Jump to content


Photo
- - - - -

Issues


  • This topic is locked This topic is locked
92 replies to this topic

#21 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 01:15 AM

ComboFix 08-12-14.03 - James 2008-12-15 0:54:36.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.699 [GMT -6:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\1.exe
c:\documents and settings\James\h.exe
c:\program files\Common Files\System\rundll.exe
c:\program files\drivers\msmsrs.exe
c:\windows\msnguard.exe
c:\windows\system\msservice.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\James\h.exe
c:\windows\msnguard.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETSTATS
-------\Service_netstats


((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-14 20:43 . 2008-12-14 23:14 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-14 15:40 . 2008-12-14 15:40 293 --a------ C:\boot2.ini
2008-12-14 13:56 . 2008-12-14 13:56 <DIR> d-------- C:\rsit
2008-12-12 23:27 . 2002-07-17 08:05 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-12 03:05 . 2008-12-12 03:05 <DIR> d-------- c:\program files\KAZAA
2008-12-12 03:05 . 2008-12-12 03:05 <DIR> d-------- C:\My Downloads
2008-12-11 20:02 . 2008-12-11 20:02 0 --a------ c:\windows\QuickInstall.INI
2008-12-11 19:59 . 2008-12-12 15:21 <DIR> d-------- c:\program files\palmOne
2008-12-11 19:59 . 2008-12-11 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\HotSync
2008-12-11 19:59 . 2008-12-11 19:58 53,248 --a------ c:\windows\PalmDevC.dll
2008-12-11 19:58 . 2008-12-11 19:58 <DIR> d-------- c:\documents and settings\James\Application Data\HotSync
2008-12-11 19:27 . 2008-12-13 16:42 <DIR> d-------- c:\program files\mp3towav
2008-12-11 19:27 . 1999-09-17 10:56 118,784 --a------ c:\windows\system32\mp3dec.dll
2008-12-11 19:27 . 2001-12-12 10:42 40,960 --a------ c:\windows\system32\MDec.ocx
2008-12-11 19:26 . 2008-12-11 19:26 83 --a------ C:\Mp3FE.m3u
2008-12-11 19:25 . 2004-08-03 16:49 17 --a------ c:\windows\system32\WINSPOOL.WIN
2008-12-11 07:31 . 2008-12-11 07:31 268 --ah----- C:\sqmdata10.sqm
2008-12-11 07:31 . 2008-12-11 07:31 244 --ah----- C:\sqmnoopt10.sqm
2008-12-11 07:28 . 2008-12-11 07:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ideazon
2008-12-11 07:27 . 2008-12-11 07:27 <DIR> d-------- c:\program files\Ideazon
2008-12-11 07:27 . 2007-04-25 01:22 19,712 --a------ c:\windows\system32\drivers\gamingms.sys
2008-12-09 15:53 . 2008-12-09 15:54 1,191 --a------ c:\windows\psmplay.ini
2008-12-09 15:52 . 2008-12-09 15:53 <DIR> d-------- c:\program files\PSM5
2008-12-09 15:45 . 2008-12-09 16:03 <DIR> d-------- c:\program files\AmazingMIDI
2008-12-09 15:43 . 2003-04-03 12:00 544,768 --a------ c:\windows\system32\vsflex8n.ocx
2008-12-09 15:34 . 2008-12-09 15:34 <DIR> d-------- C:\Aya Software
2008-12-09 15:31 . 2008-12-09 15:32 <DIR> d-------- c:\program files\Common Files\AVSMedia
2008-12-09 15:31 . 2008-12-09 15:32 <DIR> d-------- c:\program files\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31 <DIR> d-------- c:\documents and settings\James\Application Data\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-09 15:31 . 2006-03-03 10:02 658,432 --a------ c:\windows\system32\cc3270mt.dll
2008-12-09 15:25 . 2008-12-09 15:28 <DIR> d-------- c:\documents and settings\James\Application Data\Ringtone
2008-12-08 11:50 . 2008-12-08 11:50 <DIR> d-------- c:\documents and settings\James\Application Data\Leadertech
2008-12-08 11:50 . 2008-12-08 11:50 1,180 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-08 11:38 . 2008-12-08 11:38 <DIR> d-------- c:\program files\EA Games
2008-12-07 15:05 . 2008-12-07 15:05 <DIR> d-------- c:\program files\Real
2008-12-07 15:05 . 2008-12-07 15:05 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-07 15:05 . 2008-12-07 15:05 <DIR> d-------- c:\program files\Common Files\Real
2008-12-07 15:01 . 2008-12-07 15:10 <DIR> d-------- c:\program files\Moyea
2008-12-07 15:01 . 2008-12-07 15:01 <DIR> d-------- c:\documents and settings\James\Application Data\Moyea
2008-12-01 15:00 . 2008-12-01 15:00 <DIR> d-------- C:\.jagex_cache_32
2008-11-21 07:23 . 2008-12-10 13:45 <DIR> d-------- c:\program files\Xfire
2008-11-21 07:23 . 2008-12-11 18:37 <DIR> d-------- c:\documents and settings\James\Application Data\Xfire
2008-11-20 16:08 . 2008-12-08 13:47 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-20 16:08 . 2008-12-08 13:47 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 14:44 . 2008-11-20 14:44 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-19 21:15 . 2008-11-19 21:15 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-11-19 21:15 . 2008-11-20 16:08 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-19 21:15 . 2008-11-19 21:15 22,328 --a------ c:\documents and settings\James\Application Data\PnkBstrK.sys
2008-11-19 21:08 . 2008-11-19 21:08 <DIR> d-------- c:\program files\Activision
2008-11-18 17:56 . 2008-11-18 17:56 <DIR> d-------- c:\program files\Ventrilo
2008-11-18 17:56 . 2008-11-18 17:56 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 05:19 --------- d-----w c:\documents and settings\James\Application Data\uTorrent
2008-12-15 01:46 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 1
2008-12-15 00:54 31 ----a-w c:\documents and settings\James\jagex_runescape_preferences.dat
2008-12-12 01:58 16,694 ----a-w c:\windows\system32\drivers\PalmUSBD.sys
2008-12-11 13:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 13:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 21:10 --------- d-----w c:\documents and settings\James\Application Data\OpenOffice.org2
2008-11-18 23:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-10 03:43 --------- d-----w c:\program files\Bethesda Softworks
2008-11-10 03:43 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-04 01:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-25 14:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-25 14:58 --------- d-----w c:\documents and settings\James\Application Data\Malwarebytes
2008-10-25 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 02:19 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-22 22:27 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:27 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 21:22 --------- d-----w c:\program files\3M
2008-10-22 21:22 --------- d-----w c:\documents and settings\James\Application Data\3M
2008-10-17 02:53 --------- d-----w c:\documents and settings\James\Application Data\Dev-Cpp
2007-06-13 10:23 22,040 -c-h--w c:\documents and settings\James\Application Data\aon.dat
2008-07-19 08:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
.

((((((((((((((((((((((((((((( [email protected]_15.15.35.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 20:07:02 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-15 00:51:46 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-12-14 20:07:02 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-15 00:51:46 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-15 02:43:36 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-15 02:43:36 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2008-12-15 02:43:36 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2008-12-15 02:43:39 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 21:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-12-15 02:43:40 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2008-12-15 02:43:37 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 21:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-12-15 06:59:55 16,384 ----atw c:\windows\temp\Perflib_Perfdata_36c.dat
+ 2008-12-15 06:59:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Gaming Mouse"="c:\program files\Ideazon\Reaper Edge\Tray.exe" [2007-07-18 225280]
"Gaming Mouse Hid"="c:\program files\Ideazon\Reaper Edge\hid.exe" [2007-07-18 237568]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\James\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-09-19 2367488]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-01 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Post-itr Digital Notes.lnk - c:\program files\3M\PDNotes\PDNotes.exe [2006-03-21 6485528]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rapid PHP 2007\\rapidphp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"61951:TCP"= 61951:TCP:*:Disabled:SolidNetworkManager
"61951:UDP"= 61951:UDP:*:Disabled:SolidNetworkManager

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2005-06-01 97920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-30 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-30 20560]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-10-01 2368]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 GamingMsFltr;Ideazon Reaper Edge;c:\windows\system32\drivers\gamingms.sys [2008-12-11 19712]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-11-07 472644]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-12-12 16512]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2007-10-17 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\DRIVERS\qcusbser.sys [2007-10-17 59632]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - k:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc2ce9-8668-11dc-9d1a-0018e7267783}]
\Shell\AutoRun\command - G:\setup.exe /autorun
\Shell\directx\command - g:\directx\dxsetup.exe
\Shell\setup\command - G:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:48]

2008-12-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-15 c:\windows\Tasks\Wireless Configuration Utility HW.job
- c:\progra~1\802~1.11W\80211G~1.00\WlanCU.exe [2006-11-19 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forum.jaswin.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\2etrq3kc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jaswin.net
FF - plugin: c:\documents and settings\James\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 01:00:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
c:\windows\system32\searchindexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-12-15 1:11:01 - machine was rebooted [James]
ComboFix-quarantined-files.txt 2008-12-15 07:10:59
ComboFix2.txt 2008-12-14 21:49:09
ComboFix3.txt 2008-12-14 21:25:31
ComboFix4.txt 2008-12-14 21:16:13

Pre-Run: 217,082,511,360 bytes free
Post-Run: 216,968,536,064 bytes free

288 --- E O F --- 2008-12-12 08:04:24


The cake is a lie....
Bummer Dude

#22 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 01:37 AM

After dealing with those and every other file that was infected I am still having the issue, and I need to access my SD card. It is not the SD card because I have tried other cards and they also do not work, I even tried another Card reader and I was able to access that, but Avast kept popping up and saying there was a virus in the autorun.inf file


Forgot all about that
Can you still do the following

==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc2ce9-8668-11dc-9d1a-0018e7267783}]


Double click on fix.reg and allow to add/merge to the registry at the prompt
You can then delete fix.reg

download Flash_Disinfector and save it to your desktop
  • Double on Flash_Disinfector.exe to run it. If you receive a prompt, please allow it.
  • You will be prompted to plug in your flash drive. Plug it in. If you have more than one, plug them in
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
You will have to run this on each external flash card you have

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

when completed, reboot the computer

See if that helps the situation with the SD cards

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#23 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 01:51 AM

in the reg file, are the J and K supposed to be my card reader drives? because J&K are image drives from nero, my card reader drives r F-I
The cake is a lie....
Bummer Dude

#24 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 02:01 AM

What's your G: drive?
I'll redo the reg script, Not that it would do much harm

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#25 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 02:03 AM

im not sure which one is which other then H is the SD card because it's the only one I use, there is CF, MS, and SM drives; I am assuming G is the MS drive
The cake is a lie....
Bummer Dude

#26 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 02:05 AM

Forget about fix.reg
Go ahead with Flash_Disinfector

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#27 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 02:08 AM

ok, well I did and no help...I had the SD card in and it was taking forever and so I took the SD card out and it immediately said done, I tried it a couple times
The cake is a lie....
Bummer Dude

#28 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 02:18 AM

You may have to try it in safe mode
Are you sure the Card(s) aren't in the locked position
There may be a lock switch to put them into readonly statup

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#29 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 02:21 AM

no, they are not in lock position, how do I boot in safe mode?
The cake is a lie....
Bummer Dude

#30 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 09:37 AM

I cannot access the internet or get the flash disinfector to work still
The cake is a lie....
Bummer Dude

#31 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 12:36 PM

Is it just the one SD card causing the freeze up, or any of them?

Can you run ComboFix on the computer again
I'll need to see it's new log later

You may have to reset Router again
Then do the following
Download
SDFix
Save it to your desktop

Reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

In Safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

Post the report from SDFix and the log from ComboFix

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#32 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 04:01 PM

Here is the Combofix report, and when I try to boot in safe mode it goes to a black screen after choosing safe mode from the menu and has been like that for a good 30 min.

ComboFix 08-12-14.03 - James 2008-12-15 15:39:19.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.737 [GMT -6:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-14 20:43 . 2008-12-14 23:14 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-14 15:40 . 2008-12-14 15:40 293 --a------ C:\boot2.ini
2008-12-14 13:56 . 2008-12-14 13:56 <DIR> d-------- C:\rsit
2008-12-12 23:27 . 2002-07-17 08:05 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-12 03:05 . 2008-12-12 03:05 <DIR> d-------- c:\program files\KAZAA
2008-12-12 03:05 . 2008-12-12 03:05 <DIR> d-------- C:\My Downloads
2008-12-11 20:02 . 2008-12-11 20:02 0 --a------ c:\windows\QuickInstall.INI
2008-12-11 19:59 . 2008-12-12 15:21 <DIR> d-------- c:\program files\palmOne
2008-12-11 19:59 . 2008-12-11 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\HotSync
2008-12-11 19:59 . 2008-12-11 19:58 53,248 --a------ c:\windows\PalmDevC.dll
2008-12-11 19:58 . 2008-12-11 19:58 <DIR> d-------- c:\documents and settings\James\Application Data\HotSync
2008-12-11 19:27 . 2008-12-13 16:42 <DIR> d-------- c:\program files\mp3towav
2008-12-11 19:27 . 1999-09-17 10:56 118,784 --a------ c:\windows\system32\mp3dec.dll
2008-12-11 19:27 . 2001-12-12 10:42 40,960 --a------ c:\windows\system32\MDec.ocx
2008-12-11 19:26 . 2008-12-11 19:26 83 --a------ C:\Mp3FE.m3u
2008-12-11 19:25 . 2004-08-03 16:49 17 --a------ c:\windows\system32\WINSPOOL.WIN
2008-12-11 07:31 . 2008-12-11 07:31 268 --ah----- C:\sqmdata10.sqm
2008-12-11 07:31 . 2008-12-11 07:31 244 --ah----- C:\sqmnoopt10.sqm
2008-12-11 07:28 . 2008-12-11 07:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ideazon
2008-12-11 07:27 . 2008-12-11 07:27 <DIR> d-------- c:\program files\Ideazon
2008-12-11 07:27 . 2007-04-25 01:22 19,712 --a------ c:\windows\system32\drivers\gamingms.sys
2008-12-09 15:53 . 2008-12-09 15:54 1,191 --a------ c:\windows\psmplay.ini
2008-12-09 15:52 . 2008-12-09 15:53 <DIR> d-------- c:\program files\PSM5
2008-12-09 15:45 . 2008-12-09 16:03 <DIR> d-------- c:\program files\AmazingMIDI
2008-12-09 15:43 . 2003-04-03 12:00 544,768 --a------ c:\windows\system32\vsflex8n.ocx
2008-12-09 15:34 . 2008-12-09 15:34 <DIR> d-------- C:\Aya Software
2008-12-09 15:31 . 2008-12-09 15:32 <DIR> d-------- c:\program files\Common Files\AVSMedia
2008-12-09 15:31 . 2008-12-09 15:32 <DIR> d-------- c:\program files\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31 <DIR> d-------- c:\documents and settings\James\Application Data\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-09 15:31 . 2006-03-03 10:02 658,432 --a------ c:\windows\system32\cc3270mt.dll
2008-12-09 15:25 . 2008-12-09 15:28 <DIR> d-------- c:\documents and settings\James\Application Data\Ringtone
2008-12-08 11:50 . 2008-12-08 11:50 <DIR> d-------- c:\documents and settings\James\Application Data\Leadertech
2008-12-08 11:50 . 2008-12-08 11:50 1,180 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-08 11:38 . 2008-12-08 11:38 <DIR> d-------- c:\program files\EA Games
2008-12-07 15:05 . 2008-12-07 15:05 <DIR> d-------- c:\program files\Real
2008-12-07 15:05 . 2008-12-07 15:05 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-07 15:05 . 2008-12-07 15:05 <DIR> d-------- c:\program files\Common Files\Real
2008-12-07 15:01 . 2008-12-07 15:10 <DIR> d-------- c:\program files\Moyea
2008-12-07 15:01 . 2008-12-07 15:01 <DIR> d-------- c:\documents and settings\James\Application Data\Moyea
2008-12-01 15:00 . 2008-12-01 15:00 <DIR> d-------- C:\.jagex_cache_32
2008-11-21 07:23 . 2008-12-10 13:45 <DIR> d-------- c:\program files\Xfire
2008-11-21 07:23 . 2008-12-11 18:37 <DIR> d-------- c:\documents and settings\James\Application Data\Xfire
2008-11-20 16:08 . 2008-12-08 13:47 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-20 16:08 . 2008-12-08 13:47 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 14:44 . 2008-11-20 14:44 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-19 21:15 . 2008-11-19 21:15 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-11-19 21:15 . 2008-11-20 16:08 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-19 21:15 . 2008-11-19 21:15 22,328 --a------ c:\documents and settings\James\Application Data\PnkBstrK.sys
2008-11-19 21:08 . 2008-11-19 21:08 <DIR> d-------- c:\program files\Activision
2008-11-18 17:56 . 2008-11-18 17:56 <DIR> d-------- c:\program files\Ventrilo
2008-11-18 17:56 . 2008-11-18 17:56 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 21:01 --------- d-----w c:\documents and settings\James\Application Data\uTorrent
2008-12-15 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 01:46 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 1
2008-12-15 00:54 31 ----a-w c:\documents and settings\James\jagex_runescape_preferences.dat
2008-12-12 01:58 16,694 ----a-w c:\windows\system32\drivers\PalmUSBD.sys
2008-12-11 13:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 13:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 21:10 --------- d-----w c:\documents and settings\James\Application Data\OpenOffice.org2
2008-11-18 23:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-10 03:43 --------- d-----w c:\program files\Bethesda Softworks
2008-11-10 03:43 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-04 01:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-25 14:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-25 14:58 --------- d-----w c:\documents and settings\James\Application Data\Malwarebytes
2008-10-25 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 02:19 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-22 22:27 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:27 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 21:22 --------- d-----w c:\program files\3M
2008-10-22 21:22 --------- d-----w c:\documents and settings\James\Application Data\3M
2008-10-17 02:53 --------- d-----w c:\documents and settings\James\Application Data\Dev-Cpp
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2007-06-13 10:23 22,040 -c-h--w c:\documents and settings\James\Application Data\aon.dat
2008-07-19 08:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
.

((((((((((((((((((((((((((((( [email protected]_15.15.35.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 20:07:02 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-15 00:51:46 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-12-14 20:07:02 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-15 00:51:46 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-15 02:43:36 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-15 02:43:36 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2008-12-15 02:43:36 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2008-12-15 02:43:39 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 21:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-12-15 02:43:40 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2008-12-15 02:43:37 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 21:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 21:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-12-15 19:58:14 16,384 ----atw c:\windows\temp\Perflib_Perfdata_350.dat
+ 2008-12-15 19:58:14 16,384 ----atw c:\windows\temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-21 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Gaming Mouse"="c:\program files\Ideazon\Reaper Edge\Tray.exe" [2007-07-18 225280]
"Gaming Mouse Hid"="c:\program files\Ideazon\Reaper Edge\hid.exe" [2007-07-18 237568]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\James\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-09-19 2367488]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-01 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Post-itr Digital Notes.lnk - c:\program files\3M\PDNotes\PDNotes.exe [2006-03-21 6485528]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rapid PHP 2007\\rapidphp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"61951:TCP"= 61951:TCP:*:Disabled:SolidNetworkManager
"61951:UDP"= 61951:UDP:*:Disabled:SolidNetworkManager

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2005-06-01 97920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-30 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-30 20560]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-10-01 2368]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 GamingMsFltr;Ideazon Reaper Edge;c:\windows\system32\drivers\gamingms.sys [2008-12-11 19712]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-11-07 472644]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-12-12 16512]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2007-10-17 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\DRIVERS\qcusbser.sys [2007-10-17 59632]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:48]

2008-12-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-15 c:\windows\Tasks\Wireless Configuration Utility HW.job
- c:\progra~1\802~1.11W\80211G~1.00\WlanCU.exe [2006-11-19 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forum.jaswin.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\2etrq3kc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jaswin.net
FF - plugin: c:\documents and settings\James\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 15:42:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
Completion time: 2008-12-15 15:43:53
ComboFix-quarantined-files.txt 2008-12-15 21:43:40
ComboFix2.txt 2008-12-15 07:11:04
ComboFix3.txt 2008-12-14 21:49:09
ComboFix4.txt 2008-12-14 21:25:31
ComboFix5.txt 2008-12-15 21:39:05

Pre-Run: 216,982,634,496 bytes free
Post-Run: 216,973,045,760 bytes free

261 --- E O F --- 2008-12-12 08:04:24


The cake is a lie....
Bummer Dude

#33 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 04:34 PM

Download gmer.zip from here. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder.

before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan

When you have done this, doubleclick on Gmer.exe to run it.

Run a Scan,
When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#34 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 05:45 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-15 17:44:00
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA7404576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA7404432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA7404910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA740400A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA740450C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA7403F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA7403FAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA740462C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA74045EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA740476C]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1632] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00F21B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[952] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[952] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.14 ----


The cake is a lie....
Bummer Dude

#35 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 06:46 PM

Download and save to desktop
RegQuery.exe by Novicate
Double click to run it
In the "Enter Key Name" field
Copy and Paste the following

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

Then click on "Query"
A text file should open, can you copy and paste back here the contents please

Can you also post the whole contents of this file
C:\QooBox\ComboFix-quarantined-files.txt

Edited by guestolo, 15 December 2008 - 06:57 PM.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#36 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 08:35 PM

here is the regquery file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"


and the combofix thing

2008-11-06 21:00:46 A------- 1,851,544 C:\Qoobox\Quarantine\C\DOCUME~1\James\LOCALS~1\Temp\install_flash_player.exe.vir
2008-12-13 08:11:24 A------- 73,738 C:\Qoobox\Quarantine\C\WINDOWS\msnguard.exe.vir
2008-12-13 16:35:06 A------- 88,586 C:\Qoobox\Quarantine\C\Documents and Settings\James\h.exe.vir
2008-12-14 15:11:50 A------- 452 C:\Qoobox\Quarantine\catchme.log
2008-12-14 15:14:56 A------- 7,659 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-12-14 15:15:35 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-12-14 15:15:35 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-12-14 15:15:35 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-12-14 15:15:42 A------- 276 C:\Qoobox\Quarantine\Registry_backups\Notify-AtiExtEvent.reg.dat
2008-12-15 00:57:29 A------- 806 C:\Qoobox\Quarantine\Registry_backups\Legacy_NETSTATS.reg.dat
2008-12-15 00:57:29 A------- 2,790 C:\Qoobox\Quarantine\Registry_backups\Service_netstats.reg.dat



Thanks for all your help so far, but I think it may be getting worse...Before the only issue was the SD card wouldn't load and it would freeze when I tried to play a couple games. Now, my internet won't work, even after resetting the router, it will not boot in safemode, and it's all around slow with everything my computer does...I did however get it in safemode and ran the SDfix but after it restarted it came up with an error and never finished(It said it couldn't load some file, forgot exactly what it said)

I am gonna go ahead and do a system restore to a week before saturday and see if that makes a difference

nvm on the restore, said it couldn't do it because nothing had changed -.-

Edited by Everlasting Death, 15 December 2008 - 08:53 PM.

The cake is a lie....
Bummer Dude

#37 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 09:31 PM

The error message from SDFix may have helped, it's important to post back any error messages

Can you go to the following folder
C:\SDFix

See if there is a report.txt in that folder, if so, post back the contents

Also, do you have any other SD Memory cards?
Have you tried putting into the computer?
Does the computer freeze?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#38 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 09:33 PM

the error said: cannot load vdm ipx/spx support, I will check for the report file once I get the comp restarted...it's honestly taking forever

there was no report.txt file

Edited by Everlasting Death, 15 December 2008 - 09:41 PM.

The cake is a lie....
Bummer Dude

#39 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 December 2008 - 09:44 PM

I've seen a couple users with the same problem running SDFix
What they did, run it, the error message came up, but within 5 minutes the tool began to run
When they left it uninterrupted

Can you try that please

Also, I asked this
do you have any other SD Memory cards
and tried putting into the computer?
Does the computer freeze?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#40 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 15 December 2008 - 09:48 PM

I will try that, and the computer freezes with other SD cards, and I tried my CF card and it freezes also
The cake is a lie....
Bummer Dude