Inactive [A] Hard drive clusters damaged virus

[Broni]

Good

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O8 - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
  O8 - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
  O8 - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
  O15 - HKU\S-1-5-21-865321313-1588324258-352885289-1001\..Trusted Domains: xpect-software.com ([xpectsoftwarellc] http in Trusted sites)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2011/12/24 12:26:50 | 000,000,850 | -HS- | M] () -- C:\Users\UserName\AppData\Local\l443c523yh7jf53j1j6643
  @Alternate Data Stream - 1108 bytes -> C:\ProgramData\Microsoft:tBp71bIQ8QYpmOBinZ65XM15W1
  @Alternate Data Stream - 1043 bytes -> C:\ProgramData\Microsoft:UzUwfg3EPxatqyCAaCL5IVu
  @Alternate Data Stream - 1034 bytes -> C:\ProgramData\Microsoft:KF981xnxss4GoEYBZPEyaa
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[BuzzLightYear]

OTL Log 2

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all video with BitComet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home\ deleted successfully.
Invalid CLSID key: *.home
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.apac\ deleted successfully.
Invalid CLSID key: *.home.apac
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.emea\ deleted successfully.
Invalid CLSID key: *.home.emea
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.noam\ deleted successfully.
Invalid CLSID key: *.home.noam
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint\ deleted successfully.
Invalid CLSID key: *.sharepoint
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.apac\ deleted successfully.
Invalid CLSID key: *.sharepoint.apac
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.emea\ deleted successfully.
Invalid CLSID key: *.sharepoint.emea
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.noam\ deleted successfully.
Invalid CLSID key: *.sharepoint.noam
Registry key HKEY_USERS\S-1-5-21-865321313-1588324258-352885289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****\****\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Users\UserName\AppData\Local\l443c523yh7jf53j1j6643 not found.
ADS C:\ProgramData\Microsoft:tBp71bIQ8QYpmOBinZ65XM15W1 deleted successfully.
ADS C:\ProgramData\Microsoft:UzUwfg3EPxatqyCAaCL5IVu deleted successfully.
ADS C:\ProgramData\Microsoft:KF981xnxss4GoEYBZPEyaa deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 202776 bytes
->FireFox cache emptied: 127677976 bytes
->Flash cache emptied: 54387 bytes

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: UserName
->Temp folder emptied: 268357 bytes
->Temporary Internet Files folder emptied: 195310477 bytes
->Java cache emptied: 41735669 bytes
->FireFox cache emptied: 54540654 bytes
->Flash cache emptied: 1982809 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-UserName-DT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mcx2-UserName-DT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Pina
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.UserName-DT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1704518 bytes
%systemroot%\System32 .tmp files removed: 1095010 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8413274 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67883 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 413.00 mb


[EMPTYFLASH]

 

[BuzzLightYear]

Security Check Log

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira Internet Security 2012
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````

 

[Broni]

Looks good.
Go on....

 

[BuzzLightYear]

Ran TFC (didn't see a report, but system rebooted) and running ESET now. Looks like it'll take awhile; 23 mins in @ 10%.

Thanks again Broni.

 

[Broni]

Sure thing
"Toy Story", one of my favorite movies. Seen all three of them

 

[BuzzLightYear]

Nice, me too. The last one was the best imho!

If there is anything I can do to repay you, PLEASE let me know. I can't tell you enough how much I appreciate you walking me through this. I figured I was losing all my data and reformatting... instead I was able to setup a separate scan-station and transfer it all safely, thanks to you.

 

[Broni]

If there is anything I can do to repay you

You just did:

I can't tell you enough how much I appreciate you walking me through this

 

[Broni]

What happened to Eset scan?

 

[Broni]

Still with me?