Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No Autorun; Alureon, orsam detected [Closed]


  • This topic is locked This topic is locked

#46
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
However, still no running when plugging in any externaldrive.
  • 0

Advertisements


#47
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
The comp just went blue screen out of nowhere and rebooted.
  • 0

#48
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
The icon for the plug/battery is no longer visible.
  • 0

#49
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello gostchyld. It looks as if your computer is clean. I am not sure as to the cause of the blue screen but I don't think it is a problem unless it happens again. Also I assume you want an autorun prompt when plugging in an external hard drive. The following ought to restore your autorun setup. Let's run aswMBR as well to make sure everything is clean. Also please use your computer for a while - how about a day or two - and see if you get any more blue screens. Also please restart your computer to see if the battery icon reappears. There might be an arrow in the system tray near the clock so also if that's there try clicking it and seeing if the battery icon appears.

Step 1

1. Right click on the drive letter that is created by the external USB device
2. Select Properties
3. Go to AutoPlay tab
4. Select “Prompt me each time to choose an action” and click OK

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL fix log
aswMBR log

  • 0

#50
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#51
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Thank you for re-opening. My USB ports have been acting strange, and have periodically stopped working. Also, my touch pad on the laptop has stopped having scroll functions on the side and bottom, despite trying to correct the settings repeatedly. (I am dling aswmbr and following the directions listed above after this post).
  • 0

#52
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
here is the aswmbr log, I wasn't told to run, not sure where to find the otl fix log however..


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-24 23:42:37
-----------------------------
23:42:37.156 OS Version: Windows 5.1.2600 Service Pack 3
23:42:37.156 Number of processors: 2 586 0x170A
23:42:37.156 ComputerName: MGLAPTOP UserName: Michele
23:42:39.875 Initialize success
23:52:03.375 AVAST engine defs: 12042401
23:52:51.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:52:51.437 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
23:52:51.468 Disk 0 MBR read successfully
23:52:51.468 Disk 0 MBR scan
23:52:51.562 Disk 0 Windows 7 default MBR code
23:52:51.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 193470 MB offset 2048
23:52:51.625 Disk 0 Partition - 00 0F Extended LBA 29894 MB offset 396230656
23:52:51.656 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 457453568
23:52:51.718 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29893 MB offset 396232704
23:52:51.765 Disk 0 scanning sectors +488396464
23:52:51.890 Disk 0 scanning C:\WINDOWS\system32\drivers
23:53:17.109 Service scanning
23:53:33.359 Service MpKslc6235730 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DCA359E3-F314-451C-828E-D7619C121CF9}\MpKslc6235730.sys **LOCKED** 32
23:53:44.984 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:53:52.203 Modules scanning
23:53:58.484 Disk 0 trace - called modules:
23:53:58.484 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys spjs.sys hal.dll >>UNKNOWN [0x8ad3a938]<<
23:53:58.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ace1030]
23:53:58.500 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a6fa028]
23:53:59.515 AVAST engine scan C:\WINDOWS
23:54:28.656 AVAST engine scan C:\WINDOWS\system32
23:59:54.796 AVAST engine scan C:\WINDOWS\system32\drivers
00:00:37.265 AVAST engine scan C:\Documents and Settings\Michele
00:49:47.828 AVAST engine scan C:\Documents and Settings\All Users
01:35:06.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michele\Desktop\MBR.dat"
01:35:06.578 The log file has been saved successfully to "C:\Documents and Settings\Michele\Desktop\aswMBR042412.txt"
01:57:43.750 Scan finished successfully
12:46:49.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michele\Desktop\MBR.dat"
12:46:49.468 The log file has been saved successfully to "C:\Documents and Settings\Michele\Desktop\aswMBR042512.txt"
  • 0

#53
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Also, despite a regular reboot making absolutely no difference; a full shut down, unplug and restart magically fixed the usb ports and touch pad.
  • 0

#54
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Gostchyld. Is your external drive autoplay restored? Your aswMBR log looks clean so we are done here. Let me know if your autoplay is restored and if not we will try something else. If so I will give you the cleanup speech. We win! :)
  • 0

#55
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Sorry forgot something. I missed a line in the aswMBR log. Anyways we are almost done. Please await further instructions.
  • 0

Advertisements


#56
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello Gostchyld. We will now run GMER to scan for remaining malware. Also defogger before GMER to make things work right. Please do the following:

Step 1

Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 2

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Things to see in your next post:
GMER log

  • 0

#57
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP