TechSpot

HI

By rohono
Dec 22, 2010
  1. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16.12.2010 16:07:27
    System Uptime: 22.12.2010 11:14:35 (2 hours ago)

    Motherboard: | | P4I45D+
    Processor: Intel(R) Celeron(R) CPU 2.26GHz | FC-478 | 2278/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 29 GiB total, 21,392 GiB free.
    D: is FIXED (NTFS) - 42 GiB total, 37,826 GiB free.
    E: is FIXED (NTFS) - 3 GiB total, 2,994 GiB free.
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&172A2BDD&0&50F0
    Manufacturer: Realtek
    Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&172A2BDD&0&50F0
    Service: rtl8139

    ==== System Restore Points ===================

    RP1: 19.12.2010 17:20:27 - System Checkpoint
    RP2: 19.12.2010 17:21:13 - Advanced SystemCare RestorePoint
    RP3: 20.12.2010 15:29:03 - Installed Windows Media Player KB954155.
    RP4: 20.12.2010 15:29:33 - Installed Windows XP KB971961.
    RP5: 21.12.2010 20:59:09 - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Advanced SystemCare 3
    AlterGeo Magic Scanner
    avast! Internet Security
    CCleaner (remove only)
    Game Booster
    Google Chrome
    Guard.Mail.ru
    Hotfix for Windows XP (KB954708)
    IObit Security 360
    iolo Memory Mechanic
    Mail.Ru Agent 5.7 (build 3796, for all users)
    Malwarebytes' Anti-Malware
    Media Player Classic - Home Cinema v1.4.2499.0
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.13)
    MSVCRT
    Polyglot
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Skype Toolbars
    Skype™ 5.0
    Smart Defrag
    Smart Defrag 2
    TrojanHunter 5.3
    Update for Windows XP (KB973815)
    WebFldrs XP
    Winamp
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    22.12.2010 12:58:34, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    20.12.2010 14:03:28, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Have_Fun_Be_NIce.
    20.12.2010 14:03:27, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiis.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    20.12.2010 14:03:25, information: Windows File Protection [64021] - The system file c:\windows\system32\admwprox.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    20.12.2010 14:03:20, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    20.12.2010 14:03:11, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    20.12.2010 14:02:55, information: Windows File Protection [64016] - Windows File Protection file scan was started.
    19.12.2010 17:53:42, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SSDPSRV service.
    19.12.2010 17:52:41, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RemoteRegistry service.
    19.12.2010 17:46:39, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
    18.12.2010 19:53:13, error: System Error [1003] - Error code 1000000a, parameter1 12000008, parameter2 00000002, parameter3 00000000, parameter4 804dc244.
    18.12.2010 18:20:54, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    18.12.2010 17:21:35, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    16.12.2010 18:24:03, error: System Error [1003] - Error code 10000050, parameter1 fffdf6e8, parameter2 00000000, parameter3 bf813c8a, parameter4 00000000.
    16.12.2010 16:41:41, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000000, parameter4 804e6d3f.
    16.12.2010 16:39:39, error: System Error [1003] - Error code 1000000a, parameter1 00000054, parameter2 00000002, parameter3 00000001, parameter4 804dc23d.
    16.12.2010 16:25:39, error: System Error [1003] - Error code 0000004e, parameter1 0000008f, parameter2 000182e9, parameter3 000179a9, parameter4 00000000.
    16.12.2010 16:12:04, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Have_Fun_Be_NIce at 13:02:46,70 on 22.12.2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.279 [GMT 4:00]

    AV: Doctor Web Anti-Virus *Enabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
    AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *Disabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\Hacked.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\IObit\Game Booster\GameBox.exe
    C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    E:\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Have_Fun_Be_NIce\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Have_Fun_Be_NIce\My Documents\Downloads\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.facebook.com/?ref=hp
    uURLSearchHooks: {83821c2b-32a8-4dd7-b6d4-44309a78e668} - c:\program files\mail.ru\agent\mra\dll\newmrasearch.dll
    uURLSearchHooks: H - No File
    mWinlogon: Shell=Hacked.exe
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AlterGeoBHO Class: {9bfba68e-e21b-458e-ae12-fe85e903d2c1} - c:\program files\altergeo\altergeo magic scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [MAgent] c:\program files\mail.ru\agent\MAgent.exe -LM
    mRun: [Guard.Mail.ru.gui] "c:\program files\mail.ru\guard\GuardMailRu.exe" /gui
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    IE: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\mail.ru\agent\magent.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\have_f~1\applic~1\mozilla\firefox\profiles\7y0ey59i.default\
    FF - prefs.js: browser.startup.homepage - facebook.com
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\have_fun_be_nice\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}

    ============= SERVICES / DRIVERS ===============

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-12-16 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-12-16 190416]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2010-12-20 14776]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-12-16 99792]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-12-16 340048]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-16 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-16 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-16 40384]
    R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\mail.ru\guard\GuardMailRu.exe [2010-12-21 1038016]
    R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-16 312152]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-16 20952]
    S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-12-16 119200]
    S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2010-12-16 304464]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-16 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-16 40384]

    =============== Created Last 30 ================

    2010-12-21 09:56:18 -------- d-----w- c:\program files\Mail.Ru
    2010-12-21 09:56:18 -------- d-----w- c:\docume~1\have_f~1\applic~1\Mra
    2010-12-20 18:58:35 65024 --sh--r- c:\windows\nvsvc32.exe
    2010-12-20 11:07:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-12-20 11:06:13 28496 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2010-12-20 11:06:13 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2010-12-20 10:34:18 -------- d-----w- c:\docume~1\have_f~1\applic~1\iolo
    2010-12-20 10:34:15 -------- d-----w- c:\program files\iolo
    2010-12-20 10:34:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\iolo
    2010-12-19 18:44:08 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
    2010-12-19 15:55:00 -------- d-----w- c:\docume~1\have_f~1\locals~1\applic~1\Temp
    2010-12-19 15:54:46 -------- d-----w- c:\docume~1\have_f~1\locals~1\applic~1\Google
    2010-12-19 13:20:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\FreeApp
    2010-12-19 13:08:56 -------- d-----w- c:\windows\ServicePackFiles
    2010-12-19 13:06:56 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-12-19 13:06:55 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-12-19 13:06:55 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-12-19 13:06:54 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-12-18 11:53:37 -------- d-----w- c:\docume~1\have_f~1\applic~1\TrojanHunter
    2010-12-18 11:30:57 -------- d-----w- c:\program files\TrojanHunter 5.3
    2010-12-18 10:47:34 -------- d-----w- c:\program files\uTorrent
    2010-12-18 10:47:06 -------- d-----w- c:\docume~1\have_f~1\applic~1\uTorrent
    2010-12-18 10:08:51 -------- d-----w- c:\documents and settings\have_fun_be_nice\DoctorWeb
    2010-12-18 10:08:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Doctor Web
    2010-12-18 09:20:24 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-12-18 09:20:04 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2010-12-18 09:20:04 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2010-12-18 09:16:55 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-12-18 09:16:55 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-12-18 09:16:47 -------- d--h--w- c:\windows\$hf_mig$
    2010-12-17 10:46:35 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2010-12-16 16:26:39 -------- d-----w- c:\docume~1\have_f~1\applic~1\Yandex
    2010-12-16 16:24:09 -------- d-----w- c:\program files\Polyglot

    ==================== Find3M ====================


    ============= FINISH: 13:03:45,48 ===============
     
  2. crunchie

    crunchie Malware Helper Posts: 728

    Hi right back at you.

    There are other logs you need to post from the 8 steps sticky.

    Please post them with an explanation of the problems you are having.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...