Solved Following 8 step virus removal

[montgomery1082]

ok will do.

 

[Broni]

I don't know how this Kaspersky program got in there. I have never even heard of it.

Don't ask me

 

[montgomery1082]

All processes killed
========== OTL ==========
Error: Unable to stop service KLIF!
Unable to delete service\driver key KLIF.
File move failed. C:\Windows\SysNative\drivers\klif.sys scheduled to be moved on reboot.
Error: Unable to stop service kl1!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kl1 deleted successfully.
File move failed. C:\Windows\SysNative\drivers\kl1.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\klif.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\kl1.sys scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lance M Soto
->Temp folder emptied: 1155567 bytes
->Temporary Internet Files folder emptied: 5318182 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2059021 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lance M Soto
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08192010_000447

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\drivers\klif.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\kl1.sys scheduled to be moved on reboot.
C:\Users\Lance M Soto\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lance M Soto\AppData\Local\Temp\~DFD9F6AA73731AEE14.TMP moved successfully.
File\Folder C:\Windows\temp\avD3AD.tmp not found!
C:\Windows\temp\ZLT06b92.TMP moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

Good

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[montgomery1082]

Whew thats gonna take a min..........lol. I will follow those instructions then post what you requested.

 

[Broni]

Kaspersky will take a while...sometimes overnight

 

[montgomery1082]

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ZoneAlarm Extreme Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Zone Labs ZoneAlarm zlclient.exe
Zone Labs ZoneAlarm MailFrontier mantispm.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[montgomery1082]

Ok now i'm going to run the Kaspersky program. So this will take a while to run complete?

 

[Broni]

Yes, it'll, but by now you should be pretty much in the clear.
Security Check log looks good, btw.

 

[montgomery1082]

Ok thank you I'm downloading Kaspersky now and will start it.

 

[Broni]

You're welcome

 

[montgomery1082]

Ok I can't say enough how much I appreciate your help. I ran the Kaspersky Online Scan it did not produce any report text. The only thing it said was "0 Infections Found". So I think everything is clean now. My system seems to be running ok, now when the computers idle my CPU usage is either 0% or 2% instead od 80 to 90.

 

[Broni]

Excellent!

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Broni]

The issue appears to be resolved.