Many different problems...

View previous topic View next topic Go down

Re: Many different problems...

Post by Filbert on 12th September 2009, 5:19 pm

------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Gen-XDM(Games)\Application Data\Mozilla\Firefox\Profiles\b59ir2fc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\documents and settings\Gen-XDM(Games)\Application Data\Mozilla\Firefox\Profiles\b59ir2fc.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-12 10:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-73586283-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,70,bf,89,43,80,00,60,e8,c0,f1,02,43,23,c0,71,92,41,2f,74,a8,e8,9f,
14,2b,7e,1b,d9,a8,8b,d5,70,29,3a,bc,ba,90,56,8d,82,6c,a0,59,f9,99,25,9b,80,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1757981266-73586283-682003330-1005\Software\SecuROM\License information*]
"datasecu"=hex:57,55,ca,37,66,73,a0,1c,6c,fb,05,97,b3,f2,fb,ef,5d,d1,c3,c1,67,
94,24,ee,53,ff,5f,91,ac,e4,a1,84,73,b6,d6,73,ef,9d,b9,d3,36,f7,33,70,f8,05,\
"rkeysecu"=hex:9c,97,c0,28,b2,82,bf,30,cf,c9,48,b5,21,79,88,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Airlink101\AWLL5025\AWLL5025.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-09-12 10:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 17:09
ComboFix2.txt 2009-09-08 02:26

Pre-Run: 89,891,467,264 bytes free
Post-Run: 89,882,140,672 bytes free

320 --- E O F --- 2009-09-09 01:40

Filbert
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-08-26
OS OS : Windows XP
Points Points : 26647
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Many different problems...

Post by Belahzur on 12th September 2009, 11:10 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Many different problems...

Post by Filbert on 13th September 2009, 2:15 am

Great, it's no longer making loud noises when it starts up. Big Grin

Filbert
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-08-26
OS OS : Windows XP
Points Points : 26647
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Many different problems...

Post by Filbert on 13th September 2009, 4:23 pm

^ I take that back ^

It's still making noises on startup, I can't run a virus scan and it wont connect to the internet.

Filbert
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-08-26
OS OS : Windows XP
Points Points : 26647
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Many different problems...

Post by Belahzur on 14th September 2009, 12:09 am

Can you explain better? what does the noise sound like?

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum