Author Topic: cripplecreekranch topic (Read 1999 times)

cripplecreekranch · « **Reply #20 on:** January 15, 2007, 08:01:09 PM »

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:59:36 PM 1/15/2007

+ Scan result:

Nothing found.

::Report end

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-15 16:56:13
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT 81DC51F0 ZwAlertResumeThread
SSDT 81DC52D0 ZwAlertThread
SSDT 81DC5CB0 ZwAllocateVirtualMemory
SSDT 829483F8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 81DC4DD0 ZwCreateMutant
SSDT 81DC5E80 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 81DC5AE0 ZwFreeVirtualMemory
SSDT 81DC4EB0 ZwImpersonateAnonymousToken
SSDT 81DC4F90 ZwImpersonateThread
SSDT 81DD47E0 ZwMapViewOfSection
SSDT 81DC4CF0 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 81DC5DA0 ZwOpenProcessToken
SSDT 81DC5798 ZwOpenThreadToken
SSDT 81DC4C00 ZwQueryValueKey
SSDT 81E12180 ZwResumeThread
SSDT 81DC56B8 ZwSetContextThread
SSDT 81DC5878 ZwSetInformationProcess
SSDT 81DC55D8 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 81DC4B20 ZwSuspendProcess
SSDT 81DC5418 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 81DC54F8 ZwTerminateThread
SSDT 81DC5958 ZwUnmapViewOfSection
SSDT 81DC5BC0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-583907252-1343024091-1417001333-1004$201c4052e551831.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-583907252-1343024091-1417001333-1004$201c4052e551831.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\Stacey\Favorites\COMPUTERS\CDBurnerXP Pro - free burning solution Home - News.url:favicon
ADS C:\Documents and Settings\Stacey\Favorites\COMPUTERS\cripplecreekranch topic - TheTechGuide Forum.url:favicon
ADS C:\Documents and Settings\Stacey\Favorites\EBAY\Negative-Neutral Feedback.url:favicon
ADS C:\Documents and Settings\Stacey\My Documents\dloaded stuff\instmsiw.exe:SummaryInformation
ADS C:\Documents and Settings\Stacey\My Documents\dloaded stuff\instmsiw.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP363\A0034334.exe:SummaryInformation
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP363\A0034334.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP364\A0034336.exe:SummaryInformation
ADS C:\System Volume Information\_restore{15C536BB-69E9-499C-9D8C-509F34A73B4F}\RP364\A0034336.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...

---- EOF - GMER 1.0.12 ----

guestolo · « **Reply #21 on:** January 19, 2007, 12:28:55 AM »

I'm not sure what's happening on your end
Have you tried booting to safe mode and see if the problem persists
I guess it probably wouldn't but just check it out

Afterwards, let's try some troubleshooting

Go to start>>run>>type in msconfig
Hit OK
Under the STARTUP tab>>DISABLE ALL>>APPLY it
Under the SERVICES tab>>Put a check in "hide all Microsoft services" and then click DISABLE all>>APPLY it and click CLOSE
DON'T reboot the computer at the prompt

Go to start>>all programs>>accessories>>System tools>>Scheduled tasks
RIGHT click each sceduled task and select PROPERTIES
Under the TASK tab uncheck ENABLED and then APPLY it
Do that for each scheduled task

Shut down the computer

Disconnect from the Internet Physically by unplugging the cable
Restart back to Normal windows,
Do you still get the CD spinning up?

cripplecreekranch · « **Reply #22 on:** January 21, 2007, 09:56:42 AM »

sigh.....the cd is still comming on. I thought that maybe it had worked, it might be my imagination, but I think it is comming on less often.

sigh.....the cd is still comming on. I thought that maybe it had worked, it might be my imagination, but I think it is comming on less often.

It didn\'t come on in safe mode

cripplecreekranch · « **Reply #23 on:** February 13, 2007, 01:08:37 PM »

Hello, anybody still here??

guestolo · « **Reply #24 on:** February 14, 2007, 12:00:31 AM »

Sorry, I'm out of ideas
One more thought
Just by chance
Can you try the following
Download ASPIcheck.exe
Save it too desktop
Double click on it, Is ASPI working properly? What version no's does each file have beside it?

Have you tried disabling AUTOPLAY?
,You could try a new cd player if nothing else works

cripplecreekranch · « **Reply #25 on:** February 14, 2007, 01:11:11 PM »

Sorry, I just thought I had been lost in the shuffle. Didn't know you ran out of idea's.

I turned off auto play and it still comes on

ASPI32.SYS 4.71.1
WOWPOST.EXE 4.6 (1021)
WINASPI.DLL 4.6 (1021)
WNASPI32.DLL 4.71.1

Well, that's it then. Thank you so much for the time you put in with me.

leetne55 · « **Reply #26 on:** November 11, 2007, 03:49:47 AM »

if you havin probs, i suggest just buy a new cd and floppy drive and take out the old ones and put in the new ones

JB Lee · « **Reply #27 on:** November 11, 2007, 04:06:08 AM »

Please don't gravedig. This topic is 9 months old. I'm going to go ahead and close this.

News:

Author Topic: cripplecreekranch topic (Read 1999 times)