:19:55 PM Disinfected Trojan program Trojan.JS.Iframe.wo File K:\OFFICE\Backup Set 2013-05-12 194350\Backup Files 2013-05-12 194350\Backup files 5.zip/C\web\Enhansulin\web\images\ index.php.1317078069 High
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
The scan time will be depends on Number of files on the computer and speed of Hard Disk. If there is sometime wrong with your computer hard disk it may take long time and the scan will be slow...
 
S

sbcs

New Member
Thread author
Jun 17, 2013
7
I appreciate your help, Kuttus. Everything seems to be back to normal. Based on the last set of scans, is there anything else I should do now? I'll follow the guidelines I've found elsewhere on your site for future prevention.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.



Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link



Keep your system updated
  • Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.


Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

<hr />
What's next?
  1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
  2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
  3. Be an active member in the MalwareTips community! :)



My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 

Similar threads

C
  • Locked
cannot acess a site
Replies
4
Views
494
Windows Malware Removal Help & Support
cometa8899
C
nicolaasjan
    • Like
    • Hundred Points
    • +Reputation
New Update Mozilla is adding better profile management to Firefox
Replies
1
Views
583
Firefox
JustInTime
JustInTime
LeMinhThanh
    • Like
New Update SampleFaces.com | Free AI-Generated Profile Pictures for Developers
Replies
1
Views
146
Chatbots and AI
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top