Failed to load user profile after boot time virus scan

I posted to the Avast Free/Pro/Suite forum earlier today. The posting was 143319.0. I was assisted by user Alikhan. The particulars of the posting are:

“I downloaded an update to Avast Free a couple of days ago. A quick scan found a problem and Avast asked to do a boot time scan. During the scan, Avast asked what to do with several files (I think I told it to “Fix All”. Later when the system rebooted, my user profile was missing.”

I asked if anything could be done to recover my user profile. Alikhan told me to boot into safe mode, and try restoring the files that Avast had quarantined. That recovered my user profile. After reviewing my quarantine chest, Alikhan suggested that I post here. My computer is functional, but probably compromised.

As I determined later, Avast discovered 11 malware files. I restored 7 of them while recovering. When I restored the files, Avast only gave me the option to “restore and add to exclusions”.

I followed the instructions in the “Logs to assist in cleaning malware” posting, and I have enclosed the logs that were generated. I have a Avast full system scan running now.

Is there anything else I can do to track down this problem?

Thanks

Interesting. I’ll have someone assisit you

Hi,
I’ll give you future malware removal instructions.

Scan with Combofix:

[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.

[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.

[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )

The ComboFix log is attached.

How’s your computer behaving now?

Thanks,

Actually, the computer seems normal. I just rebooted it, and the user profile is still there.

There were 7 items in Avast’s exclusion list. (Those were the items that I restored while attempting to recover my user profile.) I made a copy of the paths to those items, then I deleted them from the exclusion list. (Is that what the delete button does? Hopefully I didn’t delete the the actual files.)

I ran a quick scan with Avast. The only problem mentioned was that Avast was unable to scan a file. I would just delete the file since I don’t need it, except that the instructions that I read said not to delete anything unless instructed.

I am running a boot time scan with Avast right now. The previous boot scan ran over night. I will report back when the scan has completed.

The only problem mentioned was that Avast was [b]unable to scan a file[/b].
this is just a scan error message files that can not be scanned ...for whatever reason avast gave you ... is just that, no more no less and not a detection ....so usually nothing to worry about

The boot time scan rebooted on its own, and I still have a user profile.

I don’t see anything dated today or yesterday in the Virus Chest. However, when I checked out the Avast exclusions list, the exclusions that I had deleted had returned.

OK, I deleted the exclusions again, rebooted and they are still gone. I’ll try another boot time scan.

I’m not sure what I did wrong the first time, but the second time the exclusions that I deleted stayed deleted and a boot scan did not reveal any remaining infections.

It looks like this one is solved. Thanks to everyone who helped!

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Done. Thanks again.