Active Possibility of a Trojan on my cameras SD card...

[Active] Possibility of a Trojan on my cameras SD card...

Hi everyone,
I have a problem with a trojan or something possible harmful that could have jumped from my dads computer and onto my SD mem card. My dad had about 30 trojans on his computer, RIDICULOUS! It then hid files on my camera card... I deleted it with Avast and it should not be on there anymore but there is a possibility it could be there still. How do I scan it without having it go onto my computer. Should I not open the card at all and the right click on the SD card and scan with an antivirus or malware program?

Cheers,
James

 

As long as you close any Autorun that may open when you insert the card into your computer
You can safely right click and scan the card with your updated Antivirus software
And I'd also recommend free Malwarebytes updated scan on it as well (plus a quick scan on the computer hard drive as well)
Note: Malwarebytes only requires a Quick updated scan, on your computer

 

Cheers mate!

So is the autorun when i put the card in and it asks how i want to open the card, and in what program I want to open the photos in? I just close that straight away right?

 

Please read from here and follow the instructions and post the logs.

 

well the autorun.inf file is now on my computer...

INF/Autorun.H

the folder is called autorun.inf
I can see it but when I open it in Notepad 'access denied'. This is so annoying.

 

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/09/2009 5:23:48 p.m.
System Uptime: 2/04/2010 10:57:40 p.m. (-1367 hours ago)

Motherboard: Acer | | JV50PU
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket S1G2 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 161.249 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer Backup Manager
Acer Bio Protection
Acer Crystal Eye webcam Ver:1.1.74.216
Acer ePower Management
Acer GridVista
Acer ScreenSaver
Acrobat.com
Active@ KillDisk FREE Suite
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Airport Mania First Flight
AMD USB Audio Driver Filter
Any Video Converter 2.7.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
µTorrent
AuthenTec Fingerprint Sensor Minimum Install
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Backup Manager Basic
Bonjour
Broadcom Gigabit NetLink Controller
C:\Program Files\Acer GameZone\GameConsole
Cake Mania 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Cooking Dash
Cradle of Rome
Dairy Dash
Dream Day Honeymoon
EASEUS Todo Backup 1.0
Fingerprint Solution
Galapago
GoodSync
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Huawei ADSL USB Modem
iTunes
Java(TM) 6 Update 17
Jewel Quest Solitaire
Junk Mail filter update
Launch Manager
Luxor 2
Mahjong Escape Ancient China
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Ocean Express
Parking Dash
Puzzle Express
QuickTime
Rainbow Web
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Safari
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Tradewinds 2
Tri-Peaks Solitaire To Go
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
Wedding Dash
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

4/02/2010 11:00:23 p.m., Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
4/02/2010 10:58:32 p.m., Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/02/2010 11:52:39 p.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/02/2010 11:52:38 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/02/2010 11:52:38 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr ssmdrv tdx Wanarpv6
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/02/2010 11:52:27 p.m., Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/02/2010 11:52:04 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/02/2010 11:52:04 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/02/2010 11:52:04 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/02/2010 11:52:00 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/02/2010 11:51:50 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/02/2010 10:32:11 a.m., Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/02/2010 10:25:40 p.m., Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -86481 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.197.32:123) is working properly.

==== End Of File ===========================

 

DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Spiderpug at 23:26:49.77 on Thu 04/02/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.64.1033.18.3197.1931 [GMT 13:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
c:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
c:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\Users\SPIDER~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Spiderpug\Desktop\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0909&m=aspire_5536
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0909&m=aspire_5536
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0909&m=aspire_5536
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&s=2&o=vp32&d=0909&m=aspire_5536
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = alb-cache.massey.ac.nz:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\spider~1\appdata\roaming\mozilla\firefox\profiles\u2cx9lwo.default\
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - prefs.js: network.proxy.http - alb-cache.massey.ac.nz
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-7-11 42608]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-9-28 27016]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-9-28 21896]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-1 11608]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-16 74480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-1 56816]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-10 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-10 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-10 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-28 306736]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-9-28 123784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-16 7408]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-9-27 22072]
R4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-1 108289]
R4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-1 185089]
R4 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-9-27 75048]
R4 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-27 723488]
R4 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
R4 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-2-19 3440128]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-12 61184]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-24 144632]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-16 9968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-27 29472]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-9-28 15240]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-24 50424]

=============== Created Last 30 ================

2010-02-03 10:30:51 0 d-----w- C:\autorun.inf
2010-02-03 10:30:37 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-03 10:22:40 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-03 10:22:35 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-03 10:22:34 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-03 10:19:58 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-02-03 10:19:43 834048 ----a-w- c:\windows\system32\wininet.dll
2010-02-03 10:19:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-02-03 10:19:27 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-02-03 10:19:26 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-02-03 10:19:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-02-03 10:18:25 243712 ----a-w- c:\windows\system32\rastls.dll
2010-02-03 10:18:21 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-02-03 10:18:21 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-02-03 10:08:58 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-02-02 21:38:05 0 d-----w- c:\program files\iPod
2010-02-02 21:38:00 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-02-03 08:55:21 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-19 04:00:19 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-19 04:00:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-19 04:00:17 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-30 02:45:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sh--w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-30 23:12:07 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-09-30 23:12:07 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-30 23:12:07 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 23:27:53.64 ===============

 

Did you download MBA-M as suggested earlier? I would do that, then insert the card and then do a Full scan with MBA-M.

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

==

I would also be formatting the SD card .

 

Malwarebytes log

Malwarebytes' Anti-Malware 1.44
Database version: 3687
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/02/2010 8:26:50 p.m.
mbam-log-2010-02-05 (20-26-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 231921
Time elapsed: 1 hour(s), 15 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Spiderpug>e:

E:\>dir e:\ /a/w
Volume in drive E has no label.
Volume Serial Number is 0000-0000

Directory of e:\

[DCIM] [.Trashes] Autorun.inf [Autorun]
0 File(s) 0 bytes
2 Dir(s) 327,680 bytes free

E:\>





^
^
This is something like what CMD came up with when i typed in 'dir e:\ /a/w' after following these instructions,
http://techblissonline.com/remove-autorun-virus/

Then I found the .Trashes file on my SD card and right clicked and deleted it, I could not find it in the recycle bin, and when I type in 'dir e:\ /a/w' now it comes up with,

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Spiderpug>e:

E:\>dir e:\ /a/w
Volume in drive E has no label.
Volume Serial Number is 0000-0000

Directory of e:\

[DCIM] [.Trashes]
0 File(s) 0 bytes
2 Dir(s) 327,680 bytes free

E:\>




Have I deleted it or is it just hidden itself?

 

How can I send you a screenshot? I have one of my SD card.

I had my card on protective setting and when ever I put it in the Mem card avira would constantly say autorun.inf IND/Autorun.H detected, i would click deleted and a new window would come up from avira on the same thing over and over...

I took my SD off protected setting and clicked on the .trashes file with the autorun.inf file in it, nothing was in there.

Now strange things are happening, I went to upload the screenshot to my photobucket and when I clicked on desktop it comes up with 'spiderpug' (my files), 'my computer', 'network', and 'public'.

Files are being hidden randomly all over the place, I could strangle the person who made this virus!

 

Honestly, the best way I believe to sort this, is to simply format the SD card. Just right click and select.
Is there anything on there you need?

 

Yes, I have photos on my SD card that haven't even been saved to anything. I would be stuffed if I format it.
And what about my computer, that has autorun on it also.

 

Thats quite a good idea. I can see the photos when I put the SD card in normally, but whether thats more risky I don't know.

I have no idea how to get the autorun.inf off my computer though, I've tried alot of methods of getting rid of it manually and it never works. I cannot access safe mode also...? It stops loading at storport.sys when its loading all the files or whatever they are and then goes to the safemode mouse on a black screen and then restarts the computer in normal mode?

 

PeteC's suggestion is a sound one . A full format is definitely the thing to do, too.

 

Kimsland...

How do you close the autorun that may run?

 

Try M$'s way of doing it;

http://support.microsoft.com/kb/967715