WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] Clock keeps reseting to 12 April 2016!
Started by
sdabbs
, Nov 06 2009 04:05 AM
This topic is locked
141 replies to this topic
#76
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 02:04 PM
Register to Remove
#77
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 02:10 PM
Are you sure you waited long enough? It should return to the x:\i386\system32> command prompt when the search is complete.
Dave
#78
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 02:32 PM
yes sorry - i did'nt wait
Volume in drive C has no label.
Volume Serial Number is 1403-B6F1
Directory of c:\WINDOWS\$NtServicePackUninstall$
08/03/2004 09:59 PM 95360 atapi.sys
1 File(s) 95360 bytes
Directory of c:\WINDOWS\ServicePackFiles\i386
04/13/2008 06:40 PM 96512 atapi.sys
1 File(s) 96512 bytes
Directory of c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e
04/13/2008 06:40 PM 96512 atapi.sys
1 File(s) 96512 bytes
Directory of c:\WINDOWS\system32\drivers
04/13/2008 06:40 PM 96512 atapi.sys
1 File(s) 96512 bytes
Directory of c:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
08/03/2004 09:59 PM 95360 atapi.sys
1 File(s) 95360 bytes
Total Files Listed:
5 File(s) 480256 bytes
0 Dir(s) 30334029824 bytes free
#79
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 02:37 PM
Using windows explorer, rename the c:\WINDOWS\system32\drivers\atapi.sys file to atapi.sys.vir
Now copy c:\WINDOWS\ServicePackFiles\i386\atapi.sys to the c:\WINDOWS\system32\drivers folder.
Reboot and see if it boots normally.
Dave
#80
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 02:51 PM
I renamed the file atapi.sys.vir, and moved this file that I renamed (atapi.sys.vir) to c:\WINDOWS\system32\drivers (I assume you meant the new renamed file atapi.sys.vir as I could not find c:\WINDOWS\ServicePackFiles\i386\atapi.sys
#81
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 02:59 PM
The search results show there is an atapi.sys file in the i386 folder.
I'm a bit confused as to what you renamed/moved.
Lets repeat the search now. Please don't do anymore renaming, copying or moving at this time.
dir c:\atapi.sys /s >"%userprofile%\desktop\atapi.txt"
Directory of c:\WINDOWS\ServicePackFiles\i386
04/13/2008 06:40 PM 96512 atapi.sys
1 File(s) 96512 bytes
I'm a bit confused as to what you renamed/moved.
Lets repeat the search now. Please don't do anymore renaming, copying or moving at this time.
dir c:\atapi.sys /s >"%userprofile%\desktop\atapi.txt"
Dave
#82
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 03:27 PM
I'm sorry I think I renamed c:\WINDOWS\system32\drivers\atapi.sys file to atapi.sys.vir and thyen I copied it to the c:\WINDOWS\system32\drivers folder. (instead of copying c:\WINDOWS\ServicePackFiles\i386\atapi.sys).
Volume in drive C has no label.
Volume Serial Number is 1403-B6F1
Directory of c:\WINDOWS\$NtServicePackUninstall$
08/03/2004 09:59 PM 95360 atapi.sys
1 File(s) 95360 bytes
Directory of c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e
04/13/2008 06:40 PM 96512 atapi.sys
1 File(s) 96512 bytes
Directory of c:\WINDOWS\system32\drivers
04/13/2008 06:40 PM 96512 atapi.sys
1 File(s) 96512 bytes
Directory of c:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
08/03/2004 09:59 PM 95360 atapi.sys
1 File(s) 95360 bytes
Total Files Listed:
4 File(s) 383744 bytes
0 Dir(s) 30333931520 bytes free
#83
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 03:41 PM
Looks like the servicepackfiles folder went missing. We need to find it.
Please do another search.
dir c:\atapi.sys* /s >"%userprofile%\desktop\atapi.txt"
Dave
#84
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 03:50 PM
Volume in drive C has no label.
Volume Serial Number is 1403-B6F1
Directory of c:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
04/13/2008 06:40 PM 96512 atapi.sys.vir
1 File(s) 96512 bytes
Directory of c:\WINDOWS\$NtServicePackUninstall$
08/03/2004 09:59 PM 95360 atapi.sys
1 File(s) 95360 bytes
Directory of c:\WINDOWS\ServicePackFiles\i386
04/13/2008 06:40 PM 96512 atapi.sys.vir
1 File(s) 96512 bytes
Directory of c:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e
04/13/2008 06:40 PM 96512 atapi.sys
1 File(s) 96512 bytes
Directory of c:\WINDOWS\system32\drivers
04/13/2008 06:40 PM 96512 atapi.sys
04/13/2008 06:40 PM 96512 atapi.sys.vir
2 File(s) 193024 bytes
Directory of c:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
08/03/2004 09:59 PM 95360 atapi.sys
1 File(s) 95360 bytes
Total Files Listed:
7 File(s) 673280 bytes
0 Dir(s) 30333931520 bytes free
#85
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 03:57 PM
Copy the contents of the code box below and save it to text.
Transfer the text file to MiniXP, then open and copy again.
Open a command window and paste the copied text.
The command window will close on it's own.
Restart and see if bootup is successful.
ren c:\WINDOWS\ServicePackFiles\i386\atapi.sys.vir atapi.sys del /q c:\WINDOWS\system32\drivers\atapi.sys.vir ren c:\WINDOWS\system32\drivers\atapi.sys atapi.sys.vir copy c:\WINDOWS\ServicePackFiles\i386\atapi.sys c:\WINDOWS\system32\drivers exit cls
Transfer the text file to MiniXP, then open and copy again.
Open a command window and paste the copied text.
The command window will close on it's own.
Restart and see if bootup is successful.
Dave
Register to Remove
#86
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 04:03 PM
You are a genius!
it has now booted up in normal windows
it has now booted up in normal windows
#87
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 04:48 PM
Happy to hear that!
Please disable your security applications and run ComboFix again. Make sure you allow it to update.
Post the new log when it completes.
Please disable your security applications and run ComboFix again. Make sure you allow it to update.
Post the new log when it completes.
Dave
#88
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 04:50 PM
Oh - please make sure the computer's time and date are set properly before running ComboFix.
Dave
#89
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 05:26 PM
hi,
The computer is really slow at the moment, mcafee keeps popping up telling me that it has discovered different trojans.
Anyway, I've been trying to run combofix a I got a windows message saying windows cannot open this file : nircmd.cfxxxe
Then the second time I tried it said that some files could not be created, and I need to restart windows - I will keep trying!
#90
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 05:38 PM
It also said that (in a command prompt) that the system could not find the file CFVersionOld
And then it said it was attempting a system restore point but just kept like that for 15 minutes
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
