Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Failing Windows Update + AppCrash

This is a discussion on Failing Windows Update + AppCrash within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category.


Reply
 
Thread Tools Search this Thread
Old 12-28-2009, 05:18 PM   #1
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



Hello.
As I was told to create a new thread, I'll now do it and I'll write exactly the same, but this time, I'll post my log files in the first post too.


Hi.
A while ago I suddenly realised that I couldn't update with Windows Update, and even though I've followed the guide precisly, it still reports errors.
Now, more recently, everytime I turn on my computer, atleast a few apps crashes. Normally it's steam or such, but it can also be something more critical as Windows or Explorer (which then needs a restart).
This results in a lot of things, for instance, I've bought a new monitor and I can't install the driver, because when I install it, the app crashes instantly.
I've also begun getting these little windows in Firefox called simply "adds" and it asks me with which program I'd like to open them. I just close them.

Also, my anti-virus-program (Panda) alerts me every 30th minute, that a virus was found and neutralized.

What do I do?? I've consulted a Microsoft supporter who wasn't very helpful.

I've used the program GMER.exe and DDR.scr and got the logs.

Thanks!




DDS (Ver_09-10-26.01) - NTFSx86
Run by Alexander at 21:13:56,85 on 27-12-2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.45.1030.18.2038.973 [GMT 1:00]

AV: Panda Antivirus 2008 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
SP: Panda Antivirus 2008 *enabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\TEMP\e.exe
C:\Windows\TEMP\c.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alexander\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://da.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://da.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=\\.\globalroot\systemroot\system32\userinit.exe,
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {C3CD744D-2FAE-4640-8297-16B5DA423104} - No File
uRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Google Update] "c:\users\alexander\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
dRun: [ZagrebLand] c:\windows\temp\c.exe
dRun: [RegistryMonitor1] "c:\windows\temp\nnpp.tmp"
dRun: [LosAlamos] rundll32.exe c:\windows\temp\sshnas.dll,NvTaskbarInit
dRun: [cbssreg] c:\windows\temp\mhwy.tmp
StartupFolder: c:\users\alexan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\screen clipper and launcher til onenote 2007.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\panda security\panda antivirus 2008\pavlsp.dll
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldda-dk.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll
STS: COM+ Service: {3229dfcd-3eaf-4712-ed45-4876fedc170c} - c:\windows\system32\winload.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alexan~1\appdata\roaming\mozilla\firefox\profiles\uuajdusf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\mozilla firefox\extensions\info@google.com\components\FFLocal.dll
FF - component: c:\users\alexander\appdata\roaming\mozilla\firefox\profiles\uuajdusf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - plugin: c:\program files\java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_17.dll
FF - plugin: c:\program files\java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\alexander\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-11-2 38968]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2009-11-2 46648]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Starttjeneste;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-16 30312]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\intel\intel matrix storage manager\IAANTmon.exe [2007-7-11 355096]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-11-2 178872]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus 2008\psksvc.exe [2009-11-2 27696]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-2 1153368]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2008-12-15 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-12-10 223232]
S3 BthAvrcp;Bluetooth AVRCP-profil;c:\windows\system32\drivers\BthAvrcp.sys [2008-7-10 15872]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-6-17 29192]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-6-3 33792]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-5-28 23096]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-5-28 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2009-8-28 40448]

============== File Associations ===============

txtfile=%windir%\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-12-22 21:45:36 0 d-----w- c:\program files\ZC2.10
2009-12-21 18:02:22 819200 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-21 18:02:22 77824 ----a-w- c:\windows\system32\xvid.ax
2009-12-21 18:02:22 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-21 18:02:22 0 d-----w- c:\program files\Xvid
2009-12-19 13:30:51 0 d-----w- c:\users\alexander\.zsdx
2009-12-19 13:30:32 0 d-----w- c:\program files\Zelda Mystery of Solarus DX demo
2009-12-08 14:53:45 0 d-----w- c:\windows\system32\catroot2
2009-12-05 16:57:45 0 d-----w- c:\windows\CheckSur

==================== Find3M ====================

2009-12-27 20:03:48 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-27 20:03:48 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-27 19:51:31 94802 ----a-w- c:\windows\system32\perfc006.dat
2009-12-27 19:51:31 510130 ----a-w- c:\windows\system32\perfh006.dat
2009-12-27 19:50:05 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-12 09:10:28 70671 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 10:43:54 8256 ----a-w- c:\windows\system32\mt_32.dll
2009-10-20 10:43:50 3584 ----a-w- c:\windows\system32\fdclient.dll
2009-10-20 10:43:28 7680 ----a-w- c:\windows\system32\protect.dll
2009-10-20 10:43:20 3584 ----a-w- c:\windows\system32\pxcrt.dll
2009-10-20 10:43:08 18944 ----a-w- c:\windows\system32\browsearch.dll
2009-10-20 10:43:03 19968 ----a-w- c:\windows\system32\mshtmllib.dll
2009-10-20 10:42:36 10752 ----a-w- c:\windows\system32\browserui.dll
2009-10-20 10:42:34 13824 ----a-w- c:\windows\system32\winload.dll
2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 20:36:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-18 10:09:43 174 --sha-w- c:\program files\desktop.ini
2008-05-06 16:42:01 22 ----a-w- c:\program files\zipnew.dat
2008-05-06 16:42:01 20 ----a-w- c:\program files\rarnew.dat
2007-09-20 16:35:16 639 ----a-w- c:\program files\Uninstall.lst
2007-09-20 16:35:06 245178 ----a-w- c:\program files\WinRAR.chm
2007-09-20 16:35:02 99840 ----a-w- c:\program files\Uninstall.exe
2007-09-20 16:34:58 129024 ----a-w- c:\program files\RarExt.dll
2007-09-20 16:34:50 67584 ----a-w- c:\program files\Zip.SFX
2007-09-20 16:34:46 103424 ----a-w- c:\program files\Default.SFX
2007-09-20 16:34:32 80896 ----a-w- c:\program files\WinCon.SFX
2007-09-20 16:34:28 203776 ----a-w- c:\program files\UnRAR.exe
2007-09-20 16:34:26 317952 ----a-w- c:\program files\Rar.exe
2007-09-20 16:34:22 936960 ----a-w- c:\program files\WinRAR.exe
2007-09-20 16:34:06 502 ----a-w- c:\program files\File_Id.diz
2007-09-20 16:33:40 11616 ----a-w- c:\program files\WhatsNew.txt
2007-09-02 11:46:48 9232 ----a-w- c:\program files\TechNote.txt
2007-09-02 11:46:48 72138 ----a-w- c:\program files\Rar.txt
2007-07-11 19:15:51 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2007-07-11 19:15:51 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2007-07-11 19:15:51 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2007-07-11 19:15:51 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2007-03-31 18:40:12 6428 ----a-w- c:\program files\License.txt
2006-12-23 15:37:56 44032 ----a-w- c:\program files\RarExtLoader.exe
2006-12-11 00:14:56 43008 ----a-w- c:\program files\RarExt64.dll
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-10-22 09:21:24 3271 ----a-w- c:\program files\Order.htm
2006-09-18 19:13:58 1063 ----a-w- c:\program files\Descript.ion
2006-04-11 10:01:02 1088 ----a-w- c:\program files\RarFiles.lst
2005-05-12 16:02:30 90 ----a-w- c:\program files\UnrarSrc.txt
2005-05-12 16:01:32 1687 ----a-w- c:\program files\ReadMe.txt
2008-05-06 08:57:34 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:16:10,33 ===============
Attached Files
File Type: txt Attach.txt (7.1 KB, 4 views)
File Type: txt DDS.txt (16.9 KB, 7 views)

__________________
AlexanderLS is offline   Reply With Quote
Old 12-31-2009, 02:26 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Your hard drive is almost full.

Quote:
C: is FIXED (NTFS) - 70 GiB total, 8,738 GiB free.
Having too little free space on your hard drive can compromise system performance. I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used.

------------------------------------------------------

I need to see your gmer log in order to help you. Please attach it to your next reply.

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-03-2010, 11:39 AM   #3
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



I subscribed all ready, but thanks!
Here comes the gmer log.

Btw, it sounds like I have the same virus as everyone else, just now, 5 minutes ago, while checking my mail (on Firefox, otherwise I use Chrome) random music started.
Also when I Google something on Firefox (Google crashes my Chrome), I click on a website and from time to time it takes me to a porn site or a free cinema movie download site.
Attached Files
File Type: txt ark.txt (11.4 KB, 4 views)
__________________
AlexanderLS is offline   Reply With Quote
Old 01-03-2010, 12:15 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Hello AlexanderLS.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > and tick 'Run command' box > OK > OK.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-03-2010, 01:38 PM   #5
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



Hello Chemist,
and thank you for your great support.

I followed your guide 100%.
Here is the ComboFix.txt.

Once again, thank you!

EDIT: As I wrote in my first post, Windows Update hasn't been able to update at all due to [Code 80070002].
Now as I checked my Panda AV before I closed it, because of ComboFix, I realized that I couldn't update this program either. I dunno, maybe it could help you helping me.

ComboFix 10-01-02.05 - Alexander 03-01-2010 22:08:41.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.45.1030.18.2038.1199 [GMT 1:00]
Kører fra: c:\users\Alexander\Desktop\ComboFix.exe
AV: Panda Antivirus 2008 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
SP: Panda Antivirus 2008 *disabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\users\Alexander\AppData\Roaming\inst.exe
c:\windows\system32\41.exe
c:\windows\system32\browsearch.dll
c:\windows\system32\browserui.dll
c:\windows\system32\config\gfnnnnom.sav
c:\windows\system32\fdclient.dll
c:\windows\system32\mshtmllib.dll
c:\windows\system32\mt_32.dll
c:\windows\system32\protect.dll
c:\windows\system32\pxcrt.dll
c:\windows\system32\winload.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\zaponce53173.dat
c:\windows\zaponce53623.dat

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-12-03 til 2010-01-03 )))))))))))))))))))))))))))))))))))
.

2010-01-03 21:21 . 2010-01-03 21:27 -------- d-----w- c:\users\Alexander\AppData\Local\temp
2010-01-03 21:21 . 2010-01-03 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-01 15:18 . 2010-01-01 15:18 -------- d-----w- c:\windows\Sun
2009-12-28 00:43 . 2009-12-28 00:43 -------- d-----w- c:\program files\uTorrent
2009-12-22 21:45 . 2009-12-22 21:45 -------- d-----w- c:\program files\ZC2.10
2009-12-21 18:02 . 2009-12-21 18:02 -------- d-----w- c:\program files\Xvid
2009-12-21 18:02 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-21 18:02 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-19 13:30 . 2009-12-19 13:31 -------- d-----w- c:\users\Alexander\.zsdx
2009-12-19 13:30 . 2009-12-19 13:30 -------- d-----w- c:\program files\Zelda Mystery of Solarus DX demo
2009-12-08 14:53 . 2009-12-15 09:17 -------- d-----w- c:\windows\system32\catroot2
2009-12-05 16:57 . 2009-12-05 16:57 -------- d-----w- c:\windows\CheckSur

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 21:22 . 2008-12-14 21:25 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-03 19:22 . 2007-07-11 19:16 94802 ----a-w- c:\windows\system32\perfc006.dat
2010-01-03 19:22 . 2007-07-11 19:16 510130 ----a-w- c:\windows\system32\perfh006.dat
2010-01-03 19:19 . 2009-10-29 20:55 -------- d-----w- c:\program files\Steam
2010-01-03 00:33 . 2008-10-28 09:47 -------- d-----w- c:\users\Alexander\AppData\Roaming\uTorrent
2009-12-30 17:24 . 2008-05-05 21:38 -------- d-----w- c:\program files\Common Files\Steam
2009-12-09 12:06 . 2008-10-31 21:18 -------- d-----w- c:\program files\ElastoManiaRegistered
2009-12-09 09:14 . 2009-10-09 08:35 -------- d-----w- c:\program files\Graph
2009-12-09 09:12 . 2007-07-11 10:11 -------- d-----w- c:\programdata\Microsoft Help
2009-11-21 00:54 . 2008-05-07 15:45 -------- d-----w- c:\program files\Java
2009-11-18 22:43 . 2008-11-01 20:21 -------- d-----w- c:\users\Alexander\AppData\Roaming\dvdcss
2009-11-12 09:33 . 2009-11-12 09:12 -------- d-----w- c:\programdata\Birdstep Technology
2009-11-12 09:32 . 2009-11-12 09:32 -------- d-----w- c:\users\Alexander\AppData\Roaming\Birdstep Technology
2009-11-12 09:10 . 2009-11-12 09:10 -------- d-----w- c:\program files\Huawei Modems
2009-11-12 09:10 . 2009-11-12 09:10 70671 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2009-11-12 09:10 . 2009-11-12 09:10 -------- d-----w- c:\program files\3
2009-11-12 09:10 . 2007-07-11 09:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 22:40 . 2009-09-13 18:02 -------- d-----w- c:\program files\QuickTime
2009-11-11 22:38 . 2008-05-05 22:13 -------- d-----w- c:\programdata\Apple Computer
2009-11-05 22:17 . 2009-11-05 22:16 -------- d-----w- c:\program files\iTunes
2009-11-05 22:16 . 2009-11-05 22:16 -------- d-----w- c:\program files\iPod
2009-11-05 22:16 . 2008-05-05 22:10 -------- d-----w- c:\program files\Common Files\Apple
2009-11-02 20:57 . 2009-11-02 20:57 248 ----a-w- c:\windows\system32\PavCPL.dat
2009-11-02 20:52 . 2009-02-24 17:55 0 ----a-w- c:\users\Alexander\AppData\Local\prvlcl.dat
2009-11-02 19:42 . 2009-10-05 19:35 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 19:58 . 2009-10-28 19:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-16 23:08 . 2009-10-16 23:08 177024 ----a-w- c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\uuajdusf.default\FlashGot.exe
2009-10-16 18:29 . 2009-10-16 18:29 8192 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-11 03:17 . 2008-12-08 08:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 06:19 . 2009-10-24 06:22 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-10-07 06:19 . 2009-10-20 09:40 2023704 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
2009-10-07 06:17 . 2009-10-09 07:41 1142552 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2008-05-06 16:42 . 2008-05-06 16:42 22 ----a-w- c:\program files\zipnew.dat
2008-05-06 16:42 . 2008-05-06 16:42 20 ----a-w- c:\program files\rarnew.dat
2007-09-20 16:35 . 2008-05-06 16:41 639 ----a-w- c:\program files\Uninstall.lst
2007-09-20 16:35 . 2008-05-06 16:41 245178 ----a-w- c:\program files\WinRAR.chm
2007-09-20 16:35 . 2008-05-06 16:41 99840 ----a-w- c:\program files\Uninstall.exe
2007-09-20 16:34 . 2008-05-06 16:41 129024 ----a-w- c:\program files\RarExt.dll
2007-09-20 16:34 . 2008-05-06 16:41 67584 ----a-w- c:\program files\Zip.SFX
2007-09-20 16:34 . 2008-05-06 16:41 103424 ----a-w- c:\program files\Default.SFX
2007-09-20 16:34 . 2008-05-06 16:41 80896 ----a-w- c:\program files\WinCon.SFX
2007-09-20 16:34 . 2008-05-06 16:41 203776 ----a-w- c:\program files\UnRAR.exe
2007-09-20 16:34 . 2008-05-06 16:41 317952 ----a-w- c:\program files\Rar.exe
2007-09-20 16:34 . 2008-05-06 16:41 936960 ----a-w- c:\program files\WinRAR.exe
2007-09-20 16:34 . 2008-05-06 16:41 502 ----a-w- c:\program files\File_Id.diz
2007-09-20 16:33 . 2008-05-06 16:41 11616 ----a-w- c:\program files\WhatsNew.txt
2007-09-02 11:46 . 2008-05-06 16:41 9232 ----a-w- c:\program files\TechNote.txt
2007-09-02 11:46 . 2008-05-06 16:41 72138 ----a-w- c:\program files\Rar.txt
2007-03-31 18:40 . 2008-05-06 16:41 6428 ----a-w- c:\program files\License.txt
2006-12-23 15:37 . 2008-05-06 16:41 44032 ----a-w- c:\program files\RarExtLoader.exe
2006-12-11 00:14 . 2008-05-06 16:41 43008 ----a-w- c:\program files\RarExt64.dll
2006-10-22 09:21 . 2008-05-06 16:41 3271 ----a-w- c:\program files\Order.htm
2006-09-18 19:13 . 2008-05-06 16:41 1063 ----a-w- c:\program files\Descript.ion
2006-04-11 10:01 . 2008-05-06 16:41 1088 ----a-w- c:\program files\RarFiles.lst
2005-05-12 16:02 . 2008-05-06 16:41 90 ----a-w- c:\program files\UnrarSrc.txt
2005-05-12 16:01 . 2008-05-06 16:41 1687 ----a-w- c:\program files\ReadMe.txt
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-05-06 08:57 . 2008-05-06 08:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2009-10-29 1217808]
"Google Update"="c:\users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-24 135664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

c:\users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 18:02 50736 ----a-w- c:\windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ea,ce,bb,f0,0d,0b,ca,01

R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [02-11-2009 21:55 38968]
R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sys [02-11-2009 21:57 46648]
R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [02-11-2009 21:55 178872]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus 2008\psksvc.exe [02-11-2009 21:56 27696]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [02-11-2009 23:09 1153368]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [15-12-2008 18:11 185640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10-12-2008 12:56 223232]
S3 BthAvrcp;Bluetooth AVRCP-profil;c:\windows\System32\drivers\BthAvrcp.sys [10-07-2008 15:43 15872]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [17-06-2009 13:02 29192]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [03-06-2009 16:02 33792]
S3 MusCDriverV32;MusCDriverV32;c:\windows\System32\drivers\MusCDriverV32.sys [28-05-2008 21:41 23096]
S3 MusCVideo32;MusCVideo32;c:\windows\System32\drivers\MusCVideo32.sys [28-05-2008 21:41 3768]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [02-08-2005 22:10 32512]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25-01-2008 10:12 25088]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [28-08-2009 18:42 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Indhold af mappen 'Planlagte Opgaver'

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4036461918-1210823299-460948485-1003Core.job
- c:\users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-24 19:51]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4036461918-1210823299-460948485-1003UA.job
- c:\users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-24 19:51]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://da.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Panda Security\Panda Antivirus 2008\pavlsp.dll
FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\uuajdusf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\Mozilla Firefox\extensions\info@google.com\components\FFLocal.dll
FF - component: c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\uuajdusf.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_17.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Alexander\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
.
------- Fil Associationer -------
.
txtfile=%windir%\NOTEPAD.EXE %1
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 22:27
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8CE46662]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x887c2d24
\Driver\ACPI -> acpi.sys @ 0x82a9bd68
\Driver\atapi -> atapi.sys @ 0x830d49b0
\Driver\iaStor -> iaStor.sys @ 0x83045918
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
c:\program files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Gennemført tid: 2010-01-03 22:35:10 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-01-03 21:35

Pre-Kørsel: 13.453.283.328 byte ledig
Post-Kørsel: 13.576.896.512 byte ledig

- - End Of File - - 007C63182C500D7EFF9F84B1A060298E
Attached Files
File Type: txt ComboFix.txt (18.2 KB, 5 views)
__________________
AlexanderLS is offline   Reply With Quote
Old 01-03-2010, 02:05 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Hello again, AlexanderLS.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Uniblue RegistryBooster
Uniblue SpeedUpMyPC


We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
Folder::
c:\program files\uTorrent
c:\users\Alexander\AppData\Roaming\uTorrent

DDS::
uStart Page = about:blank

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

SkipFix::
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it. (Vista users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
     
    :filefind
    atapi.sys
    iaStor.sys
  • Click the Look button to start the scan.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-03-2010, 03:04 PM   #7
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



All done.
I can already feel my computer is a bit faster now and I can actually open NotePad directly from Notepad.exe.

EDIT: Oh, and I deleted those two programs you mentioned.

Here are the logs:
Attached Files
File Type: txt CFScript.txt (17.7 KB, 6 views)
File Type: txt SystemLook.txt (4.6 KB, 5 views)
__________________
AlexanderLS is offline   Reply With Quote
Old 01-03-2010, 03:27 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Hello again, AlexanderLS. We still have quite a bit of work to do.

No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
copy /y C:\Windows\ERDNT\cache\atapi.sys c:\windows\system32\dllcache
copy /y C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys c:\windows\system32\dllcache
quit
Save this Notepad file as copy.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on copy.bat to run it. A DOS window will open and close again, this is normal.

------------------------------------------------------
  • Double-click SystemLook.exe to run it. (Vista users, right click, Run As Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
     
    :filefind
    atapi.sys
    iaStor.sys
  • Click the Look button to start the scan.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-03-2010, 11:23 PM   #9
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



Hi.
Thank you!

I'll post the log here:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 08:19 on 04/01/2010 by Alexander (Administrator - Elevation successful)

No Context:

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\ERDNT\cache\atapi.sys --a--- 19944 bytes [21:32 03/01/2010] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys --a--- 21688 bytes [09:34 11/07/2007] [09:34 11/07/2007] 9E7E85EC61D1C9C3171CC08427108863
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys --a--- 19048 bytes [10:25 02/11/2006] [09:49 02/11/2006] 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys --a--- 21560 bytes [08:24 18/06/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\drivers\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys --a--- 21688 bytes [09:34 11/07/2007] [09:34 11/07/2007] 9E7E85EC61D1C9C3171CC08427108863
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys --a--- 21560 bytes [08:24 18/06/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4

Searching for "iaStor.sys"
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--- 381720 bytes [09:47 11/07/2007] [10:59 21/03/2007] 9D7ED4275702E2FC409F2CC563245740
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\System32\drivers\iaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16

-=End Of File=-
__________________
AlexanderLS is offline   Reply With Quote
Old 01-04-2010, 07:58 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Hello again, AlexanderLS. That last part didn't work. Please right-click copy.bat and choose 'Run as administrator'.

Then run SystemLook.exe again as in my previous post.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-04-2010, 08:35 AM   #11
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



Hello!
Now I've ran both the .bat file and the SystemLook.exe file as administrator. Here's the result. Looks awfully much like the previous one:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:30 on 04/01/2010 by Alexander (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\ERDNT\cache\atapi.sys --a--- 19944 bytes [21:32 03/01/2010] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys --a--- 21688 bytes [09:34 11/07/2007] [09:34 11/07/2007] 9E7E85EC61D1C9C3171CC08427108863
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys --a--- 19048 bytes [10:25 02/11/2006] [09:49 02/11/2006] 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys --a--- 21560 bytes [08:24 18/06/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\drivers\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys --a--- 21688 bytes [09:34 11/07/2007] [09:34 11/07/2007] 9E7E85EC61D1C9C3171CC08427108863
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys --a--- 21560 bytes [08:24 18/06/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4

Searching for "iaStor.sys"
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--- 381720 bytes [09:47 11/07/2007] [10:59 21/03/2007] 9D7ED4275702E2FC409F2CC563245740
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\System32\drivers\iaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16

-=End Of File=-
__________________
AlexanderLS is offline   Reply With Quote
Old 01-04-2010, 10:57 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Hello again, AlexanderLS. I don't understand why that's not working. Let's try it another way.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Copy To]
@="{C2FBB630-2971-11D1-A18C-00C04FD75D13}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Move To]
@="{C2FBB631-2971-11D1-A18C-00C04FD75D13}"
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Go Start > (Settings) > Control Panel > Folder Options > View, then
  • Check the Show hidden files and folders option.
  • Uncheck the Hide file extensions for known file types option.
  • Uncheck the Hide protected operating system files (Recommended) option.
  • Click 'Yes', then 'Apply', then 'OK'.
------------------------------------------------------

Navigate to the following File:

C:\Windows\ERDNT\cache\atapi.sys

Right-click the file > Copy to Folder... and copy the file to c:\windows\system32\dllcache

Repeat for the following File:

C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys

Then run SystemLook.exe again as in my previous post and post the resulting log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-04-2010, 11:03 AM   #13
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



Hello again.
It seems I don't have the folder c:\windows\system32\dllcache

I've double checked and I'm 100% sure it's not there.
__________________
AlexanderLS is offline   Reply With Quote
Old 01-04-2010, 11:57 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Are you sure you followed the instructions for un-hiding system files and folders, etc.?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-04-2010, 12:39 PM   #15
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



Yes, I did exactly what you told me to do. Still no c:\windows\system32\dllcache
__________________
AlexanderLS is offline   Reply With Quote
Old 01-04-2010, 01:30 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Hello again, AlexanderLS. Let's try another avenue. Delete copy.bat from your desktop.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
copy /y C:\Windows\ERDNT\cache\atapi.sys c:\
copy /y C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys c:\
quit
Save this Notepad file as copy.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on copy.bat to run it. A DOS window will open and close again, this is normal.

------------------------------------------------------
  • Double-click SystemLook.exe to run it. (Vista users, right click, Run As Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
     
    :filefind
    atapi.sys
    iaStor.sys
  • Click the Look button to start the scan.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-04-2010, 02:06 PM   #17
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



Here you go:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:43 on 04/01/2010 by Alexander (Administrator - Elevation successful)

No Context:

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\ERDNT\cache\atapi.sys --a--- 19944 bytes [21:32 03/01/2010] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys --a--- 21688 bytes [09:34 11/07/2007] [09:34 11/07/2007] 9E7E85EC61D1C9C3171CC08427108863
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys --a--- 19048 bytes [10:25 02/11/2006] [09:49 02/11/2006] 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys --a--- 21560 bytes [08:24 18/06/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\drivers\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys --a--- 21688 bytes [09:34 11/07/2007] [09:34 11/07/2007] 9E7E85EC61D1C9C3171CC08427108863
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys --a--- 21560 bytes [08:24 18/06/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4

Searching for "iaStor.sys"
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--- 381720 bytes [09:47 11/07/2007] [10:59 21/03/2007] 9D7ED4275702E2FC409F2CC563245740
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\System32\drivers\iaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16

-=End Of File=-
__________________
AlexanderLS is offline   Reply With Quote
Old 01-04-2010, 02:49 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



There's no reason those batches shouldn't be working.

Go back to post #12. Navigate to those two Files then right-click > Copy to Folder... and copy them to your C: drive.

Now run SystemLook.exe again and post the log.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Old 01-04-2010, 02:54 PM   #19
Registered Member
 
Join Date: Oct 2009
Posts: 62
OS: Win7



Copied the files to C: drive.

Log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:52 on 04/01/2010 by Alexander (Administrator - Elevation successful)

No Context:

========== filefind ==========

Searching for "atapi.sys"
C:\atapi.sys --a--- 19944 bytes [22:51 04/01/2010] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\ERDNT\cache\atapi.sys --a--- 19944 bytes [21:32 03/01/2010] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys --a--- 21688 bytes [09:34 11/07/2007] [09:34 11/07/2007] 9E7E85EC61D1C9C3171CC08427108863
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys --a--- 19048 bytes [10:25 02/11/2006] [09:49 02/11/2006] 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys --a--- 21560 bytes [08:24 18/06/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\drivers\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys --a--- 21688 bytes [09:34 11/07/2007] [09:34 11/07/2007] 9E7E85EC61D1C9C3171CC08427108863
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys --a--- 21560 bytes [08:24 18/06/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys --a--- 19944 bytes [19:39 22/07/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4

Searching for "iaStor.sys"
C:\IaStor.sys --a--- 304920 bytes [22:52 04/01/2010] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--- 381720 bytes [09:47 11/07/2007] [10:59 21/03/2007] 9D7ED4275702E2FC409F2CC563245740
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\System32\drivers\iaStor.sys --a--- 304920 bytes [09:47 11/07/2007] [10:58 21/03/2007] 997E8F5939F2D12CD9F2E6B395724C16

-=End Of File=-
__________________
AlexanderLS is offline   Reply With Quote
Old 01-04-2010, 03:04 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,406
OS: XP SP3; Win7 32/64-bit



Here we go. I just realized you didn't complain about your browser searches being redirected. Are they?

Print out these instructions to use while in the Recovery Console or read off another computer:

1. Restart your computer.
2. After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
3. Select 'Repair your computer' and press 'Enter'.
4. On the System Recovery Options menu, select 'Command Prompt'.
5. When prompted for Administrator password, scroll down to your username and enter your password and/or press 'Enter'.
6. At the X:\windows\system32> prompt, type the following bolded entries one at a time, and press 'Enter'(note the spaces):

cd \windows\system32\drivers

ren atapi.sys atapi.sys.vir

ren iastor.sys iastor.sys.vir

copy c:\atapi.sys

copy c:\iaStor.sys

7. You should get the message '1 file<s> copied' after each of the last two commands. If you did, go to step 10.

8. If you did not get the message '1 file<s> copied', try again, making sure there are no typos.

9. If you still don't get the message '1 file<s> copied', stop now and let me know from another computer.

10. Type exit and press 'Enter'. Your computer should reboot.

If you had redirects, are they gone now?

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 07:45 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts