[jacarney8657]

MSE quickscan done, nothing found!!!

[Amlak]

It seems you also have MalwareBytes' on your system. Give it a run. First update it, then do the quick scan. And tell me if this one detects anything suspicious.

[jacarney8657]

Malware bytes complete - nothing found.

[jacarney8657]

I am up way past my bedtime so I must say Goodnite. I must again thank you Amlak for all your help, please keep up the great work!!

Please let me know if there is any more steps I need to take to get my laptop back in order, I will check this thread 2morrow.

thanks again,
josh

[Amlak]

No worries, mate.

I'm just having you check if there's anything suspicious at all that could've caused this (other than the big virus called McAfee, lol). So just one more set of instructions before I declare your system clean.

***

Start -> Run (if you're using Vista/7, press and hold the Windows key on your keyboard and then press R to access Run):
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. You can take a screenshot by pressing the PrintScreen/PrtScrn button located somewhere at the top of your keyboard and using Paste in the Paint program to paste the copied screenshot.

***

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



***

Have a good night.

[jacarney8657]

I never have taken a screen shot, but I think I got it, it is small though(i uploaded to webshots then used the emed link) just one question, I pasted in paint but is there an easier way than having to upload the picture to a site to get an embed link??? Do you have to do that, can't you just paste from paint into here???


Here is the aswMBR scan results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-15 21:32:02
-----------------------------
21:32:02.931 OS Version: Windows x64 6.1.7601 Service Pack 1
21:32:02.931 Number of processors: 4 586 0x2505
21:32:02.932 ComputerName: CARNEY-LAPTOP UserName: carney
21:32:04.022 Initialize success
21:32:23.450 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:32:23.456 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 476940MB BusType: 3
21:32:23.476 Disk 0 MBR read successfully
21:32:23.480 Disk 0 MBR scan
21:32:23.485 Disk 0 Windows 7 default MBR code
21:32:23.497 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
21:32:23.513 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
21:32:23.527 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
21:32:23.550 Disk 0 scanning C:\Windows\system32\drivers
21:32:28.664 Service scanning
21:32:43.223 Modules scanning
21:32:43.238 Disk 0 trace - called modules:
21:32:43.264 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:32:43.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bef060]
21:32:43.280 3 CLASSPNP.SYS[fffff88001dc443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004958050]
21:32:43.287 Scan finished successfully
21:33:03.602 Disk 0 MBR has been saved successfully to "C:\Users\carney\Desktop\MBR.dat"
21:33:03.670 The log file has been saved successfully to "C:\Users\carney\Desktop\aswMBR log.txt"

[Amlak]

Hey, mate. About screenshots, there's, thankfully, a far easier way to do it. All you have to do is attach the image to the post. You should be able to see under the Attachments area right under where you type inb your post. And use the Browse button to upload the needed image that's on your computer. Makes things more convenient for you. Either way, it's all good now.

Subject to no further problems

The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  Quote

  :OTL
  O33 - MountPoints2\{c29aa73a-1419-11e0-a51b-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{c29aa73a-1419-11e0-a51b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\dvd-rom.exe
  O33 - MountPoints2\{f035f6b9-c4e4-11e0-ac5e-eee855c50870}\Shell - "" = AutoRun
  O33 - MountPoints2\{f035f6b9-c4e4-11e0-ac5e-eee855c50870}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
  
  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
  
• Open My Computer.
  
• Select the Tools menu and click Folder Options.
  
• Select the View Tab.
  
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
  
• Click OK.

Upgrading Java:

• Go to this site and click Do I have Java
  
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
  
• Select System
  
• On the left select System Protection and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
  
• Select Create

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools
  
• Right click Disc cleanup and select run as administrator
  
• Select Your main drive and accept the warning if you get one
  
• For a few moments the system will make some calculations
  
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
  
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you keep the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Attached thumbnail(s)

• 

[jacarney8657]

Sorry it took so long to get back to you, but I have completed all prevent steps. I want to thank you again for all your help, I can't beleive a site like gtg exists in this pay for help world. Everytime I have come here I walk away happy and with a working pc.

I do have one thing I have been wondering about though. It actually is/has occured on my laptop and desktop.

I go to "start" then "my computer" then "OS(C:)"

When I get to there it shows the list of folders that are there such as: Dell,Intel,Perflogs,Program Files...etc

My issue or question is that along with those folders there are 2 folders that A) I don't know what they really are B) Why they r there? and finally C) Can I delete them or are they necessary to keep the computers running smoothly?

The folder names kind of look like registry file names(maybe not, but thats what they remind me of).
They are:
e5426582a06af5b231dbb351fafb and ec881e7e546083601f031d37ad

When I hover the pointer over the folder names it says they were both created 2/12/2011 and both are 194mb in size. Inside the folders are tons of stuff. To name a few netfx_Core_x64, Parameterinfo and then there are a bunch of just numbered folders like 1046, 1049 and inside all those are things named eula, LocalizedData and SetupResources.dll.

It looks like it had something to do with a Windows update cause a bunch of the files are listed as their "TYPE" being: Microsoft Update Standalone Package.

Anyway I probably explained this way too detailed and u prob know what I am talking about, but can I delete these folder, they are kinda annoying? Also did they get put in the OS(C:) by mistake because of something I did? Like I said it happened on both of my computers, I don't know if the ones on desktop are exactly the same cause I am not around that pc, but I know they are on that pc too.

Thanks again, sorry for adding this subject to the conversation.

JOSH

[Amlak]

Yeah, I know what type of folders you mean. You are right to suggest that they may be related to Windows Update. Sometimes certain folders are created by Windows Update while installing that never end up getting deleted.

Before I answer this, I'll wait for an expert to approve of my answer just in case.

[Amlak]

Yep, go ahead and delete them if that's what you want. No harm in doing so. But only the ones directly under the C: drive.

[jacarney8657]

Okay I think I am all done with the extra ????

I just want to say thanks 1 more time, u and the many other gtg "staff" are amazingly helpful.

When pc's start to go haywire it can be very stressful and I just can't afford to run and have some place fix my pc,but if it wasn't for gtg that is what I would have had to do many times.

Keep up the great work!!!

[Amlak]

Yep, all good now. Thanks a lot for your support. And enjoy your computer.