Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Cypher » January 7th, 2010, 8:13 am

Hi Ktardin.
Please posts the results of the AVG scan in your next reply.

Please go to c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP << Delete this file.

Next.

Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.


Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the below scan.


Next.


ESET online scannner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • AVG scan results.
  • RSIT log.txt
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Ktardin » January 7th, 2010, 12:30 pm

Hi Cypher, there must have been a power shortage or power cut last night, as i woke up to my PC at the vista log-in screen, i am quite busy today so i shall set AVG to scan tonight and give it a try then. As of yet i have not had an alert from avg telling me about the atapi.sys rootkit :cheers:

I have done the instructions you have asked, and will post the log files now. The online scanner ESET found a few infections or suspicious files on my D:\ drive, i inherited this drive recently from a friend, and i am using it as a storage drive. I am pretty sure that AVG will find these files when i do a full scan tonight, and shouldnt be hesitant to remove them, should i just use AVG to do this? it would be simple and easy :) Anyway here are my RSIT logs and ESET logs.

oh i almost forgot, i succesfully fixed my hijackthis log :)

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5deda6d38250574d8f1ba9a8bbf1b819
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-07 04:08:39
# local_time=2010-01-07 04:08:39 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 843420 843420 0 0
# compatibility_mode=1024 16777215 100 0 4657074 4657074 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 4744572 100405751 0 0
# compatibility_mode=8192 67108863 100 0 3719 3719 0 0
# scanned=320111
# found=7
# cleaned=0
# scan_time=7496
C:\Qoobox\Quarantine\C\Program Files\Cheat Engine\dbk32.sys.vir Win32/HackTool.CheatEngine application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\drivers\atapi.sys.vir Win32/Olmarik.OF virus 00000000000000000000000000000000 I
C:\Users\Ktardin\Desktop\White Lies - To Lose My Life [mp3-224-2009]\Stuffzorrr\Skins\CheatEngine55.exe Win32/HackTool.CheatEngine application 00000000000000000000000000000000 I
D:\blalba\Stuffzorrr\Skins\CheatEngine55.exe Win32/HackTool.CheatEngine application 00000000000000000000000000000000 I
D:\blalba\Stuffzorrr\Skins\GenericSafeDiskPatch.Arth.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\blalba\Stuffzorrr\Skins\wpepro09x(2).zip multiple threats 00000000000000000000000000000000 I
D:\blalba\Stuffzorrr\Skins\wpepro09x.zip multiple threats 00000000000000000000000000000000 I

RSIT log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ktardin at 2010-01-07 13:56:48
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 408 MB (1%) free of 38 GB
Total RAM: 3326 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:04, on 07/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
D:\Games\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ktardin\Desktop\Skins\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ktardin.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "D:\Games\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - D:\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - D:\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5483 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-20 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"snpstd"=C:\Windows\vsnpstd.exe [2005-10-11 339968]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-01 2033432]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Turbine Download Manager Tray Icon"=D:\Games\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-11-05 472568]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-18 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2009-06-08 1934336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R220 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE [2006-12-25 177664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Apps\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
d:\games\steam1\steam.exe [2009-10-25 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-20 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ktardin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
D:\Apps\OPENOF~1\OPENOF~1.ORG\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-06 19:07:42 ----A---- C:\ComboFix.txt
2010-01-06 19:00:44 ----SHD---- C:\$RECYCLE.BIN
2010-01-06 18:58:37 ----D---- C:\Windows\temp
2010-01-06 18:49:24 ----A---- C:\Windows\SWXCACLS.exe
2010-01-06 11:08:43 ----A---- C:\Windows\NIRCMD.exe
2010-01-06 11:08:43 ----A---- C:\Windows\MBR.exe
2010-01-06 11:08:42 ----A---- C:\Windows\zip.exe
2010-01-06 11:08:42 ----A---- C:\Windows\SWSC.exe
2010-01-06 11:08:42 ----A---- C:\Windows\SWREG.exe
2010-01-06 11:08:42 ----A---- C:\Windows\sed.exe
2010-01-06 11:08:42 ----A---- C:\Windows\PEV.exe
2010-01-06 11:08:42 ----A---- C:\Windows\grep.exe
2010-01-06 11:08:37 ----D---- C:\Windows\ERDNT
2010-01-06 11:08:19 ----AD---- C:\Qoobox
2010-01-04 17:07:41 ----D---- C:\rsit
2010-01-03 19:34:06 ----D---- C:\Users\Ktardin\AppData\Roaming\Electronic Arts
2010-01-01 19:47:49 ----D---- C:\Users\Ktardin\AppData\Roaming\Mount&Blade
2009-12-28 22:56:26 ----D---- C:\ATI
2009-12-28 20:46:43 ----D---- C:\Program Files\Trend Micro
2009-12-26 21:20:36 ----D---- C:\Users\Ktardin\AppData\Roaming\InstallShield Installation Information
2009-12-26 18:22:11 ----D---- C:\Users\Ktardin\AppData\Roaming\ATI
2009-12-26 18:22:11 ----D---- C:\ProgramData\ATI
2009-12-26 18:17:30 ----D---- C:\Program Files\My Company Name
2009-12-26 18:15:56 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-12-26 18:15:01 ----A---- C:\Windows\system32\ATIDEMGX.dll
2009-12-22 17:29:24 ----D---- C:\ProgramData\Turbine
2009-12-22 17:26:14 ----D---- C:\Windows\system32\URTTEMP
2009-12-17 00:06:57 ----D---- C:\ProgramData\Trymedia
2009-12-14 17:53:02 ----D---- C:\Users\Ktardin\AppData\Roaming\acccore
2009-12-14 17:48:53 ----D---- C:\Windows\system32\PlayLinc
2009-12-14 17:48:53 ----D---- C:\Program Files\PlayLinc
2009-12-11 16:33:41 ----D---- C:\Users\Ktardin\AppData\Roaming\FOG Downloader
2009-12-11 12:47:19 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-11 12:47:18 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 16:56:02 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 16:55:55 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 16:55:55 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 16:55:53 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 16:55:53 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 16:55:52 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 16:55:52 ----A---- C:\Windows\system32\occache.dll
2009-12-09 16:55:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 16:55:52 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 16:55:51 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 16:55:51 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 16:55:51 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 16:55:51 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 16:55:51 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 16:55:51 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 16:55:51 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 16:55:51 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 16:55:51 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 16:55:51 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 16:52:26 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 16:52:26 ----A---- C:\Windows\system32\raschap.dll

======List of files/folders modified in the last 1 months======

2010-01-07 12:50:16 ----D---- C:\Windows
2010-01-06 19:07:45 ----D---- C:\Windows\system32\drivers
2010-01-06 19:01:12 ----D---- C:\Windows\Prefetch
2010-01-06 19:00:41 ----A---- C:\Windows\system.ini
2010-01-06 18:58:06 ----D---- C:\ProgramData
2010-01-06 18:58:05 ----D---- C:\Windows\System32
2010-01-06 18:55:02 ----D---- C:\Windows\AppPatch
2010-01-06 18:55:01 ----D---- C:\Program Files\Common Files
2010-01-06 12:12:31 ----SHD---- C:\System Volume Information
2010-01-06 11:17:06 ----D---- C:\Program Files\Cheat Engine
2010-01-05 17:11:05 ----SHD---- C:\Windows\Installer
2010-01-05 17:11:03 ----RD---- C:\Program Files
2010-01-04 21:48:31 ----D---- C:\Users\Ktardin\AppData\Roaming\Adobe
2010-01-04 21:44:43 ----D---- C:\Program Files\Common Files\Adobe
2010-01-04 20:15:29 ----SD---- C:\Users\Ktardin\AppData\Roaming\Microsoft
2010-01-01 18:25:54 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-31 21:24:21 ----D---- C:\Program Files\DivX
2009-12-31 21:24:11 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-30 18:32:06 ----D---- C:\Users\Ktardin\AppData\Roaming\vlc
2009-12-28 22:58:26 ----D---- C:\Windows\system32\catroot
2009-12-28 22:58:24 ----D---- C:\Windows\inf
2009-12-28 22:57:34 ----D---- C:\Windows\winsxs
2009-12-28 19:29:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-27 13:11:00 ----RSD---- C:\Windows\assembly
2009-12-26 21:03:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-26 18:44:19 ----D---- C:\Program Files\Common Files\BioWare
2009-12-26 18:43:57 ----D---- C:\ProgramData\Media Center Programs
2009-12-26 18:35:38 ----D---- C:\Program Files\Common Files\Steam
2009-12-26 18:17:05 ----D---- C:\Program Files\Mozilla Firefox
2009-12-26 18:16:32 ----D---- C:\Program Files\ATI Technologies
2009-12-26 18:10:58 ----D---- C:\Windows\system32\catroot2
2009-12-23 13:01:52 ----D---- C:\Users\Ktardin\AppData\Roaming\Mozilla
2009-12-22 17:29:41 ----D---- C:\Windows\registration
2009-12-22 17:28:01 ----D---- C:\Program Files\Internet Explorer
2009-12-21 13:05:11 ----D---- C:\Windows\LiveKernelReports
2009-12-18 13:47:06 ----RSD---- C:\Windows\Fonts
2009-12-13 21:55:41 ----D---- C:\ProgramData\Messenger Plus!
2009-12-11 20:51:36 ----SD---- C:\Windows\Downloaded Program Files
2009-12-11 13:10:02 ----D---- C:\Windows\rescache
2009-12-11 12:51:56 ----D---- C:\Windows\system32\migration
2009-12-11 12:51:56 ----D---- C:\Windows\system32\en-US
2009-12-11 12:47:12 ----A---- C:\Windows\system32\MRT.INI
2009-12-11 12:44:50 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2009-09-20 12400]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-11-14 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-11-14 28424]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-11-14 360584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-08-23 101904]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-20 7680]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-09-20 464384]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-05-25 164864]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 catchme;catchme; \??\C:\Users\Ktardin\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 hamachi_oem;PlayLinc Adapter; C:\Windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-08-16 9545152]
S3 snpstd;Trust Webcam 14823; C:\Windows\system32\DRIVERS\snpstd.sys [2006-05-03 390784]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-11-14 906520]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-14 285392]
R2 LiveTurbineMessageService;Turbine Message Service - Live; D:\Games\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-11-05 271856]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R3 LiveTurbineNetworkService;Turbine Network Service - Live; D:\Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-11-05 218608]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-04-16 91184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-11-19 348824]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-12-14 321320]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-17 215584]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-17 239648]

-----------------EOF-----------------
Ktardin
Active Member
 
Posts: 13
Joined: December 28th, 2009, 4:42 pm

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Cypher » January 7th, 2010, 1:39 pm

Hi Ktardin.
Please post the AVG log when ready.
Things are looking good so far :)

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 17.
  • Click on Download.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.


Next.


ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    C:\Users\Ktardin\Desktop\White Lies - To Lose My Life [mp3-224-2009]\Stuffzorrr\Skins\CheatEngine55.exe 
    D:\blalba\Stuffzorrr\Skins\CheatEngine55.exe 
    D:\blalba\Stuffzorrr\Skins\GenericSafeDiskPatch.Arth.zip 
    D:\blalba\Stuffzorrr\Skins\wpepro09x(2).zip
    D:\blalba\Stuffzorrr\Skins\wpepro09x.zip
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.



Logs/Information to Post in your Next Reply

  • ComboFix log.
  • AVG log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Ktardin » January 8th, 2010, 7:19 am

Ah, i ran AVG last night, before seeing your last post... AVG found the files you asked me to write into a notepad file and drag into combofix... and has moved them to the virus vault, Im sorry i should have checked your post before going to bed last night, my bad =/ Anyway the javan environment thing is installed fine, and here is my AVG log (i obviously havent carried out your combofix instructions so i have no combofix log.)

AVG log:

"Scan ""Scan whole computer"" was finished."
"Infections";"2";"2";"0"
"Spyware";"6";"6";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"08 January 2010, 00:03:29"
"Scan finished:";"08 January 2010, 01:47:37 (1 hour(s) 44 minute(s) 8 second(s))"
"Total object scanned:";"930668"
"User who launched the scan:";"Ktardin"

"Infections"
"File";"Infection";"Result"
"D:\blalba\Stuffzorrr\Skins\GenericSafeDiskPatch.Arth.zip:\ApiHooks.dll";"Virus found DNSChanger";"Moved to Virus Vault"
"D:\blalba\Stuffzorrr\Skins\GenericSafeDiskPatch.Arth.zip";"Virus found DNSChanger";"Moved to Virus Vault"

"Spyware"
"File";"Infection";"Result"
"D:\blalba\Stuffzorrr\Skins\wpepro09x.zip:\WpeSpy.dll";"Potentially harmful program Tool.GN";"Moved to Virus Vault"
"D:\blalba\Stuffzorrr\Skins\wpepro09x.zip:\WPE PRO.exe";"Potentially harmful program HackTool.EHU";"Moved to Virus Vault"
"D:\blalba\Stuffzorrr\Skins\wpepro09x.zip";"Potentially harmful program HackTool.EHU";"Moved to Virus Vault"
"D:\blalba\Stuffzorrr\Skins\wpepro09x(2).zip:\WpeSpy.dll";"Potentially harmful program Tool.GN";"Moved to Virus Vault"
"D:\blalba\Stuffzorrr\Skins\wpepro09x(2).zip:\WPE PRO.exe";"Potentially harmful program HackTool.EHU";"Moved to Virus Vault"
"D:\blalba\Stuffzorrr\Skins\wpepro09x(2).zip";"Potentially harmful program HackTool.EHU";"Moved to Virus Vault"





No rootkits! hurrah! :cheers: :D
i honestly cant thank you enough, :D
Ktardin
Active Member
 
Posts: 13
Joined: December 28th, 2009, 4:42 pm

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Cypher » January 8th, 2010, 8:26 am

Hi Ktardin.
i honestly cant thank you enough.

Your most welcome :)
As one final check please run the ESET online scan again and post the results in your next reply.

First please run ATF cleaner again

Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the below scan.


Next.


ESET online scannner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Ktardin » January 9th, 2010, 6:49 am

Hey cypher, ESET ran fine, i am getting jerks, or pauses, if u will, when browsing the interwebs on firefox... every now and then i'll get little jerks that i nevver got before... this could be TOTALY unrelated and probably is, just running it past ya :)

Here is the ESET log

C:\Qoobox\Quarantine\C\Program Files\Cheat Engine\dbk32.sys.vir Win32/HackTool.CheatEngine application
C:\Qoobox\Quarantine\C\Windows\System32\drivers\atapi.sys.vir Win32/Olmarik.OF virus
C:\Users\Ktardin\Desktop\White Lies - To Lose My Life [mp3-224-2009]\Stuffzorrr\Skins\CheatEngine55.exe Win32/HackTool.CheatEngine application
D:\blalba\Stuffzorrr\Skins\CheatEngine55.exe Win32/HackTool.CheatEngine application
Ktardin
Active Member
 
Posts: 13
Joined: December 28th, 2009, 4:42 pm

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Cypher » January 9th, 2010, 12:05 pm

Hi Ktardin.
Just a two things to deal with.

C:\Users\Ktardin\Desktop\White Lies - To Lose My Life [mp3-224-2009]\Stuffzorrr\Skins\CheatEngine55.exe << Delete this file.
D:\blalba\Stuffzorrr\Skins\CheatEngine55.exe << Delete this file


The rest of your logs appear to be clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:




Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next.

OTC

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Right-click OTC.exe And select " Run as administrator " to run it.
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis
  • Double click HijackThis.exe
  • From the Main menu click Open the Misc Tools section
  • Using the scroll bar, scroll down to Uninstall HijackThis
  • Click Uninstall HijackThis & exit then click Yes at the prompt



You can now delete the Sysprot folder Plus any logs saved to your desktop.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install Sitehound
SiteHound is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Ktardin » January 9th, 2010, 12:19 pm

Absolutely fantastic, your service has been brillaint, and my PC is clean!

I am going to go ahead and download + install the MVPS hosts file. And also im going to run a defrag because i cant remember the last time i did so :)

I wont be re-installing any P2P Software ever again :oops: , and i have no further questions, thankyou again! :)

Hopefully you wont see me back here again, but i know where to come if i ever get re-infected ;)

Thanks and goodbye Cypher :)
Ktardin
Active Member
 
Posts: 13
Joined: December 28th, 2009, 4:42 pm

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby Cypher » January 9th, 2010, 12:39 pm

Hi Ktardin.
As you have no further questions i will ask for this topic to be closed.
Good luck :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: C:\Windows\System32\drivers\atapi.sys.....Trojan.rootkit

Unread postby jmw3 » January 11th, 2010, 8:48 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 309 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware