[Render]

Please try this:

Please download AVP Tool by Kaspersky. Save it to your desktop, and reboot your computer into SafeMode.

• You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
• Use your up arrow key to highlight SafeMode then hit enter.
• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit OK at the prompt for scanning in Safe Mode.
• It will then open a box. There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked:
  
  Hidden Startup Objects
  System Memory
  Disk Boot Sectors.
  My Computer.
  Also any other drives (Removable that you may have)
  
• After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose OK.
• Then choose OK again and you are back to the main screen.
• Then click on Scan at the to right hand corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all.
• If it says it cannot be Neutralized then chooose the delete option when prompted.
• After that is done click on the Reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and post it in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[Advertisements]

I'm attaching the scan results. Thanks

Attached Files

•  kas.txt   2.61KB   141 downloads

[18928]

I'm attaching the scan results. Thanks

Attached Files

•  kas.txt   2.61KB   141 downloads

[Render]

Hi,

• Please double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  

  :folderfind
  *smtmp*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[18928]

Hi Render, here it is:
SystemLook 04.09.10 by jpshortstuff
Log created at 17:43 on 12/06/2011 by asta
Administrator - Elevation successful

========== folderfind ==========

Searching for "*smtmp*"
No folders found.

-= EOF =-

[Render]

Hi,

Please proceed with this:

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any AVG entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

NEXT...

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

[18928]

I did appremover and after rebooting message came up, that there was a problem unistalling avg. I tried to run it again, but it couldn't find avg anymore. After that I did combo-fix and the pop up said, that there's still avg active, but it started anyway. Did the scan up to "completed 50", deleted some files and stoped. I waited for almost an hour and then restarted computer. Did it again. And again the same thing happened. This time it stoped after 50 and froze. So I don't have the summary file.

[Render]

OK. Please do the following:

From the Start menu open your Computer
You should see something like this:



Right click your system partition (usually C) and select Properties



Select Tools tab and then Check now...
The second window will popup
Ensure you have ticks in both boxes
Then click Start
Windows will schedule it for the next boot
Reboot

Once that has completed:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement

[18928]

Hi Render,
Sfc scan found corrupt files, but was unable to fix some of them.
My Computer shows OS(C:)instead of Local Disk C: I don't know if that is something important to mention.
It didn't make any difference.
Computer is working for internet browsing, but I'm being redirected multiple times, my "Start" is half empty" and I can't use skype( "skype stopped working and windows searching for the problem").

[Render]

Hi,

That's not good. Please tell me if you have your original Windows 7 CD/DVD available.

[18928]

No I don't. It's Windows 7 Professional

[Render]

We have to replace damaged system files. But it will be hard to do that without Windows 7 Professional setup DVD. Are you able to borrow that DVD? Also if OS was pre installed on your laptop you can request recovery disks from Dell.

Also please do the following:

• Please download attachment cbs-log.zip to your desktop.  cbs-log.zip   216bytes   106 downloads
• UnZip it to your desktop.
• Right-click on cbs-log.bat icon and click on Run as administrator.
• If User Account Control (UAC) window will open click on Yes button.
• CBS.log file will be on your desktop.
• Please upload that file here and post a link to it in your next reply.

[18928]

Here's the link
http://www.2shared.c...cScNxW/CBS.html
I hope it's the right one.

[Render]

OK. Now do the following:

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  

  :filefind
  autochk.*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[18928]

SystemLook 04.09.10 by jpshortstuff
Log created at 15:22 on 13/06/2011 by asta
Administrator - Elevation successful

========== filefind ==========

Searching for "autochk.*"
C:\Windows\System32\autochk.exe --a---- 668160 bytes [23:15 13/07/2009] [01:14 14/07/2009] 96EFF14A4D0B23EAEB84170D774BC3F8
C:\Windows\System32\en-US\autochk.exe.mui --a---- 229376 bytes [04:54 14/07/2009] [02:07 14/07/2009] D220BED087B6EB64EC5233CD3CE502E5
C:\Windows\winsxs\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_en-us_49645dc252e24b19\autochk.exe.mui --a---- 229376 bytes [04:54 14/07/2009] [02:07 14/07/2009] D220BED087B6EB64EC5233CD3CE502E5
C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe --a---- 668160 bytes [23:15 13/07/2009] [01:14 14/07/2009] 96EFF14A4D0B23EAEB84170D774BC3F8

-= EOF =-

[Render]

One system file autochk.exe is corrupted and we have to replace it. To do that I need exact file version of this file. So please do the following:

• Open Windows Explorer and go to C:\Windows\System32\autochk.exe.
• Take ownership of the file autochk.exe at the C:\Windows\System32\autochk.exe location, and "Allow" your user account "Full Control" of it.
• Right click on autochk.exe and click on Properties.
• Click on the Details tab.
• Make note of what File version the autochk.exe file is and post it in your next reply.