Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to Install XP SP3 & site redirects in browser


  • This topic is locked This topic is locked
2 replies to this topic

#1 Ross Hickok

Ross Hickok

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 31 May 2010 - 12:43 PM


I cannot get XP SP3 to install. I get a message that says C:\windows\system32\drivers\atapi.sys is open to another application. Also, when in a browser and I do a search with any engine, I am redirected to other sites or search engines I have never heard of. I have tried useing IE and Firefox, same problem. Thanks in advance for any help.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Ross Hickok at 13:09:47.53 on Mon 05/31/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.445 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ShortKeys2\shklite.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\TRENDnet\TEW-649UB\WlanCU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ross Hickok\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.msn.com
uURLSearchHooks: FCToolbarURLSearchHook Class: {19a0f032-27d7-4227-bbb5-51aa9e5904f5} - c:\program files\dogpile toolbar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecause Toolbar BHO: {399c60d2-38b1-4e25-b9e7-6498c1bc2dcd} - c:\program files\dogpile toolbar\Toolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\mediabar\datamngr\IEBHO.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
TB: Dogpile Toolbar: {c53fe659-316a-4f56-a194-a5be491be866} - c:\program files\dogpile toolbar\Toolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DataMngr] c:\progra~1\bearshare applications\mediabar\\datamngr\DataMngrUI.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortkeys lite.lnk - c:\program files\shortkeys2\shklite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\windows search.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wireless configuration utility.lnk - c:\program files\trendnet\tew-649ub\WlanCU.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearshare applications\mediabar\\datamngr\datamngr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ross hickok\application data\mozilla\firefox\profiles\t2dvd2tr.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-1 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-1 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-1 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-2-1 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-1 308064]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-12 54760]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-1-23 20480]
R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-5-29 588032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 WLSVC;WLSVC;c:\program files\trendnet\tew-649ub\WLSVC.exe [2010-5-29 167936]
S3 azt2320;Aztech 2320 Audio Driver (WDM);c:\windows\system32\drivers\aztw2320.sys [2010-1-19 36992]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2010-1-19 96256]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-05-31 16:59:25 0 ----a-w- c:\documents and settings\ross hickok\defogger_reenable
2010-05-31 15:05:07 7000 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-05-29 13:22:52 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-29 13:22:45 588032 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2010-05-29 12:30:35 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-05-29 12:30:35 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-05-29 12:30:29 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-05-29 12:30:29 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-05-28 22:11:42 0 d-----w- c:\documents and settings\ross hickok\Tracing
2010-05-28 07:04:37 0 d-----w- c:\docume~1\ross hickok\application data\Malwarebytes
2010-05-28 07:04:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 07:04:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-28 07:04:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 07:04:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 06:47:36 0 d-----w- c:\program files\Windows Installer Clean Up
2010-05-28 06:47:06 0 d-----w- c:\program files\MSECACHE
2010-05-28 06:28:24 0 d-----w- c:\docume~1\ross hickok\application data\Windows Desktop Search
2010-05-28 06:28:04 0 d-----w- c:\windows\system32\GroupPolicy
2010-05-28 06:28:04 0 d-----w- c:\program files\Windows Desktop Search
2010-05-28 06:25:17 0 d-----w- c:\windows\system32\URTTEMP
2010-05-28 06:19:04 36352 ------w- c:\windows\system32\tsgqec.dll
2010-05-28 06:19:04 288768 ------w- c:\windows\system32\rhttpaa.dll
2010-05-28 06:19:04 116736 ------w- c:\windows\system32\aaclient.dll
2010-05-27 21:42:10 95360 ----a-w- c:\windows\system32\drivers\nbznmgza.sys
2010-05-27 20:35:55 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-27 20:28:12 172 ----a-w- c:\windows\system32\MRT.INI
2010-05-27 17:34:57 0 d-sh--w- c:\documents and settings\ross hickok\IECompatCache
2010-05-27 17:33:33 0 d-sh--w- c:\documents and settings\ross hickok\PrivacIE
2010-05-27 17:15:27 0 d-----w- c:\docume~1\ross hickok\application data\bearsharemediabartb
2010-05-23 07:41:01 6656 --sha-w- c:\windows\system32\Thumbs.db
2010-05-17 03:51:50 0 d-----w- c:\program files\RedRO
2010-05-08 21:42:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Insight Software Solutions
2010-05-08 21:42:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Insight Software
2010-05-08 21:42:53 0 d-----w- c:\program files\common files\Insight Software Solutions
2010-05-08 21:42:52 0 d-----w- c:\program files\ShortKeys2
2010-05-07 22:50:30 0 d-----w- c:\docume~1\alluse~1\applic~1\FarmFrenzy3_America
2010-05-07 22:49:40 0 d-----w- c:\program files\Oberon Media
2010-05-06 03:36:32 0 d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-05-06 03:35:27 0 d-----w- c:\program files\VideoLAN
2010-05-06 03:34:52 0 d-----w- c:\program files\Graboid
2010-05-06 01:45:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2010-05-06 01:45:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-28 11:44:02 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-04-21 13:03:56 242896 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 20:26:30 41872 -c--a-w- c:\windows\system32\xfcodec.dll
2010-03-18 20:47:22 17760 -c--a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 17:16:28 771424 -c--a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 17:16:28 70472 -c--a-w- c:\windows\system32\dxva2.dll
2010-03-18 17:16:28 486216 -c--a-w- c:\windows\system32\evr.dll
2010-03-18 14:09:00 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 14:09:00 49488 -c--a-w- c:\windows\system32\netfxperf.dll
2010-03-18 14:09:00 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 14:09:00 295264 -c--a-w- c:\windows\system32\PresentationHost.exe
2010-03-16 13:40:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 06:56:33 13440 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

============= FINISH: 13:10:19.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:34 PM

Posted 31 May 2010 - 01:18 PM

Hello Ross Hickok,



atapi.sys is most likely patched, according to the logs, so let's fix that first and see how things are then. thumbup2.gif

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to Hickok.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:34 PM

Posted 06 June 2010 - 04:27 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users