Inactive HI

Status
Not open for further replies.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16.12.2010 16:07:27
System Uptime: 22.12.2010 11:14:35 (2 hours ago)

Motherboard: | | P4I45D+
Processor: Intel(R) Celeron(R) CPU 2.26GHz | FC-478 | 2278/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 21,392 GiB free.
D: is FIXED (NTFS) - 42 GiB total, 37,826 GiB free.
E: is FIXED (NTFS) - 3 GiB total, 2,994 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&172A2BDD&0&50F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&172A2BDD&0&50F0
Service: rtl8139

==== System Restore Points ===================

RP1: 19.12.2010 17:20:27 - System Checkpoint
RP2: 19.12.2010 17:21:13 - Advanced SystemCare RestorePoint
RP3: 20.12.2010 15:29:03 - Installed Windows Media Player KB954155.
RP4: 20.12.2010 15:29:33 - Installed Windows XP KB971961.
RP5: 21.12.2010 20:59:09 - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced SystemCare 3
AlterGeo Magic Scanner
avast! Internet Security
CCleaner (remove only)
Game Booster
Google Chrome
Guard.Mail.ru
Hotfix for Windows XP (KB954708)
IObit Security 360
iolo Memory Mechanic
Mail.Ru Agent 5.7 (build 3796, for all users)
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
Polyglot
Security Update for Windows Media Player (KB954155)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 5.0
Smart Defrag
Smart Defrag 2
TrojanHunter 5.3
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver

==== Event Viewer Messages From Past Week ========

22.12.2010 12:58:34, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
20.12.2010 14:03:28, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Have_Fun_Be_NIce.
20.12.2010 14:03:27, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiis.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
20.12.2010 14:03:25, information: Windows File Protection [64021] - The system file c:\windows\system32\admwprox.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
20.12.2010 14:03:20, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
20.12.2010 14:03:11, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
20.12.2010 14:02:55, information: Windows File Protection [64016] - Windows File Protection file scan was started.
19.12.2010 17:53:42, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SSDPSRV service.
19.12.2010 17:52:41, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RemoteRegistry service.
19.12.2010 17:46:39, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
18.12.2010 19:53:13, error: System Error [1003] - Error code 1000000a, parameter1 12000008, parameter2 00000002, parameter3 00000000, parameter4 804dc244.
18.12.2010 18:20:54, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
18.12.2010 17:21:35, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
16.12.2010 18:24:03, error: System Error [1003] - Error code 10000050, parameter1 fffdf6e8, parameter2 00000000, parameter3 bf813c8a, parameter4 00000000.
16.12.2010 16:41:41, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000000, parameter4 804e6d3f.
16.12.2010 16:39:39, error: System Error [1003] - Error code 1000000a, parameter1 00000054, parameter2 00000002, parameter3 00000001, parameter4 804dc23d.
16.12.2010 16:25:39, error: System Error [1003] - Error code 0000004e, parameter1 0000008f, parameter2 000182e9, parameter3 000179a9, parameter4 00000000.
16.12.2010 16:12:04, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================


DDS (Ver_10-12-12.02) - NTFSx86
Run by Have_Fun_Be_NIce at 13:02:46,70 on 22.12.2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.279 [GMT 4:00]

AV: Doctor Web Anti-Virus *Enabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Hacked.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
E:\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Have_Fun_Be_NIce\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/?ref=hp
uURLSearchHooks: {83821c2b-32a8-4dd7-b6d4-44309a78e668} - c:\program files\mail.ru\agent\mra\dll\newmrasearch.dll
uURLSearchHooks: H - No File
mWinlogon: Shell=Hacked.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AlterGeoBHO Class: {9bfba68e-e21b-458e-ae12-fe85e903d2c1} - c:\program files\altergeo\altergeo magic scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [MAgent] c:\program files\mail.ru\agent\MAgent.exe -LM
mRun: [Guard.Mail.ru.gui] "c:\program files\mail.ru\guard\GuardMailRu.exe" /gui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\mail.ru\agent\magent.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\have_f~1\applic~1\mozilla\firefox\profiles\7y0ey59i.default\
FF - prefs.js: browser.startup.homepage - facebook.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\have_fun_be_nice\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-12-16 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-12-16 190416]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2010-12-20 14776]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-12-16 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-12-16 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-16 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-16 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-16 40384]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\mail.ru\guard\GuardMailRu.exe [2010-12-21 1038016]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-16 312152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-16 20952]
S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-12-16 119200]
S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2010-12-16 304464]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-16 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-16 40384]

=============== Created Last 30 ================

2010-12-21 09:56:18 -------- d-----w- c:\program files\Mail.Ru
2010-12-21 09:56:18 -------- d-----w- c:\docume~1\have_f~1\applic~1\Mra
2010-12-20 18:58:35 65024 --sh--r- c:\windows\nvsvc32.exe
2010-12-20 11:07:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-20 11:06:13 28496 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2010-12-20 11:06:13 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2010-12-20 10:34:18 -------- d-----w- c:\docume~1\have_f~1\applic~1\iolo
2010-12-20 10:34:15 -------- d-----w- c:\program files\iolo
2010-12-20 10:34:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\iolo
2010-12-19 18:44:08 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2010-12-19 15:55:00 -------- d-----w- c:\docume~1\have_f~1\locals~1\applic~1\Temp
2010-12-19 15:54:46 -------- d-----w- c:\docume~1\have_f~1\locals~1\applic~1\Google
2010-12-19 13:20:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\FreeApp
2010-12-19 13:08:56 -------- d-----w- c:\windows\ServicePackFiles
2010-12-19 13:06:56 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-12-19 13:06:55 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-12-19 13:06:55 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-12-19 13:06:54 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-12-18 11:53:37 -------- d-----w- c:\docume~1\have_f~1\applic~1\TrojanHunter
2010-12-18 11:30:57 -------- d-----w- c:\program files\TrojanHunter 5.3
2010-12-18 10:47:34 -------- d-----w- c:\program files\uTorrent
2010-12-18 10:47:06 -------- d-----w- c:\docume~1\have_f~1\applic~1\uTorrent
2010-12-18 10:08:51 -------- d-----w- c:\documents and settings\have_fun_be_nice\DoctorWeb
2010-12-18 10:08:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Doctor Web
2010-12-18 09:20:24 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-12-18 09:20:04 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-12-18 09:20:04 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-12-18 09:16:55 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-12-18 09:16:55 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-12-18 09:16:47 -------- d--h--w- c:\windows\$hf_mig$
2010-12-17 10:46:35 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-12-16 16:26:39 -------- d-----w- c:\docume~1\have_f~1\applic~1\Yandex
2010-12-16 16:24:09 -------- d-----w- c:\program files\Polyglot

==================== Find3M ====================


============= FINISH: 13:03:45,48 ===============
 
Hi right back at you.

There are other logs you need to post from the 8 steps sticky.

Please post them with an explanation of the problems you are having.
 
Status
Not open for further replies.
Back