Internet Stops Working
Stops working after short time maybe half an hour. It will not respond to restart and requires cold starting. Holding down the off button.
Any ideas please can you help.
Any ideas please can you help.
0
Comments
To get help for your problem, please follow the instructions here and post back with the requested logs:
http://icrontic.com/forum/showthread.php?t=43902
My internet stops working after a while, maybe half an hour. The computer will not shut down or restart through the normal process. I have to do an shut down by holding down the power button. I have scanned for virus's and done a system but the problem seems to return.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:00, on 16/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Battleship%20-%20Fleet%20Command/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 5795 bytes
Please go HERE to run Panda ActiveScan 2.0
- Click the big green Scan now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- Once the scan is completed, please hit the notepad icon next to the text Export to:
- Save it to a convenient location such as your Desktop
- Post the contents of the ActiveScan.txt in your next reply
.Let's see if this turns out clean - if it does, then your problem is not caused by malware but rather something else which we will have to find out.
Many thanks.
Please see bellow.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-03-17 09:03:32
PROTECTIONS: 3
MALWARE: 20
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ZoneAlarm Anti-Spyware 8.0.065.000 No No
Spybot - Search and Destroy 1.0.0.6 No No
Windows Defender 1.1.1505.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@atdmt[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@mediaplex[2].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@sexlist[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.yieldmanager[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@888[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@advertising[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@zedo[1].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@int.sitestat[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@int.sitestat[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adultfriendfinder[1].txt
01895148 Malicious Packer SecRisk No 0 Yes No C:\Users\Owner\AppData\Local\Temp\bis32C6.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\ProgramData\Build Roam Readme\save browse road.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\ProgramData\Build Roam Readme\kicryaqc.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\ProgramData\Admin Inter 1 Mags\bib math.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\Users\Owner\AppData\Local\Temp\minime.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location �Ɩ�
39
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �Ɩ�
39
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Download Lop S&D < here
Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Thanks again.
\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A16
USER : Owner ( Administrator )
BOOT : Normal boot
Firewall : ZoneAlarm Firewall 8.0.065.000 (Not Activated)
C:\ (Local Disk) - NTFS - Total:295 Go (Free:239 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 17/03/2009|17:29 )
[ UAC => 0 ]
\\ Listing folders in Local
[21/02/2009|13:48] C:\Users\Owner\AppData\Local\Adobe
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\Application Data
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\d3d9caps.dat
[12/03/2009|22:28] C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[26/02/2009|19:43] C:\Users\Owner\AppData\Local\DFX
[19/02/2009|20:14] C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\History
[17/03/2009|00:49] C:\Users\Owner\AppData\Local\IconCache.db
[24/02/2009|22:23] C:\Users\Owner\AppData\Local\Microsoft
[03/03/2009|18:01] C:\Users\Owner\AppData\Local\Microsoft Games
[11/03/2009|18:11] C:\Users\Owner\AppData\Local\Mozilla
[23/02/2009|16:20] C:\Users\Owner\AppData\Local\nos
[17/03/2009|17:28] C:\Users\Owner\AppData\Local\Temp
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\Temporary Internet Files
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\VirtualStore
[19/02/2009|19:48] C:\Users\Owner\AppData\Local\WindowsUpdate
\\ Scheduled Tasks located in C:\Windows\Tasks
[17/03/2009 00:50] C:\Windows\tasks\SA.DAT
[17/03/2009 00:49] C:\Windows\tasks\SCHEDLGU.TXT
\\ Listing Folders in C:\ProgramData
[12/03/2009|00:02] C:\ProgramData\Admin Inter 1 Mags
[19/02/2009|20:33] C:\ProgramData\Adobe
[02/11/2006|13:02] C:\ProgramData\Application Data
[17/03/2009|09:12] C:\ProgramData\avg8
[20/02/2009|18:54] C:\ProgramData\AVS4YOU
[19/02/2009|21:48] C:\ProgramData\Azureus
[12/03/2009|00:02] C:\ProgramData\Bird Proc Deaf.fak68
[12/03/2009|00:02] C:\ProgramData\Build Roam Readme
[12/03/2009|00:01] C:\ProgramData\Cashaboutabout.ryz9wr
[12/03/2009|00:01] C:\ProgramData\Cashaboutabout.urxm9b
[23/02/2009|16:02] C:\ProgramData\CheckPoint
[02/11/2006|13:02] C:\ProgramData\Desktop
[26/02/2009|19:42] C:\ProgramData\DFX
[02/11/2006|13:02] C:\ProgramData\Documents
[02/11/2006|13:02] C:\ProgramData\Favorites
[23/02/2009|18:50] C:\ProgramData\Macrium
[19/02/2009|18:54] C:\ProgramData\Maxtor
[08/03/2009|19:16] C:\ProgramData\Microsoft
[19/02/2009|20:32] C:\ProgramData\NOS
[16/03/2009|13:33] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:02] C:\ProgramData\Start Menu
[12/03/2009|00:34] C:\ProgramData\TEMP
[02/11/2006|13:02] C:\ProgramData\Templates
[15/03/2009|19:31] C:\ProgramData\vsosdk
[26/02/2009|19:54] C:\ProgramData\Zylom
\\ Listing Folders in C:\Program Files
[16/03/2009|16:03] C:\Program Files\7-Zip
[19/02/2009|22:21] C:\Program Files\AC3Filter
[23/02/2009|16:20] C:\Program Files\Adobe
[16/03/2009|14:05] C:\Program Files\AVG
[20/02/2009|18:54] C:\Program Files\AVS4YOU
[12/03/2009|00:01] C:\Program Files\Build Roam Readme
[26/02/2009|19:42] C:\Program Files\Common Files
[19/02/2009|16:15] C:\Program Files\Dell
[16/03/2009|13:33] C:\Program Files\DellTPad
[26/02/2009|19:45] C:\Program Files\DFX
[23/02/2009|16:20] C:\Program Files\DivX
[23/02/2009|16:20] C:\Program Files\InstallShield Installation Information
[28/01/2009|17:56] C:\Program Files\Intel
[23/02/2009|16:20] C:\Program Files\Internet Explorer
[16/03/2009|15:51] C:\Program Files\Java
[23/02/2009|16:20] C:\Program Files\K-Lite Codec Pack
[23/02/2009|18:37] C:\Program Files\Macrium
[23/02/2009|16:20] C:\Program Files\Marvell
[23/02/2009|16:20] C:\Program Files\Maxtor
[19/02/2009|19:44] C:\Program Files\Microsoft ActiveSync
[23/02/2009|16:20] C:\Program Files\Microsoft Games
[23/02/2009|16:20] C:\Program Files\Microsoft Office
[23/02/2009|16:20] C:\Program Files\Microsoft.NET
[23/02/2009|16:20] C:\Program Files\Movie Maker
[17/03/2009|00:45] C:\Program Files\Mozilla Firefox
[23/02/2009|16:20] C:\Program Files\MSBuild
[19/02/2009|20:07] C:\Program Files\MSXML 4.0
[23/02/2009|16:20] C:\Program Files\NOS
[17/03/2009|08:05] C:\Program Files\Panda Security
[23/02/2009|16:20] C:\Program Files\Reference Assemblies
[19/02/2009|18:11] C:\Program Files\SigmaTel
[17/03/2009|09:10] C:\Program Files\Spybot - Search & Destroy
[02/11/2006|13:01] C:\Program Files\Uninstall Information
[23/02/2009|16:20] C:\Program Files\VideoLAN
[23/02/2009|16:20] C:\Program Files\VSO
[05/03/2009|18:03] C:\Program Files\Vuze
[23/02/2009|16:20] C:\Program Files\Windows Calendar
[23/02/2009|16:20] C:\Program Files\Windows Collaboration
[16/03/2009|13:33] C:\Program Files\Windows Defender
[23/02/2009|16:20] C:\Program Files\Windows Journal
[11/03/2009|21:06] C:\Program Files\Windows Mail
[16/03/2009|13:33] C:\Program Files\Windows Media Player
[23/02/2009|16:20] C:\Program Files\Windows NT
[16/03/2009|13:33] C:\Program Files\Windows Photo Gallery
[23/02/2009|16:20] C:\Program Files\Windows Sidebar
[23/02/2009|16:20] C:\Program Files\WinRAR
[16/03/2009|13:33] C:\Program Files\Zone Labs
[13/03/2009|23:53] C:\Program Files\Zylom Games
\\ Listing Folders in C:\Program Files\Common Files
[23/02/2009|16:20] C:\Program Files\Common Files\Adobe
[23/02/2009|16:20] C:\Program Files\Common Files\Adobe AIR
[20/02/2009|18:53] C:\Program Files\Common Files\AVSMedia
[19/02/2009|19:44] C:\Program Files\Common Files\DESIGNER
[26/02/2009|19:42] C:\Program Files\Common Files\DFX
[19/02/2009|21:43] C:\Program Files\Common Files\i4j_jres
[23/02/2009|16:20] C:\Program Files\Common Files\InstallShield
[23/02/2009|16:20] C:\Program Files\Common Files\microsoft shared
[19/02/2009|22:22] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|11:18] C:\Program Files\Common Files\Services
[23/02/2009|16:20] C:\Program Files\Common Files\SpeechEngines
[23/02/2009|16:20] C:\Program Files\Common Files\System
\\ Process
( 67 Processes )
iexplore.exe ~ [PID:5596]
\\ Searching with S_Lop
C:\ProgramData\Bird Proc Deaf.fak68
C:\ProgramData\Cashaboutabout.ryz9wr
C:\ProgramData\Cashaboutabout.urxm9b
\\ Searching for Lop Files - Folders
C:\ProgramData\Admin Inter 1 Mags
C:\ProgramData\Admin Inter 1 Mags\bib math.dat
C:\ProgramData\Admin Inter 1 Mags\bib math.exe
\\ Searching within the Registry
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
\\ Checking the Hosts file
Hosts file CLEAN
\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 17:30:17
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
\\ Searching for other infections
No other infections found !
[F:8][D:30]-> C:\Users\Owner\AppData\Local\Temp
[F:6][D:0]-> C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\Cookies
[F:88][D:5]-> C:\Users\Owner\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 17/03/2009|17:31 - Option : [1]
\\ Scan completed at 17:31:02
[ UAC => 1 ]
Now please double-click Lop S&D.exe
Choose the language, then choose Option 3 (Fix - Hosts)
Wait till the end of the scan.
Post the log which is created: (%SystemDrive%\lopR.txt)
Also run a new scan with Panda ActiveScan, and post the new log.
Cheers. With or without Disabling resident protections?
\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A16
USER : Owner ( Administrator )
BOOT : Normal boot
Firewall : ZoneAlarm Firewall 8.0.065.000 (Not Activated)
C:\ (Local Disk) - NTFS - Total:295 Go (Free:236 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [3] ( 18/03/2009|18:20 )
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
Deleted! - C:\ProgramData\Admin Inter 1 Mags\bib math.dat
Deleted! - C:\ProgramData\Admin Inter 1 Mags\bib math.exe
Deleted! - C:\ProgramData\Bird Proc Deaf.fak68
Deleted! - C:\ProgramData\Cashaboutabout.ryz9wr
Deleted! - C:\ProgramData\Cashaboutabout.urxm9b
Deleted! - C:\ProgramData\Admin Inter 1 Mags
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\ Listing folders in Local
[21/02/2009|13:48] C:\Users\Owner\AppData\Local\Adobe
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\Application Data
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\d3d9caps.dat
[18/03/2009|01:57] C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[26/02/2009|19:43] C:\Users\Owner\AppData\Local\DFX
[19/02/2009|20:14] C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\History
[18/03/2009|02:20] C:\Users\Owner\AppData\Local\IconCache.db
[24/02/2009|22:23] C:\Users\Owner\AppData\Local\Microsoft
[03/03/2009|18:01] C:\Users\Owner\AppData\Local\Microsoft Games
[11/03/2009|18:11] C:\Users\Owner\AppData\Local\Mozilla
[23/02/2009|16:20] C:\Users\Owner\AppData\Local\nos
[18/03/2009|18:20] C:\Users\Owner\AppData\Local\Temp
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\Temporary Internet Files
[28/01/2009|17:54] C:\Users\Owner\AppData\Local\VirtualStore
[19/02/2009|19:48] C:\Users\Owner\AppData\Local\WindowsUpdate
\\ Scheduled Tasks located in C:\Windows\Tasks
[18/03/2009 09:07] C:\Windows\tasks\SA.DAT
[18/03/2009 02:20] C:\Windows\tasks\SCHEDLGU.TXT
\\ Listing Folders in C:\ProgramData
[19/02/2009|20:33] C:\ProgramData\Adobe
[02/11/2006|13:02] C:\ProgramData\Application Data
[17/03/2009|09:12] C:\ProgramData\avg8
[20/02/2009|18:54] C:\ProgramData\AVS4YOU
[19/02/2009|21:48] C:\ProgramData\Azureus
[12/03/2009|00:02] C:\ProgramData\Build Roam Readme
[23/02/2009|16:02] C:\ProgramData\CheckPoint
[02/11/2006|13:02] C:\ProgramData\Desktop
[26/02/2009|19:42] C:\ProgramData\DFX
[02/11/2006|13:02] C:\ProgramData\Documents
[02/11/2006|13:02] C:\ProgramData\Favorites
[23/02/2009|18:50] C:\ProgramData\Macrium
[19/02/2009|18:54] C:\ProgramData\Maxtor
[08/03/2009|19:16] C:\ProgramData\Microsoft
[19/02/2009|20:32] C:\ProgramData\NOS
[16/03/2009|13:33] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:02] C:\ProgramData\Start Menu
[12/03/2009|00:34] C:\ProgramData\TEMP
[02/11/2006|13:02] C:\ProgramData\Templates
[15/03/2009|19:31] C:\ProgramData\vsosdk
[26/02/2009|19:54] C:\ProgramData\Zylom
\\ Listing Folders in C:\Program Files
[16/03/2009|16:03] C:\Program Files\7-Zip
[19/02/2009|22:21] C:\Program Files\AC3Filter
[23/02/2009|16:20] C:\Program Files\Adobe
[16/03/2009|14:05] C:\Program Files\AVG
[20/02/2009|18:54] C:\Program Files\AVS4YOU
[12/03/2009|00:01] C:\Program Files\Build Roam Readme
[26/02/2009|19:42] C:\Program Files\Common Files
[19/02/2009|16:15] C:\Program Files\Dell
[16/03/2009|13:33] C:\Program Files\DellTPad
[26/02/2009|19:45] C:\Program Files\DFX
[23/02/2009|16:20] C:\Program Files\DivX
[23/02/2009|16:20] C:\Program Files\InstallShield Installation Information
[28/01/2009|17:56] C:\Program Files\Intel
[23/02/2009|16:20] C:\Program Files\Internet Explorer
[16/03/2009|15:51] C:\Program Files\Java
[23/02/2009|16:20] C:\Program Files\K-Lite Codec Pack
[23/02/2009|18:37] C:\Program Files\Macrium
[23/02/2009|16:20] C:\Program Files\Marvell
[23/02/2009|16:20] C:\Program Files\Maxtor
[19/02/2009|19:44] C:\Program Files\Microsoft ActiveSync
[23/02/2009|16:20] C:\Program Files\Microsoft Games
[23/02/2009|16:20] C:\Program Files\Microsoft Office
[23/02/2009|16:20] C:\Program Files\Microsoft.NET
[23/02/2009|16:20] C:\Program Files\Movie Maker
[17/03/2009|00:45] C:\Program Files\Mozilla Firefox
[23/02/2009|16:20] C:\Program Files\MSBuild
[19/02/2009|20:07] C:\Program Files\MSXML 4.0
[23/02/2009|16:20] C:\Program Files\NOS
[17/03/2009|08:05] C:\Program Files\Panda Security
[23/02/2009|16:20] C:\Program Files\Reference Assemblies
[19/02/2009|18:11] C:\Program Files\SigmaTel
[17/03/2009|17:35] C:\Program Files\Spybot - Search & Destroy
[02/11/2006|13:01] C:\Program Files\Uninstall Information
[23/02/2009|16:20] C:\Program Files\VideoLAN
[23/02/2009|16:20] C:\Program Files\VSO
[05/03/2009|18:03] C:\Program Files\Vuze
[23/02/2009|16:20] C:\Program Files\Windows Calendar
[23/02/2009|16:20] C:\Program Files\Windows Collaboration
[16/03/2009|13:33] C:\Program Files\Windows Defender
[23/02/2009|16:20] C:\Program Files\Windows Journal
[11/03/2009|21:06] C:\Program Files\Windows Mail
[16/03/2009|13:33] C:\Program Files\Windows Media Player
[23/02/2009|16:20] C:\Program Files\Windows NT
[16/03/2009|13:33] C:\Program Files\Windows Photo Gallery
[23/02/2009|16:20] C:\Program Files\Windows Sidebar
[23/02/2009|16:20] C:\Program Files\WinRAR
[16/03/2009|13:33] C:\Program Files\Zone Labs
[13/03/2009|23:53] C:\Program Files\Zylom Games
\\ Listing Folders in C:\Program Files\Common Files
[23/02/2009|16:20] C:\Program Files\Common Files\Adobe
[23/02/2009|16:20] C:\Program Files\Common Files\Adobe AIR
[20/02/2009|18:53] C:\Program Files\Common Files\AVSMedia
[19/02/2009|19:44] C:\Program Files\Common Files\DESIGNER
[26/02/2009|19:42] C:\Program Files\Common Files\DFX
[19/02/2009|21:43] C:\Program Files\Common Files\i4j_jres
[23/02/2009|16:20] C:\Program Files\Common Files\InstallShield
[23/02/2009|16:20] C:\Program Files\Common Files\microsoft shared
[19/02/2009|22:22] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|11:18] C:\Program Files\Common Files\Services
[23/02/2009|16:20] C:\Program Files\Common Files\SpeechEngines
[23/02/2009|16:20] C:\Program Files\Common Files\System
\\ Process
( 61 Processes )
... OK !
\\ Searching with S_Lop
No Lop folder found !
\\ Searching for Lop Files - Folders
No Lop folder found !
\\ Searching within the Registry
..... OK !
\\ Checking the Hosts file
Hosts file CLEAN
\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 18:20:42
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
\\ Searching for other infections
No other infections found !
[F:85][D:20]-> C:\Users\Owner\AppData\Local\Temp
[F:74][D:1]-> C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1535][D:5]-> C:\Users\Owner\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 17/03/2009|17:31 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/03/2009|18:21 - Option : [3]
\\ Scan completed at 18:21:38
[ UAC => 1 ]
Now can I trouble you to run a new scan with Panda ActiveScan?
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-03-19 09:39:18
PROTECTIONS: 3
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ZoneAlarm Anti-Spyware 8.0.065.000 No No
Spybot - Search and Destroy 1.0.0.6 No Yes
Windows Defender 1.1.1505.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.yieldmanager[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@bs.serving-sys[1].txt
01895148 Malicious Packer SecRisk No 0 Yes No C:\ProgramData\Build Roam Readme\save browse road.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\ProgramData\Build Roam Readme\kicryaqc.exe
01895148 Malicious Packer SecRisk No 0 Yes No C:\Lop SD\Backup-Lop\ProgramData\Admin Inter 1 Mags\bib math.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location |3�P�} 39
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description |3�P�} 39
;===================================================================================================================================================================================
;===================================================================================================================================================================================
How's your computer running now?
If everything is now fine I'll just direct you to do some clean-up and you can be on your way...
This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below and click OK.
When ComboFix receives such an instruction, it will do the following:
a) Deletes the following files/folders:
* ComboFix.exe
* %system%\swxcacls.exe
* %system%\swsc.exe
* %system%\VFind.exe
* %system%\moveex.exe
* %system%\swreg.exe
* %systemroot%\catchme.exe
* \ComboFix
* \Qoobox
* \VundoFix Backups
* \Deckard
* \_OTMoveIt
* %systemroot%\erdnt\subs
b) Resets the clock settings.
c) Hides file extensions
d) Hides System/Hidden files
e) Clears System Restore cache and create new Restore point
You can also delete C:\Lop SD\ now.
Let me know once you have seen this post, so we can move the thread to the Fixed section.
Anyway, besides Lop S&D, you can delete Avenger now too:
C:\Users\Owner\Desktop\avenger.zip
Any other problems or questions?
http://icrontic.com/forum/forumdisplay.php?f=32
Glad we could be of assistance! The help you received here was free.
This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead
_______________________________
Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.