Infected and can't get on Internet

View previous topic View next topic Go down

Re: Infected and can't get on Internet

Post by Crush on Mon Jan 24, 2011 12:37 am

Hi,

Please read carefully and let me know if you have any questions.

We need to backup your registry:
Please go to Start > Run
Paste in the following line:
    regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass. *Note: You will find "registrybackup.reg" in your C: drive.

Next

Please Download
beep.sys
Save it to your desktop.

  • extract beep.sys to your Desktop
      Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here - [You must be registered and logged in to see this link.]



  • Right click on the beep.sys file and select Copy. Now it's on the clipboard. Ready to be paste.
  • Click on the main hard drive, which is normally designated as the "(C:)" drive.
  • Click Show hidden files and folders. Click on the "Windows" system folder.
  • Scroll down to the "System32" folder, and click on it to open it.
  • Right click on a empty space and select Paste. This will copy the beep.sys file into the System32 folder. Exit out.


To make sure the beep.sys is working. Click on Start, then Run and typing cmd.exe in the text box and click OK. In the Command Prompt window, type echo, then hold down the Ctrl key and type G, then release Ctrl and press Enter. Listen for a beep sound. Let me know?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Ayden08 on Mon Jan 24, 2011 7:14 pm

Says:
'echo' is not recognized as an internal or external command, operable program or batch file.

Ayden08
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-01-24
OS OS : XP
Points Points : 21708
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Mon Jan 24, 2011 7:19 pm

Sorry that last post was made from my friends acct. Her computer isnt working either and my laptop is the only one that can get on the internet lol.

but sorry bout that, I thought I was logged into my acct.

becca21669
Intermediate
Intermediate

Posts Posts : 131
Joined Joined : 2009-12-10
Gender Gender : Female
OS OS : Win 8.1 Enterprise 64-bit
Protection Protection : Avast/Malwarebytes Anti-Malware PRO
Points Points : 27271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Mon Jan 24, 2011 9:16 pm

Did it beep? I get the same message but the beep is what is important

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Mon Jan 24, 2011 9:35 pm

I dont have any speakers hooked up to it if that matters but no, no beep.

becca21669
Intermediate
Intermediate

Posts Posts : 131
Joined Joined : 2009-12-10
Gender Gender : Female
OS OS : Win 8.1 Enterprise 64-bit
Protection Protection : Avast/Malwarebytes Anti-Malware PRO
Points Points : 27271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Mon Jan 24, 2011 11:32 pm

Alright. I'll get back to you

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Tue Jan 25, 2011 2:31 am

Hi Smile

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[list]
[*]Double-click SystemLook.exe to run it.
[*]Copy the content of the following codebox into the main textfield:
Code:

:filefind
beep.sys

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Tue Jan 25, 2011 6:13 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 09:09 on 25/01/2011 by mindy
Administrator - Elevation successful

========== filefind ==========

Searching for "beep.sys"
C:\Documents and Settings\mindy\Desktop\beep.sys --a--c- 4224 bytes [18:08 24/01/2011] [14:00 14/04/2008] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\beep.sys --a--c- 4224 bytes [18:08 24/01/2011] [14:00 14/04/2008] DA1F27D85E0D1525F6621372E7B685E9

-= EOF =-

becca21669
Intermediate
Intermediate

Posts Posts : 131
Joined Joined : 2009-12-10
Gender Gender : Female
OS OS : Win 8.1 Enterprise 64-bit
Protection Protection : Avast/Malwarebytes Anti-Malware PRO
Points Points : 27271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Wed Jan 26, 2011 7:22 am

Thanks for that log. I'm currently consulting with my colleagues. I'll be back to you asap

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Wed Jan 26, 2011 5:50 pm

Alright, no prob. Thanks.

becca21669
Intermediate
Intermediate

Posts Posts : 131
Joined Joined : 2009-12-10
Gender Gender : Female
OS OS : Win 8.1 Enterprise 64-bit
Protection Protection : Avast/Malwarebytes Anti-Malware PRO
Points Points : 27271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Fri Jan 28, 2011 7:11 pm

Hi becca,

Sorry for the delay

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\program files\Common Files\ohixyz.vbs
    c:\program files\Common Files\ifuh.dll

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Shzaek"=-

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Fri Jan 28, 2011 10:26 pm

ComboFix 11-01-28.01 - mindy 01/28/2011 13:02:48.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.117 [GMT -8:00]
Running from: c:\documents and settings\mindy\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\mindy\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\Common Files\ifuh.dll"
"c:\program files\Common Files\ohixyz.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\ifuh.dll
c:\program files\Common Files\ohixyz.vbs

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\beep.sys
2011-01-24 18:05 . 2011-01-24 18:05 85613654 -c--a-w- C:\registrybackup.reg
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[7] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2011-01-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-28 13:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-28 13:13:21
ComboFix-quarantined-files.txt 2011-01-28 21:13
ComboFix2.txt 2011-01-23 00:48
ComboFix3.txt 2011-01-22 14:22
ComboFix4.txt 2011-01-21 17:24
ComboFix5.txt 2011-01-28 20:49

Pre-Run: 13,933,899,776 bytes free
Post-Run: 13,931,413,504 bytes free

- - End Of File - - 014A7810316DF2E6A7E573AB6FB7A719

becca21669
Intermediate
Intermediate

Posts Posts : 131
Joined Joined : 2009-12-10
Gender Gender : Female
OS OS : Win 8.1 Enterprise 64-bit
Protection Protection : Avast/Malwarebytes Anti-Malware PRO
Points Points : 27271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Sat Jan 29, 2011 12:26 am

Aha! Now I see the problem. beep.sys is in System32. It needs to be one more level down in:

c:\windows\System32\drivers\

can you copy it there please?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Wed Feb 09, 2011 7:11 pm

Alright I copied it there.

becca21669
Intermediate
Intermediate

Posts Posts : 131
Joined Joined : 2009-12-10
Gender Gender : Female
OS OS : Win 8.1 Enterprise 64-bit
Protection Protection : Avast/Malwarebytes Anti-Malware PRO
Points Points : 27271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Wed Feb 09, 2011 8:38 pm

Run ComboFix once more now please

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Wed Feb 09, 2011 11:53 pm

ComboFix 11-02-09.02 - mindy 02/09/2011 13:13:54.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.17 [GMT -8:00]
Running from: c:\documents and settings\mindy\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\drivers\beep.sys
2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2011-01-24 18:05 . 2011-01-24 18:05 85613654 -c--a-w- C:\registrybackup.reg
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2011-02-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-02-09 13:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1556)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-09 13:24:38
ComboFix-quarantined-files.txt 2011-02-09 21:24
ComboFix2.txt 2011-01-28 21:13
ComboFix3.txt 2011-01-23 00:48
ComboFix4.txt 2011-01-22 14:22
ComboFix5.txt 2011-02-09 21:10

Pre-Run: 13,901,283,328 bytes free
Post-Run: 13,896,970,240 bytes free

- - End Of File - - 162363D7580191163945BFB162765772

becca21669
Intermediate
Intermediate

Posts Posts : 131
Joined Joined : 2009-12-10
Gender Gender : Female
OS OS : Win 8.1 Enterprise 64-bit
Protection Protection : Avast/Malwarebytes Anti-Malware PRO
Points Points : 27271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Thu Feb 10, 2011 1:08 am

Awesome. Beep.sys is back in its proper location. How is the machine running?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Tue Feb 15, 2011 12:01 am

It's running the same...cant seem to get on the internet and it's slow

becca21669
Intermediate
Intermediate

Posts Posts : 131
Joined Joined : 2009-12-10
Gender Gender : Female
OS OS : Win 8.1 Enterprise 64-bit
Protection Protection : Avast/Malwarebytes Anti-Malware PRO
Points Points : 27271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Tue Feb 15, 2011 3:00 am

Slowness can be attributed to the lack of RAM in this machine. You barely have 512 MB.

Are you connecting wired or wireless? Have you been able to get on the internet and are just disconnected?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42088
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum