We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Internet Explorer hijacked, history shows sites not visited
AndyPreston_2
Posts: 27 Forumite
in Techie Stuff
Hi,
I would be very grateful if someone a bit more knowledgeable than me were able to assist, please!
For the last 2-3 weeks I have noticed that Internet Explorer has been behaving strangely. The browser sometimes seems to be using a huge amount of memory, and on checking Processes in Windows Task Manager, there are sometimes more copies of iexplore.exe than I have open. Also, my History is showing websites that I haven't visited.
I have tried antivirus, spyware and malware scans but none of these have resolved these issues. Malwarebytes Anti-Malware does however pick up many (i.e. can be as often as every minute or so) attempts to connect with potentially malicious websites, both incoming and outgoing.
This seems to be the same problem that a forum member called wen had recently (thread 3868945 - I would post a link but as a new member, the forum won't let me) and received some fantastic assistance from waddler_8. As requested in that thread, I am copying the DDS.txt file in a separate post below.
Any help from waddler_8 or otherwise would be very much appreciated!
Many thanks in advance,
Andy
I would be very grateful if someone a bit more knowledgeable than me were able to assist, please!
For the last 2-3 weeks I have noticed that Internet Explorer has been behaving strangely. The browser sometimes seems to be using a huge amount of memory, and on checking Processes in Windows Task Manager, there are sometimes more copies of iexplore.exe than I have open. Also, my History is showing websites that I haven't visited.
I have tried antivirus, spyware and malware scans but none of these have resolved these issues. Malwarebytes Anti-Malware does however pick up many (i.e. can be as often as every minute or so) attempts to connect with potentially malicious websites, both incoming and outgoing.
This seems to be the same problem that a forum member called wen had recently (thread 3868945 - I would post a link but as a new member, the forum won't let me) and received some fantastic assistance from waddler_8. As requested in that thread, I am copying the DDS.txt file in a separate post below.
Any help from waddler_8 or otherwise would be very much appreciated!
Many thanks in advance,
Andy
0
Comments
-
The forum won't let me post with links, so I have edited the DDS file so that the references don't read as links - hope this still makes sense.
---DDS.txt file follows---
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 20:12:29 on 2012-04-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.352 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp:// www. orange.co.uk/
uDefault_Page_URL = hxxp:// www. orange.co.uk/
uSearch Bar = hxxp:// www. orange.co.uk/iesearch/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: SparkleBox Toolbar: {ca4eedb3-5719-4e27-a478-8d13f761c28d} - c:\program files\sparklebox\prxtbSpa2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SparkleBox Toolbar: {ca4eedb3-5719-4e27-a478-8d13f761c28d} - c:\program files\sparklebox\prxtbSpa2.dll
uRun: [STManager] "c:\program files\speedtouch\dr speedtouch\drst.exe" -b
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [EPSON SX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifce.exe /fu "c:\windows\temp\E_S23C.tmp" /EF "HKCU"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [UIUCU] c:\docume~1\owner\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [NPSStartup]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: landmarkinfo.co.uk
Trusted Zone: promap.co.uk
Trusted Zone: promapserver.co.uk
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp:// office.microsoft.com/ sites/ production/I eawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp:// download.microsoft.com/ download /E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp:// update.microsoft.com/ windowsupdate/ v6/ V5Controls /en/x86/client/wuweb_site.cab?1304627511640
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps:// www. promapserver.co.uk/ controls/latest/promap.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp:// java.sun.com/ update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp:// java.sun.com/ update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp:// java.sun.com/ update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp:// fpdownload2. macromedia.com/ get/ shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp:// platformdl. adobe.com/ NOS/ getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp:// gfx2.hotmail.com/ mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FDD6AE30-ABC3-4065-AE99-1CA0F170259B} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: PRISMGNA.DLL - PRISMGNA.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-1-2 233472]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-18 654408]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-12-14 57433]
R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart product drivers\UCService.exe [2011-1-25 846704]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-1-2 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-18 22344]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-1-2 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-1-2 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-1-2 121856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2011-1-25 1678704]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
.
=============== Created Last 30 ================
.
2012-04-15 07:56:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 18:33:02
d
w- c:\program files\PCHand
2012-04-11 22:10:14
d
w- c:\program files\iPod
2012-04-11 22:10:03
d
w- c:\program files\iTunes
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-22 20:07:20
d
w- C:\Camcorder DVD
2012-03-20 08:49:27
d
w- c:\program files\SlideGo
2012-03-18 13:57:03
d
w- c:\documents and settings\owner\application data\Malwarebytes
2012-03-18 13:56:38
d
w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-18 13:56:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-18 13:56:36
d
w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 16:39:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2012-04-15 08:51:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-17 16:38:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520
w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440
w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024
w- c:\windows\system32\html.iec
2012-02-12 16:48:32 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:13:47.64 ===============
0 -
Post attach.txt , then run aswMBR & post that log. Download it and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe
When you've downloaded it...- Double click aswMBR.exe to run it.
- If prompted, click YES to scan with Avast! virus definitions.
- Set the AVscan to Quick Scan & click the Scan button.
- When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
- Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
- Click EXIT.
- Copy & paste the contents of aswMBR.txt here.
0 -
Thanks so much for your help.
The attach file follows...
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 14/12/2009 15:29:57
System Uptime: 15/04/2012 08:48:59 (12 hours ago)
.
Motherboard: Dell Inc. | | 0X8582
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 290.255 GiB free.
is CDROM ()
E: is FIXED (NTFS) - 146 GiB total, 10.446 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1862.666 GiB free.
G: is Removable
H: is FIXED (NTFS) - 466 GiB total, 9.729 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X300 Series Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 Series Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
Service: ati2mtag
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\00000000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\00000000
Service: NIC1394
.
==== System Restore Points ===================
.
RP664: 22/03/2012 05:18:05 - System Checkpoint
RP665: 23/03/2012 06:08:51 - System Checkpoint
RP666: 30/03/2012 08:04:42 - System Checkpoint
RP667: 31/03/2012 22:16:07 - System Checkpoint
RP668: 02/04/2012 09:21:46 - System Checkpoint
RP669: 03/04/2012 11:42:16 - System Checkpoint
RP670: 05/04/2012 20:45:08 - System Checkpoint
RP671: 07/04/2012 02:41:14 - System Checkpoint
RP672: 08/04/2012 09:21:21 - System Checkpoint
RP673: 09/04/2012 10:10:04 - System Checkpoint
RP674: 10/04/2012 10:55:29 - System Checkpoint
RP675: 11/04/2012 20:00:35 - Software Distribution Service 3.0
RP676: 12/04/2012 20:50:27 - System Checkpoint
RP677: 15/04/2012 15:45:33 - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Reader 9.5.1
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AGEIA PhysX v6.11.13
Amazon MP3 Downloader 1.0.9
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.3.14 (Unicode)
AudibleManager
AVG 2012
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
BitTorrent
Bonjour
Boris Graffiti
Canon iP5300 User Registration
CD-LabelPrint
CloneCD
CloneDVD2
ConvertXtoDVD 4.0.9.322
Corel VideoStudio 12
CorelDRAW Graphics Suite 12
Coupon Printer
Creative System Information
Creative ZEN
CutePDF Writer 2.8
Digital Line Detect
Dr SpeedTouch
DVD Flick 1.3.0.7
Easy-WebPrint
EPSON Scan
EPSON SX410 Series Printer Uninstall
EPSON Web-To-Page
GOM Player
Google Earth
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Image Resizer Powertoy for Windows XP
Intel(R) PRO Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 31
JDownloader
K-Lite Mega Codec Pack 8.0.0
LeapFrog Connect
LeapFrog My Pals Plugin
Magic Bullet Looks Studio
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer Utility Ver.1.5
Nuclear Coffee - VideoGet
P1670 Reference Guide
PC Connectivity Solution
PCHand Video Converter 2.5.1.0
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
PowerDVD 5.5
Presto! BizCard 4.1 Eng
proDAD Vitascene 1.0
PSP Movie Creator(remove only)
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SigmaTel Audio
SlideGo
SMART Notebook
SMART Notebook Express
SMART Product Drivers
SmartSound Quicktracks Plugin
SparkleBox Toolbar
SpeedTouch USB Software
Studio 9
thomas
Thomas New Line
Total Video Converter 3.60 100204
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 Wireless LAN Card Utility
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
VideoStudio
Wanadoo Search Toolbar
WebFldrs XP
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
ZENcast Organizer
.
==== Event Viewer Messages From Past Week ========
.
11/04/2012 20:15:51, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.
11/04/2012 20:15:51, error: NIC1394 [5002] - 1394 Net Adapter : Has determined that the adapter is not functioning properly.
.
==== End Of File ===========================0 -
Post aswMBR.txt when you have run it.0
-
aswMBR log follows.....
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-16 18:31:32
18:31:32.875 OS Version: Windows 5.1.2600 Service Pack 3
18:31:32.875 Number of processors: 2 586 0x403
18:31:32.875 ComputerName: OWNER-DCC735BA6 UserName: Owner
18:31:35.765 Initialize success
18:34:19.703 AVAST engine defs: 12041600
18:34:32.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
18:34:32.265 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
18:34:32.296 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
18:34:32.296 Disk 1 Vendor: WDC_WD1600JD-75HBC0 08.02D08 Size: 152587MB BusType: 3
18:34:32.343 Disk 0 MBR read successfully
18:34:32.343 Disk 0 MBR scan
18:34:32.578 Disk 0 Windows XP default MBR code
18:34:32.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
18:34:32.593 Disk 0 scanning sectors +976752000
18:34:32.703 Disk 0 scanning C:\WINDOWS\system32\drivers
18:35:11.203 Service scanning
18:35:29.890 Modules scanning
18:35:35.359 Disk 0 trace - called modules:
18:35:35.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:35:35.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f79ab8]
18:35:35.390 3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-f[0x86f3dd98]
18:35:36.562 AVAST engine scan C:\WINDOWS
18:35:59.593 AVAST engine scan C:\WINDOWS\system32
18:38:55.125 AVAST engine scan C:\WINDOWS\system32\drivers
18:39:21.609 AVAST engine scan C:\Documents and Settings\Owner
18:44:39.031 File: C:\Documents and Settings\Owner\Local Settings\Temp\1A5.tmp **INFECTED** Win32:Downloader-NLU [Trj]
19:13:52.109 AVAST engine scan C:\Documents and Settings\All Users
19:36:08.031 Scan finished successfully
19:39:23.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:39:23.562 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
One obvious potential culprit being the trojan file found in the Temp directory, but I haven't done anything about it and will await your advice. Many thanks again, Andy0 -
Go here and read through the instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial- Ensure you temporarily turn off AVG before running. Instructions here
- Double click combofix.exe & follow the prompts closely.
- When it's finished, it'll produce a log. Post the contents of that log.
- It'll be found on your C:\ drive named combofix.txt
0 -
Hi,
I ran Combofix, and after the 50 stage scan, my computer rebooted. I waited at the log-on screen and after nothing happened, logged on to my profile, and once that had finished loading, I got a message saying that Windows had recovered from a serious error. Nothing else seems to be happening with Combofix now.
Can you advise what I should do?
Thanks, Andy0 -
Look at the root of the C: drive - Is there a file named combofix.txt?0
-
No, there's no combofix.txt file. There is a Combofix icon, but that just seems to show the contents of the PC just like Windows Explorer.
Thanks, Andy0 -
Do you have any experience with the using recovery console?
I can give you instructions if not.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards