RPinney,

Several hours aren't unusual.

Finally, here it is

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, November 20, 2009
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, November 21, 2009 00:13:37
Records in database: 3252592
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Objects scanned: 113583
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:39:31


File name / Threat / Threats count
C:\Windows\System32\drivers\atapi.sys Infected: Rootkit.Win32.TDSS.u 1

Selected area has been scanned.

RPinney,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  CODE
  :filefind
  *atapi.sys
  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:43 on 20/11/2009 by Ryan Pinney (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi.sys"
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E
C:\Windows\System32\drivers\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] CC866C9DACA268746BEC8FF6A084FC44
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E

-=End Of File=-

RPinney,

Please open Notepad

1. Click Start , then Run
2. Type notepad.exe in the Run Box.
   Copy and Paste everything from the Quote box into Notepad:
   
   
   QUOTE
   @echo off
   COPY /Y/B/V C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys C:\atapi.sys
3. Save the file to your DESKTOP as "fix.bat". Make sure to save it with the quotes. Once saved, the icon to click should look like this on your desktop:
4. Double click fix.bat.

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.


Then

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  CODE
  :filefind
  *atapi.sys
  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Atapi.sys" not found!
File move operation "C:\Atapi.sys|C:\Windows\System32\drivers\atapi.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


________________________________________________________________________________

And now SystemLook
________________________________________________________________________________




SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:19 on 21/11/2009 by Ryan Pinney (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi.sys"
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E
C:\Windows\System32\drivers\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] CC866C9DACA268746BEC8FF6A084FC44
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E

-=End Of File=-

This post has been edited by RPinney: Nov 21 2009, 12:33 AM

edit: nevermind I have nothing to say. Thanks for helping me along so far =)

This post has been edited by RPinney: Nov 21 2009, 12:33 AM

RPinney,

I know this is a bit of a dumb question, but did you run fix.bat ?

Yes, I ran fix.bat

RPinney,

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  CODE
  :filefind
  *atapi.sys
  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:44 on 22/11/2009 by Ryan Pinney (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi.sys"
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E
C:\Windows\System32\drivers\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] CC866C9DACA268746BEC8FF6A084FC44
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys --a--- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E

-=End Of File=-

RPinney,

Please open Notepad

1. Click Start , then Run
2. Type notepad.exe in the Run Box.
   Copy and Paste everything from the Quote box into Notepad:
   
   
   QUOTE
   @echo off
   COPY /Y/B/V C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys C:\atapi.sys
3. Save the file to your DESKTOP as "fix.bat". Make sure to save it with the quotes. Once saved, the icon to click should look like this on your desktop:
4. Double click fix.bat.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

3. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply.


Then

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  CODE
  :filefind
  *atapi.sys
  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

and



also note (just to update) I'm still having the same problem. Whenever I insert any type of media into my optical drive I get a blue screen. Using driver genius professional all my drivers are up to date.

This post has been edited by RPinney: Nov 25 2009, 02:16 AM

RPinney,

I can't seem to get the batch file to copy the file you need. We are going to have to copy it by hand.

Please navigate to the C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81 folder and find the atapi.sys file. Right click on it and select copy.

Then go back to your desktop, right click anywhere in an open space on your desktop and select paste.

Then try running Avenger again using this script:

and