I have Microsoft Security Essentials & Malwarebyes Anti Malware Installed. Computer was infected with AntivirusGT.
Web pages get hijacked sometimes but not others, computer seems to be running really slow (slower than normal)
Thanks in advance
DDS (Ver_10-03-17.01) - NTFSx86
Run by Celeron1700 at 15:56:47.40 on Tue 07/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.735.252 [GMT 10:00]
AV: Security Suite *On-access scanning enabled* (Updated) {F5E52F41-190C-46f6-9FC3-55470285CC2B}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Celeron1700\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://mystart.incredimail.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;localhost
uInternet Settings,ProxyServer = http=127.0.0.1:6522
{ef99bd32-c1fb-11d2-892f-0090271d4f88}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [hp 1000 firmware] c:\program files\hp laserjet 1000\fwdl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
=============== Created Last 30 ================
2010-09-07 05:43:54 0 ----a-w- c:\documents and settings\celeron1700\defogger_reenable
2010-09-07 04:46:57 1409 ----a-w- c:\windows\QTFont.for
2010-09-07 04:46:56 54156 ---ha-w- c:\windows\QTFont.qfn
2010-09-07 04:09:37 0 d-sha-r- C:\cmdcons
2010-09-07 04:05:22 98816 ----a-w- c:\windows\sed.exe
2010-09-07 04:05:22 77312 ----a-w- c:\windows\MBR.exe
2010-09-07 04:05:22 256512 ----a-w- c:\windows\PEV.exe
2010-09-07 04:05:22 161792 ----a-w- c:\windows\SWREG.exe
2010-08-30 05:31:15 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-30 05:24:42 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-30 04:47:33 0 d-----w- c:\docume~1\celero~1\applic~1\Malwarebytes
2010-08-30 04:47:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 04:47:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-30 04:47:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 04:47:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 04:43:55 0 d-----w- c:\windows\pss
2010-08-28 13:56:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-21 12:57:59 0 d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJEGV
2010-08-14 07:51:27 0 d-----w- c:\docume~1\celero~1\applic~1\IObit
2010-08-14 07:51:26 0 d-----w- c:\program files\IObit
==================== Find3M ====================
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-12-08 12:15:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120820081209\index.dat
============= FINISH: 16:01:09.32 ===============
Attached Files
-
Attach.txt 11.77KB
1 downloads
-
ark.txt 8.25KB
6 downloads
Back to top
