Followed all directions on the Read Me First but still have erros message

Discussion in 'Malware Help (A Specialist Will Reply)' started by mmihalko, Apr 15, 2009.

  1. mmihalko

    mmihalko Private E-2

    I followed all of the directions on the Read Me First and did all of the clean up etc. but I am still having problems. When I restart my computer I am getting the same message "Rundll ... Error C:\WINDOWS\System32\autochk.dll....... The specified module could not be found"

    Also my computer is majorily slow and takes forever to open up any programs. I ran the Spybot program again and It said there was not any of the viruses or other problems previously.
     

    Attached Files:

  2. mmihalko

    mmihalko Private E-2

    Also my screen goes black when changes between windows. This doesn't happen all of the time.

    Thank you for your help!
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You need to attach the requested logs from SUPERAntiSpyware and Malwarebytes.

    What exactly due you have installed from Webroot/Spy Sweeper? Is it a full security suite with antivirus, antispyware, and firewall? If it has an antivirus then you should not have Avast installed. Per the first instructions in the READ & RUN Me, only one antivirus should be installed. You must address this immediately. Also if your Webroot software as an antispyware program then you should not be running Spybot's Teatimer nor should you be running Ad-Aware's Ad-watch. This is all assuming you purchased Webroots software.

    Now you must disable Spybot's Teatimer. See this: How to disable Spybot's TeaTimer


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [autochk] "rundll32.exe" C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
    O4 - HKCU\..\Run: [ErrorFix] "C:\Program Files\ErrorFix\ErrorFix.exe" -boot
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

    After clicking Fix, exit HJT.

    Now we need to use ComboFix.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner to clean out only temp files and nothing else!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Apr 19, 2009
  4. mmihalko

    mmihalko Private E-2

    I am using Webroot Internet Security Essentials. I will disable the Avast and Adware and follow the rest of the instructions and let you know what happens.
     
  5. mmihalko

    mmihalko Private E-2

    I got down to the combofix.exe but it is not on my desktop. I found ComboFix.txt and ComboFix-quarantined-files.txt Now what?

    Also, when I ran the HJT to fix I got the following messeage:

    Please help us imporve Hijack This by reporting this error click yes to submit ( I did)

    Error details:
    An unexpected erro has occurred at procedure: ModBackup_MakeBackup(sItem=016-DPF:{CF40Acc5-E1BB-4AFF-AC72-04C2F616BCA7}) Error#5 Invalid procedure call or argument. Windows version:Windows NT5.01.2600
    MSIE Version 7.0.5730.13
    Hijack This version 2.0.2
    yes or no I clicked yes then the screen came up to fix the errors with a question about the BHO file I clicked yes to fix then exited out of the HJT
     
  6. mmihalko

    mmihalko Private E-2

    I went ahead and downloaded the ComboFix.exe again and followed the rest of the directions. I did get a message after I dragged the CFscript.txt to the ComboFix.exe and it ran this message was: Windows - No Disk Exception Processing: Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c then gave me the options of try again cancel continue first I clicked on cancel and it didn't do anything then I clicked on continue and it went away and continued the log. I then ran the Ccleaner and cleaned out only the temp files and ran the MGtools\GetLogs. Attached are the logs. Thanks for all of your help. I will see how things are working now. Let me know if there is anything else I need to do.
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are basically clean. Just delete the below left over folder:

    c:\documents and settings\Michelle Mihalko\Application Data\ErrorFix


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds