Posted 11 November 2011 - 04:24 PM
Posted 11 November 2011 - 04:43 PM
[2008/01/20 19:24:45 | 000,642,560 | ---- | M] () MD5=86F6DBFE95509C0832C687E0B2DA1D83 -- C:\Windows\System32\autochk.exe
The checksum doesn't have any hits when I google it which is a bad sign.
There's just the one on your PC so we can't replace it easily. I think you can just remove it tho. Seems like it will complain about the file being missing but will still boot.
Is your other PC also a vista? I've got a vista sp2 here but my wife is sleeping right in the room with the vista now so I don't want to wake her. When she gets up from her nap I will attach a replacement.
Posted 11 November 2011 - 04:48 PM
Posted 11 November 2011 - 07:45 PM
Posted 11 November 2011 - 08:19 PM
Posted 11 November 2011 - 09:16 PM
EDIT: Okay, so I restarted my computer =). Everything seems to be alright now. I am gonna go through the process just one last time. I'll post all the logs in my next reply. And if don't find anything, then that means you're a saint.
Edited by Zolika4, 11 November 2011 - 11:40 PM.
Posted 12 November 2011 - 09:46 AM
Posted 12 November 2011 - 11:18 AM
The MBR on this one is much better than the other one even if MBRcheck doesn't recognize it. It is well known on the Internet and had previously been checked 0/43 by virustotal. When I open it in a hex editor I can see the usual Invalid Partition text which was missing on the other one.
It does look like this one came with Symantec and it didn't remove all of its stuff so you will need to download, save and run the uninstaller
Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
- Right-click on the downloaded file and Run As Administrator to start the program.
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "No", save the log and post back the results.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
I doubt it will find anything. I would download and run the UpdateChecker:
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows. I don't like to update it unless you actually use it as Windows sneaks in a ton of Windows Live stuff when they upgrade and I have no use for Windows Live.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Posted 14 November 2011 - 10:49 AM
Posted 15 November 2011 - 02:57 PM
I think we can clean up now.
We need to clean up System Restore. Follow Jim's procedure here:
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
Start, Run, cmd, OK then right click, Paste, then hit Enter.
OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.
To hide hidden files again (If you do not run OTL cleanup):
# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.
You probably do not have the latest Java (Java™ 6 Update 27 or 7 update 0). Get the latest at:
Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles
They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.
Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.
To help keep your programs up-to-date you should download and run the UpdateChecker:
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users