Access Denied

Just got my laptop back from the repair shop.
Avast is picking up a file as Win-32:Malware-Gen.
C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
Virustotal only shows a couple picking it up, 7/42, but it was 4/42 last night, so I don’t think it’s a FP.
Only problem is I can’t move it because I’m getting Access Denied.

EDIT: As I resubmitted to Virustotal, it apparently tried to open, but Avast caught it, and put it in the chest. I couldn’t move it in scan results. I got “Access Denied (5)”

can you post the virustotal scan link

Check for malware with this

Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected button to quarantine anything found

post the scan log here

Hi kyuuketsuki_kurai,

If a virus, this could have been found:
autochk.dll, _IWMPEvents@16 Added by the Troj/Agent-IUK TROJAN! Note: Located in %WINDIR%\system32\

polonus

Running MBAM now.
Here is link:
http://www.virustotal.com/file-scan/report.html?id=80e0eead1281caf2e6bbb24dee32dbe0c0462fa59694c1896dfe420bd8abe752-1309341827

EDIT: Ran MBAM Quick Scan. Came up clean. I didn’t have any symptoms to start with, this was picked up in a screensaver scan. Log posted below.

Malwarebytes’ Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6985

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/30/2011 1:14:08 PM
mbam-log-2011-06-30 (13-14-08).txt

Scan type: Quick scan
Objects scanned: 165941
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is a proposed manual removal routine, start booting your computer into Safe Mode. To boot into Safe Mode, restart your machine and press F8 repeatedly while it boots up. A menu should come up during that boot-up process with different boot options. Now from these choose the one named Safe Mode with Networking.

After the machine has fully booted into Safe Mode, get and find the following files and folders that have been associated with RootKit.Win32.Agent.fky:
%Documents and Settings%\All Users\Application Data iosejgfse.dll
%Documents and Settings%[UserName]\Desktop\Protection Center.lnk
When you have found them remove them using Shift + Delete,

Now cleansing the registry entries:
Click on the Run button in your Start menu. Type “regedit” into the box that appears and click Okay. In the Registry Editor that opens, select and delete the following references to RootKit.Win32.Agent.fky both in the Registry Key section in the left pane and in the Registry Value section on the right pane:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \RunServicesOnce
HKEY_CURRENT_USER/Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER \Software \Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer\Run
HKEY_CURRENT_USER\ Software\ Microsoft \Windows\ CurrentVersion
Explorer/ShellFolders Startup="C:\windows/start menu/programs\startup

polonus

she can even try by using a boot cd or combofix.i dont know why people out here want to do things in the hard way!!!

None of those files exist. None of those registry entries exist either.
Could this have been an attempt at infection that failed?