virus in atapi.sys

[johnb35]

We need to know which of those files are clean so we can fix the other one. I need you to upload each of those files to this site.

Please go to Virustotal.com

Click on the browse button and upload each of those files so it can scan it and then give me link to the result for each file. It might take a minute for it give the result.

 

[psaila]

C:\Windows\ERDNT\cache\atapi.sys: http://www.virustotal.com/analisis/...8369c4218bdb1f69110c3e31d395884ad6-1261405310

C:\Windows\System32\drivers\atapi.sys: http://www.virustotal.com/analisis/...2e268d3490b0ef95c000ce85658f546a8e-1261420726

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys: http://www.virustotal.com/analisis/...8369c4218bdb1f69110c3e31d395884ad6-1261405310

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys: http://www.virustotal.com/analisis/...8369c4218bdb1f69110c3e31d395884ad6-1261405310

This is it. Seems to be second file is infected and all the others seem to be the same. How can I cure it???

 

[johnb35]

The other 3 aren't totally clean unless they are false positives. But lets try this, it won't hurt anyway.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

KillAll::

FCopy::
C:\Windows\ERDNT\cache\atapi.sys  | C:\Windows\System32\drivers\atapi.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[psaila]

Did what you told me and here's the result....

ComboFix 09-12-21.08 - Etienne 12/22/2009 20:54:49.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3455.2384 [GMT 1:00]
Running from: c:\users\Etienne\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\Etienne\Documents\Downloads\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-22 19:59 . 2009-12-22 19:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-22 19:59 . 2009-12-22 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-22 19:53 . 2009-12-22 19:53 -------- d-----w- C:\32788R22FWJFW
2009-12-22 19:14 . 2009-12-22 19:14 -------- d-----w- c:\program files\Spb Software House
2009-12-22 17:39 . 2009-12-22 17:40 -------- d-----w- c:\program files\Google
2009-12-21 19:00 . 2009-12-22 20:01 -------- d-----w- c:\users\Etienne\AppData\Local\temp
2009-12-19 11:03 . 2009-12-12 08:26 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-19 11:03 . 2009-12-12 08:26 294680 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll
2009-12-19 06:57 . 2009-12-19 06:57 -------- d-----w- c:\program files\Microsoft Works
2009-12-19 06:56 . 2009-12-19 06:56 -------- d-----w- c:\program files\Microsoft.NET
2009-12-19 06:54 . 2009-12-19 06:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-16 16:52 . 2003-06-05 16:15 57436 ----a-w- c:\windows\DASShp.dll
2009-12-13 17:19 . 2009-12-13 17:19 -------- d-----w- C:\temp
2009-12-13 13:47 . 2009-12-13 13:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-13 13:47 . 2009-12-13 13:48 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-12 18:01 . 2009-12-12 18:01 -------- d-----w- c:\users\Etienne\AppData\Local\Microsoft Games
2009-12-12 15:36 . 2009-12-22 18:32 -------- d-----w- c:\windows\WindowsMobile
2009-12-12 15:02 . 2009-12-12 15:02 -------- d-----w- c:\users\Etienne\AppData\Roaming\Ashampoo
2009-12-12 14:57 . 2009-12-22 18:42 -------- d-----w- c:\users\Etienne\Tracing
2009-12-12 14:57 . 2009-12-12 14:57 -------- d-----w- c:\program files\Microsoft
2009-12-12 14:56 . 2009-12-12 14:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-12 14:56 . 2009-12-12 14:57 -------- d-----w- c:\program files\Windows Live
2009-12-12 09:39 . 2009-12-12 09:45 -------- d-----w- c:\users\Etienne\AppData\Local\Adobe
2009-12-12 09:38 . 2009-12-12 09:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-12 08:36 . 2009-12-12 08:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-12 08:34 . 2009-12-12 08:34 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-12-12 08:27 . 2009-12-16 18:37 -------- d-----w- C:\$AVG
2009-12-12 08:27 . 2009-12-12 08:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-12 08:27 . 2009-12-12 08:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-12 08:27 . 2009-12-12 08:27 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-12 08:26 . 2009-12-22 17:49 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-12 08:26 . 2009-12-12 08:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-12 08:26 . 2009-12-12 08:26 -------- d-----w- c:\programdata\avg9
2009-12-12 08:26 . 2009-12-12 08:26 -------- d-----w- c:\program files\AVG
2009-12-12 07:42 . 2009-12-12 07:42 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-12 07:42 . 2009-12-12 07:42 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-12 07:42 . 2009-12-12 07:42 -------- d-----w- c:\program files\OpenAL
2009-12-12 07:42 . 2009-12-12 07:42 -------- d-----w- c:\windows\system32\Futuremark
2009-12-12 07:42 . 2009-12-12 07:42 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-12-12 07:42 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-12 07:22 . 2009-12-13 13:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-12 07:22 . 2009-12-12 07:22 -------- d-----w- c:\windows\system32\AGEIA
2009-12-12 05:18 . 2009-12-12 05:18 -------- d-----w- c:\programdata\KONAMI
2009-12-11 00:09 . 2009-12-10 15:15 -------- d-----w- c:\windows\Panther
2009-12-11 00:08 . 2009-12-11 00:08 -------- d-----w- C:\Boot
2009-12-10 18:29 . 2009-12-10 18:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-10 17:43 . 2009-12-10 17:43 -------- d-----w- c:\programdata\Hewlett-Packard
2009-12-10 17:43 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2009-12-10 17:12 . 2009-12-10 17:12 -------- d-----w- c:\users\Etienne\AppData\Roaming\Malwarebytes
2009-12-10 17:12 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-10 17:12 . 2009-12-10 17:12 -------- d-----w- c:\programdata\Malwarebytes
2009-12-10 17:12 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-10 16:57 . 2004-11-01 23:47 327168 ----a-w- c:\windows\IsUninst.exe
2009-12-10 16:57 . 2009-12-10 16:57 -------- d-----w- c:\windows\system32\IoSubSys
2009-12-10 16:50 . 2009-12-10 16:50 -------- d-----w- c:\windows\system32\Macromed
2009-12-10 16:48 . 2009-12-22 17:40 -------- d-----w- c:\users\Etienne\AppData\Local\Google
2009-12-10 16:47 . 2009-12-10 16:47 -------- d-----w- c:\users\Etienne\AppData\Local\Apps
2009-12-10 16:47 . 2009-12-10 16:48 -------- d-----w- c:\users\Etienne\AppData\Local\Deployment
2009-12-10 16:47 . 2009-12-10 16:48 -------- d-----w- c:\program files\Analog Devices
2009-12-10 16:46 . 2009-12-10 16:46 -------- d-----w- c:\users\Etienne\AppData\Roaming\InstallShield
2009-12-10 16:30 . 2007-01-18 11:14 45056 ----a-w- c:\windows\p3xunist.exe
2009-12-10 16:30 . 2009-12-16 16:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-10 16:30 . 2009-12-10 16:30 -------- d-----w- c:\program files\CONCEPTRONIC Multimedia
2009-12-10 16:30 . 2009-12-13 17:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-10 16:26 . 2009-12-19 07:06 123224 ----a-w- c:\users\Etienne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 16:25 . 2009-12-10 16:25 -------- d-----w- C:\conceptronic
2009-12-10 16:22 . 2009-12-22 19:54 -------- d-----w- c:\users\Etienne\AppData\Roaming\BitTorrent
2009-12-10 16:19 . 2009-12-12 05:13 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 16:16 . 2009-12-10 16:16 -------- d-----w- c:\users\Etienne\AppData\Local\ashampoo
2009-12-10 16:16 . 2009-12-10 16:16 -------- d-----w- c:\programdata\ashampoo
2009-12-10 16:14 . 2009-12-10 16:14 -------- d-----w- c:\users\Etienne\AppData\Local\Ares
2009-12-10 16:09 . 2006-10-26 18:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-10 16:09 . 2006-10-26 18:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2009-12-10 16:09 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-10 16:09 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-10 16:08 . 2009-12-10 16:08 -------- d-----w- c:\windows\PCHEALTH
2009-12-10 16:06 . 2009-12-10 16:06 -------- d-----w- c:\users\Etienne\AppData\Local\Microsoft Help
2009-12-10 16:06 . 2009-12-19 16:42 -------- d-----w- c:\programdata\Microsoft Help
2009-12-10 16:06 . 2009-12-10 16:06 -------- d-----r- C:\MSOCache
2009-12-10 15:57 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-10 15:56 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-10 15:56 . 2009-12-22 20:01 -------- d-----w- c:\programdata\NVIDIA
2009-12-10 15:55 . 2009-12-22 17:40 -------- d-sh--w- c:\windows\Installer
2009-12-10 15:55 . 2009-11-19 20:42 592488 ----a-w- c:\windows\system32\nvuninst.exe
2009-12-10 15:32 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-10 15:18 . 2009-12-22 17:36 -------- d-----w- c:\windows\system32\wbem\Performance

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 06:56 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-12 15:52 . 2009-12-12 15:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-12 15:37 . 2009-12-12 15:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-12-11 00:11 . 2009-12-11 00:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-10 16:46 . 2006-12-15 00:21 30208 ----a-w- c:\windows\system32\SmaxCo.dll
2009-12-10 16:46 . 2007-01-16 11:16 318464 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2009-12-10 16:46 . 2006-12-14 23:29 593920 ----a-w- c:\windows\system32\AEADIExt.dll
2009-12-10 16:46 . 2006-12-14 23:24 119808 ----a-w- c:\windows\system32\AEADIAPO.dll
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-10-02 04:06 . 2009-12-10 15:54 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-27 22:12 . 2009-09-27 22:12 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-09-27 22:12 . 2009-09-27 22:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 16:47 . 2009-09-27 16:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 16:47 . 2009-09-27 16:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 16:47 . 2009-09-27 16:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 16:47 . 2009-09-27 16:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 16:47 . 2009-09-27 16:47 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 16:47 . 2009-09-27 16:47 150120 ----a-w- c:\windows\system32\nvshext.dll
2009-09-27 16:47 . 2009-09-27 16:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 16:47 . 2009-09-27 16:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 16:46 . 2009-09-27 16:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2009-07-14 01:26 . 467FAB03AFA8E6007E33442255224B35 . 21584 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-12-20_06.51.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-22 18:32 . 2009-12-22 18:32 28672 c:\windows\WindowsMobile\Spb Full Screen Keyboard\uninstall.exe
+ 2009-12-10 16:00 . 2009-12-20 07:10 17928 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2009-12-22 10:11 35684 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-11 00:14 . 2009-12-20 08:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-11 00:14 . 2009-12-19 16:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-11 00:14 . 2009-12-19 16:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-11 00:14 . 2009-12-20 08:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2009-12-20 08:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2009-12-19 16:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2009-12-22 18:04 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-10 15:17 . 2009-12-22 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-10 15:17 . 2009-12-20 06:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 08:00 . 2009-12-19 16:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 08:00 . 2009-12-20 19:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 08:00 . 2009-12-20 19:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-12 08:00 . 2009-12-19 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-12 08:00 . 2009-12-19 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-12 08:00 . 2009-12-20 19:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-10 15:17 . 2009-12-20 06:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-10 15:17 . 2009-12-22 19:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-10 15:17 . 2009-12-20 06:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-10 15:17 . 2009-12-22 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-22 17:39 . 2009-12-22 17:39 26624 c:\windows\Installer\19b949f.msi
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ARPPRODUCTICON.exe
+ 2009-12-10 15:35 . 2009-12-22 10:11 6498 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2892283828-576049475-3074606464-1001_UserData.bin
+ 2009-12-22 10:10 . 2009-12-22 20:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-20 06:37 . 2009-12-20 06:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-22 10:10 . 2009-12-22 20:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-20 06:37 . 2009-12-20 06:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2009-12-20 06:42 618026 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2009-12-22 17:36 618026 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2009-12-20 06:42 104340 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2009-12-22 17:36 104340 c:\windows\System32\perfc009.dat
- 2009-12-10 15:18 . 2009-12-19 16:28 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-10 15:18 . 2009-12-20 08:09 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:03 . 2009-12-22 18:14 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2009-12-20 06:51 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-12-10 03:00 . 2009-12-10 03:00 1291776 c:\windows\Installer\19b94a7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Etienne\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-10 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-12-10 868352]
"RivaTunerStartupDaemon"="d:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12685928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/12/2009 9:27 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/12/2009 9:27 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/12/2009 9:26 AM 285392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [11/20/2009 7:17 PM 240232]
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [1/18/2007 7:15 PM 670592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [6/10/2009 10:18 PM 139776]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 6:39 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-12-22 21:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 20:02
ComboFix2.txt 2009-12-21 19:00
ComboFix3.txt 2009-12-20 08:23
ComboFix4.txt 2009-12-20 06:53
ComboFix5.txt 2009-12-22 19:53

Pre-Run: 144,157,691,904 bytes free
Post-Run: 143,785,713,664 bytes free

- - End Of File - - 48A9E6DA0969BD51C273D81D3DCD47DE

 

[johnb35]

Scan your drive and see if atapi.sys is still infected.

 

[psaila]

yes it's still infected. I know that this file is probably a CD driver. Is there a way to uninstall and install the driver back maybe??

 

[johnb35]

Lets try that procedure again. I don't think you did it right cause according to the combofix log, the action wasn't performed.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

KillAll::

FCopy::
C:\Windows\ERDNT\cache\atapi.sys | C:\Windows\System32\drivers\atapi.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

If this don't work, we'll try something else.

 

[psaila]

Did as you said and this is the new report:

ComboFix 09-12-23.06 - Etienne 12/24/2009 16:41:06.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3455.2323 [GMT 1:00]
Running from: c:\users\Etienne\Desktop\ComboFix.exe
Command switches used :: c:\users\Etienne\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tdlcmd.dll

.
--------------- FCopy ---------------

c:\windows\ERDNT\cache\atapi.sys --> c:\windows\System32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-24 15:44 . 2009-12-24 15:45 -------- d-----w- c:\users\Etienne\AppData\Local\temp
2009-12-24 15:44 . 2009-12-24 15:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-24 15:44 . 2009-12-24 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-24 15:40 . 2009-12-24 15:40 -------- d-----w- C:\32788R22FWJFW
2009-12-24 13:37 . 2009-12-12 08:26 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-24 13:37 . 2009-12-12 08:26 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-24 13:37 . 2009-12-12 08:26 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-24 13:37 . 2009-12-12 08:26 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2009-12-22 19:14 . 2009-12-22 19:14 -------- d-----w- c:\program files\Spb Software House
2009-12-22 17:39 . 2009-12-22 17:40 -------- d-----w- c:\program files\Google
2009-12-19 11:03 . 2009-12-19 11:03 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll
2009-12-19 11:03 . 2009-12-12 08:26 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-19 06:57 . 2009-12-19 06:57 -------- d-----w- c:\program files\Microsoft Works
2009-12-19 06:56 . 2009-12-19 06:56 -------- d-----w- c:\program files\Microsoft.NET
2009-12-19 06:54 . 2009-12-19 06:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-16 16:52 . 2003-06-05 16:15 57436 ----a-w- c:\windows\DASShp.dll
2009-12-13 17:19 . 2009-12-13 17:19 -------- d-----w- C:\temp
2009-12-13 13:47 . 2009-12-13 13:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-13 13:47 . 2009-12-13 13:48 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-12 18:01 . 2009-12-12 18:01 -------- d-----w- c:\users\Etienne\AppData\Local\Microsoft Games
2009-12-12 15:36 . 2009-12-23 05:33 -------- d-----w- c:\windows\WindowsMobile
2009-12-12 15:02 . 2009-12-12 15:02 -------- d-----w- c:\users\Etienne\AppData\Roaming\Ashampoo
2009-12-12 14:57 . 2009-12-22 18:42 -------- d-----w- c:\users\Etienne\Tracing
2009-12-12 14:57 . 2009-12-12 14:57 -------- d-----w- c:\program files\Microsoft
2009-12-12 14:56 . 2009-12-12 14:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-12 14:56 . 2009-12-12 14:57 -------- d-----w- c:\program files\Windows Live
2009-12-12 09:39 . 2009-12-12 09:45 -------- d-----w- c:\users\Etienne\AppData\Local\Adobe
2009-12-12 09:38 . 2009-12-12 09:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-12 08:36 . 2009-12-12 08:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-12 08:34 . 2009-12-12 08:34 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-12-12 08:27 . 2009-12-16 18:37 -------- d-----w- C:\$AVG
2009-12-12 08:27 . 2009-12-12 08:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-12 08:27 . 2009-12-12 08:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-12 08:27 . 2009-12-12 08:27 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-12 08:26 . 2009-12-24 13:35 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-12 08:26 . 2009-12-12 08:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-12 08:26 . 2009-12-12 08:26 -------- d-----w- c:\programdata\avg9
2009-12-12 08:26 . 2009-12-12 08:26 -------- d-----w- c:\program files\AVG
2009-12-12 07:42 . 2009-12-12 07:42 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-12 07:42 . 2009-12-12 07:42 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-12 07:42 . 2009-12-12 07:42 -------- d-----w- c:\program files\OpenAL
2009-12-12 07:42 . 2009-12-12 07:42 -------- d-----w- c:\windows\system32\Futuremark
2009-12-12 07:42 . 2009-12-12 07:42 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-12-12 07:42 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-12 07:22 . 2009-12-13 13:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-12 07:22 . 2009-12-12 07:22 -------- d-----w- c:\windows\system32\AGEIA
2009-12-12 05:18 . 2009-12-12 05:18 -------- d-----w- c:\programdata\KONAMI
2009-12-11 00:09 . 2009-12-10 15:15 -------- d-----w- c:\windows\Panther
2009-12-11 00:08 . 2009-12-11 00:08 -------- d-----w- C:\Boot
2009-12-10 18:29 . 2009-12-10 18:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-10 17:43 . 2009-12-10 17:43 -------- d-----w- c:\programdata\Hewlett-Packard
2009-12-10 17:43 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2009-12-10 17:12 . 2009-12-10 17:12 -------- d-----w- c:\users\Etienne\AppData\Roaming\Malwarebytes
2009-12-10 17:12 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-10 17:12 . 2009-12-10 17:12 -------- d-----w- c:\programdata\Malwarebytes
2009-12-10 17:12 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-10 16:57 . 2004-11-01 23:47 327168 ----a-w- c:\windows\IsUninst.exe
2009-12-10 16:57 . 2009-12-10 16:57 -------- d-----w- c:\windows\system32\IoSubSys
2009-12-10 16:50 . 2009-12-10 16:50 -------- d-----w- c:\windows\system32\Macromed
2009-12-10 16:48 . 2009-12-22 17:40 -------- d-----w- c:\users\Etienne\AppData\Local\Google
2009-12-10 16:47 . 2009-12-10 16:47 -------- d-----w- c:\users\Etienne\AppData\Local\Apps
2009-12-10 16:47 . 2009-12-10 16:48 -------- d-----w- c:\users\Etienne\AppData\Local\Deployment
2009-12-10 16:47 . 2009-12-10 16:48 -------- d-----w- c:\program files\Analog Devices
2009-12-10 16:46 . 2009-12-10 16:46 -------- d-----w- c:\users\Etienne\AppData\Roaming\InstallShield
2009-12-10 16:30 . 2007-01-18 11:14 45056 ----a-w- c:\windows\p3xunist.exe
2009-12-10 16:30 . 2009-12-16 16:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-10 16:30 . 2009-12-10 16:30 -------- d-----w- c:\program files\CONCEPTRONIC Multimedia
2009-12-10 16:30 . 2009-12-13 17:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-10 16:26 . 2009-12-19 07:06 123224 ----a-w- c:\users\Etienne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 16:25 . 2009-12-10 16:25 -------- d-----w- C:\conceptronic
2009-12-10 16:22 . 2009-12-24 15:41 -------- d-----w- c:\users\Etienne\AppData\Roaming\BitTorrent
2009-12-10 16:19 . 2009-12-12 05:13 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 16:16 . 2009-12-10 16:16 -------- d-----w- c:\users\Etienne\AppData\Local\ashampoo
2009-12-10 16:16 . 2009-12-10 16:16 -------- d-----w- c:\programdata\ashampoo
2009-12-10 16:14 . 2009-12-10 16:14 -------- d-----w- c:\users\Etienne\AppData\Local\Ares
2009-12-10 16:09 . 2006-10-26 18:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-10 16:09 . 2006-10-26 18:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2009-12-10 16:09 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-10 16:09 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-10 16:08 . 2009-12-10 16:08 -------- d-----w- c:\windows\PCHEALTH
2009-12-10 16:06 . 2009-12-10 16:06 -------- d-----w- c:\users\Etienne\AppData\Local\Microsoft Help
2009-12-10 16:06 . 2009-12-19 16:42 -------- d-----w- c:\programdata\Microsoft Help
2009-12-10 16:06 . 2009-12-10 16:06 -------- d-----r- C:\MSOCache
2009-12-10 15:57 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-10 15:56 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-10 15:56 . 2009-12-24 15:45 -------- d-----w- c:\programdata\NVIDIA
2009-12-10 15:55 . 2009-12-22 17:40 -------- d-sh--w- c:\windows\Installer
2009-12-10 15:55 . 2009-11-19 20:42 592488 ----a-w- c:\windows\system32\nvuninst.exe
2009-12-10 15:32 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-10 15:18 . 2009-12-24 14:18 -------- d-----w- c:\windows\system32\wbem\Performance

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 06:56 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-12 15:52 . 2009-12-12 15:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-12 15:37 . 2009-12-12 15:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-12-11 00:11 . 2009-12-11 00:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-10 16:46 . 2006-12-15 00:21 30208 ----a-w- c:\windows\system32\SmaxCo.dll
2009-12-10 16:46 . 2007-01-16 11:16 318464 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2009-12-10 16:46 . 2006-12-14 23:29 593920 ----a-w- c:\windows\system32\AEADIExt.dll
2009-12-10 16:46 . 2006-12-14 23:24 119808 ----a-w- c:\windows\system32\AEADIAPO.dll
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-10-02 04:06 . 2009-12-10 15:54 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-27 22:12 . 2009-09-27 22:12 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-09-27 22:12 . 2009-09-27 22:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 16:47 . 2009-09-27 16:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 16:47 . 2009-09-27 16:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 16:47 . 2009-09-27 16:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 16:47 . 2009-09-27 16:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 16:47 . 2009-09-27 16:47 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 16:47 . 2009-09-27 16:47 150120 ----a-w- c:\windows\system32\nvshext.dll
2009-09-27 16:47 . 2009-09-27 16:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 16:47 . 2009-09-27 16:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 16:46 . 2009-09-27 16:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-12-20_06.51.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-23 05:33 . 2009-12-23 05:33 49152 c:\windows\WindowsMobile\Spb Imageer\uninstall.exe
+ 2009-12-22 18:32 . 2009-12-22 18:32 28672 c:\windows\WindowsMobile\Spb Full Screen Keyboard\uninstall.exe
+ 2009-12-10 16:00 . 2009-12-20 07:10 17928 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2009-12-24 13:34 35700 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-11 00:14 . 2009-12-23 06:20 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-11 00:14 . 2009-12-19 16:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-11 00:14 . 2009-12-19 16:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-11 00:14 . 2009-12-23 06:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2009-12-19 16:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2009-12-23 06:20 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2009-12-22 18:04 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-12-10 15:17 . 2009-12-20 06:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-10 15:17 . 2009-12-24 14:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-12 08:00 . 2009-12-24 15:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-12 08:00 . 2009-12-19 16:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-12 08:00 . 2009-12-19 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-12 08:00 . 2009-12-24 15:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-12 08:00 . 2009-12-19 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-12 08:00 . 2009-12-24 15:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-10 15:17 . 2009-12-24 15:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-10 15:17 . 2009-12-20 06:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-10 15:17 . 2009-12-24 14:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-10 15:17 . 2009-12-20 06:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-22 17:39 . 2009-12-22 17:39 26624 c:\windows\Installer\19b949f.msi
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-22 17:40 . 2009-12-22 17:40 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ARPPRODUCTICON.exe
+ 2009-12-10 15:35 . 2009-12-24 13:34 6514 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2892283828-576049475-3074606464-1001_UserData.bin
- 2009-12-20 06:37 . 2009-12-20 06:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-24 13:32 . 2009-12-24 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-20 06:37 . 2009-12-20 06:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-24 13:32 . 2009-12-24 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2009-12-20 06:42 618026 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2009-12-24 14:18 618026 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2009-12-24 14:18 104340 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2009-12-20 06:42 104340 c:\windows\System32\perfc009.dat
- 2009-12-10 15:18 . 2009-12-19 16:28 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-10 15:18 . 2009-12-23 06:20 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:03 . 2009-12-24 14:27 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2009-12-20 06:51 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-12-10 03:00 . 2009-12-10 03:00 1291776 c:\windows\Installer\19b94a7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Etienne\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-10 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-12-10 868352]
"RivaTunerStartupDaemon"="d:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12685928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/12/2009 9:27 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/12/2009 9:27 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/12/2009 9:26 AM 285392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [11/20/2009 7:17 PM 240232]
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [1/18/2007 7:15 PM 670592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [6/10/2009 10:18 PM 139776]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 6:39 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\consent.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\WindowsMobile\WmdHost.exe
.
**************************************************************************
.
Completion time: 2009-12-24 16:47:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-24 15:47
ComboFix2.txt 2009-12-22 20:02
ComboFix3.txt 2009-12-21 19:00
ComboFix4.txt 2009-12-20 08:23
ComboFix5.txt 2009-12-24 15:40

Pre-Run: 146,625,933,312 bytes free
Post-Run: 146,483,437,568 bytes free

- - End Of File - - 1FA95BE350C0F2599E16110EB1999A6D

 

[psaila]

Till now I did not get the alert yet and when I scanned the file it said that it's clean. We will see. What do you think from the log?

 

[Respital]

Please run a full scan with the most up to date database in Malwarebytes' and post a new HijackThis log.

 

[psaila]

I am really thinking that the problem is solved now because before every time I put a CD in the drive the alert popped up but it hasn't so far. Big thanks to johnb35 for helping.

HAPPY CHRISTMAS

 

[johnb35]

Merry Christmas to you and your family.