please help win soft blue

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

please help win soft blue11th May 2009, 9:39 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.23.55, on 11/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\oodag.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SonicWALL\SonicWALL Anti-Spam Desktop\mantispm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\setup2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\Nicola\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Nicola\Desktop\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Disattivazione del cookie per la pubblicità - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\SonicWALL\SonicWALL Anti-Spam Desktop\mantispm.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\Windows\system32\rundll83.exe
O4 - HKCU\..\Run: [nvd32_r] rundll32.exe "C:\Users\Nicola\AppData\Roaming\unobi.dll" s
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\ProgramData\proto.dll" run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKCU\..\Run: [Lsass Service] C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\lsass.exe
O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\Windows\system32\rundll83.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA76E85C-10C5-4E9D-9291-779BE0E2FDD8}: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Servizio di Google Update (gupdate1c9b9696dace39f) (gupdate1c9b9696dace39f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13870 bytes

Re: please help win soft blue11th May 2009, 12:03 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\Windows\system32\rundll83.exe
O4 - HKCU\..\Run: [nvd32_r] rundll32.exe "C:\Users\Nicola\AppData\Roaming\unobi.dll" s
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\ProgramData\proto.dll" run
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKCU\..\Run: [Lsass Service] C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\lsass.exe
O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\Windows\system32\rundll83.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA76E85C-10C5-4E9D-9291-779BE0E2FDD8}: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
please help win soft blue DXwU4

log file12th May 2009, 12:18 pm

Malwarebytes' Anti-Malware 1.36
Versione del database: 2114
Windows 6.0.6001 Service Pack 1

12/05/2009 14.03.58
mbam-log-2009-05-12 (14-03-58).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 203249
Tempo trascorso: 1 hour(s), 42 minute(s), 25 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 2
Elementi dato del registro infetti: 1
Cartelle infette: 2
File infetti: 11

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\WiniBlueSoft (Rogue.WiniBlue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DigitalLabs (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalLabs (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvd32_r (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\lsa\Hotfix-KB5504305 (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ea76e85c-10c5-4e9d-9291-779be0e2fdd8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.149,85.255.112.214 -> Quarantined and deleted successfully.

Cartelle infette:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigitalLabs (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DigitalLabs (Trojan.DNSChanger) -> Quarantined and deleted successfully.

File infetti:
C:\Program Files\Alcohol Soft\Alcohol 120\patch_ssc.exe (Trojan.Patch) -> Quarantined and deleted successfully.
C:\Program Files\DigitalLabs\Uninstall.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\2A64.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\setup2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\setup2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Book\mssDc2[2].dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigitalLabs\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Roaming\unobi.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxcirodlxmxkqqhedxypnpnulxrbccyxtsr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Re: please help win soft blue13th May 2009, 11:58 am

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

dds.txt 113th May 2009, 1:20 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Nicola at 15.13.58,04 on 13/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.39.1040.18.2046.923 [GMT 2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\oodag.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SonicWALL\SonicWALL Anti-Spam Desktop\mantispm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Nicola\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\conime.exe
C:\Users\Nicola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.it/
uSEARCH PAGE = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://it.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Disattivazione del cookie per la pubblicità: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Matador] "c:\progra~1\sonicwall\sonicwall anti-spam desktop\mantispm.exe" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Acer Tour Reminder]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

continue

Re: please help win soft blue13th May 2009, 1:21 pm

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-9 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-10 114768]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-10-11 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-8-14 50688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-10 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-10 51792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-9 348752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-8-14 43008]
S2 gupdate1c9b9696dace39f;Servizio di Google Update (gupdate1c9b9696dace39f);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-14 179712]

=============== Created Last 30 ================

2009-05-12 16:07 3,273 a------- c:\windows\system32\1fd6dow9loa5er2080z.ocx
2009-05-12 12:18 --d----- c:\users\nicola\appdata\roaming\Malwarebytes
2009-05-12 12:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-12 12:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 12:18 --d----- c:\programdata\Malwarebytes
2009-05-12 12:18 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-12 12:18 --d----- c:\progra~2\Malwarebytes
2009-05-09 15:14 --d----- c:\program files\common files\PC Tools
2009-05-09 15:14 --d----- c:\users\nicola\appdata\roaming\PC Tools
2009-05-09 15:14 --d----- c:\programdata\PC Tools
2009-05-09 15:14 --d----- c:\program files\Spyware Doctor
2009-05-09 15:14 --d----- c:\progra~2\PC Tools
2009-05-09 13:08 --d----- c:\program files\a-squared Free
2009-05-09 08:17 17,511 a------- c:\windows\4z9ste59484.dll
2009-05-09 00:23 8,925 a------- c:\windows\69e2z9reat4505.dll
2009-05-08 18:58 3,894 a------- c:\windows\system32\13994zr5j476.dll
2009-05-07 06:05 13,342 a------- c:\windows\system32\25330sz9127.bin
2009-05-05 02:59 12,290 a------- c:\windows\system32\458b9pyw5rz2745.cpl
2009-05-05 00:41 12,121 a------- c:\windows\system32\92z9n9t-a-virus54.exe
2009-05-04 13:30 100,700 a---h--- c:\windows\system32\mlfcache.dat
2009-05-04 12:21 9,677 a------- c:\windows\56259azktoolfa.exe
2009-05-03 21:48 --d----- c:\program files\ACER Crystal Eye webcam
2009-05-03 00:38 14,731 a------- c:\windows\system32\4c5dz5d9are780.dll
2009-05-02 14:52 3,151 a------- c:\windows\52cb9ckdoor208z.exe
2009-05-02 00:29 16,993 a------- c:\windows\14z95spy296.dll
2009-04-28 07:50 13,153 a------- c:\windows\system32\25420spamb5z259.ocx
2009-04-28 02:58 9,950 a------- c:\windows\system32\7b94vi95z66.cpl
2009-04-23 18:28 5,462 a------- c:\windows\system32\92z37wor5203.exe
2009-04-23 14:49 8,571 a------- c:\windows\2391downloadzr2755.ocx
2009-04-22 15:19 10,723 a------- c:\windows\system32\5df6th9ezt16855.cpl
2009-04-21 09:27 2,823 a------- c:\windows\65fdspy5arez960.cpl
2009-04-21 05:44 13,344 a------- c:\windows\system32\17498zi9us454.dll
2009-04-19 12:21 6,831 a------- c:\windows\7594addwzre1639.dll
2009-04-18 05:30 13,033 a------- c:\windows\system32\z276viru5913.exe
2009-04-17 20:59 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-04-17 20:59 --d----- c:\users\nicola\appdata\roaming\TuneUp Software
2009-04-17 20:59 --d----- c:\programdata\TuneUp Software
2009-04-17 20:59 --d----- c:\program files\TuneUp Utilities 2009
2009-04-17 20:59 --d----- c:\progra~2\TuneUp Software
2009-04-17 20:58 --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-17 20:58 --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-17 16:34 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-04-17 16:34 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-04-17 16:34 --d----- c:\program files\ffdshow
2009-04-16 16:32 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-16 16:32 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-16 16:32 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-16 16:32 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-16 16:32 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-04-16 16:32 551,424 a------- c:\windows\system32\rpcss.dll
2009-04-16 01:48 --d----- c:\users\nicola\DvD
2009-04-14 18:38 109,822 a------- c:\windows\system32\oodbs.lor
2009-04-14 12:32 174 a------- c:\windows\game.ini
2009-04-14 10:16 --d----- c:\windows\system32\oodag
2009-04-14 10:06 --d----- c:\program files\OO Software
2009-04-14 09:47 --d----- c:\program files\Alcohol Soft
2009-04-14 09:44 715,248 a------- c:\windows\system32\drivers\sptd.sys
2009-04-14 09:41 --d----- c:\users\nicola\appdata\roaming\IDM
2009-04-14 09:41 --d----- c:\users\nicola\appdata\roaming\DMCache
2009-04-14 09:41 --d----- c:\program files\Internet Download Manager
2009-04-14 00:54 --d----- c:\program files\MegaLink
2009-04-14 00:49 --d----- c:\programdata\ConeXware
2009-04-14 00:49 --d----- c:\progra~2\ConeXware
2009-04-14 00:31 --d----- c:\users\nicola\appdata\roaming\FDRLab

==================== Find3M ====================

2009-05-13 14:57 662,846 a------- c:\windows\system32\perfh010.dat
2009-05-13 14:57 120,326 a------- c:\windows\system32\perfc010.dat
2009-05-13 14:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-13 14:55 51,200 a------- c:\windows\inf\infpub.dat
2009-05-12 12:20 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-08 21:10 101,990 a------- c:\users\nicola\appdata\roaming\nvModes.dat
2009-04-13 02:11 13,073 a------- c:\windows\4b0a9pywaze2758.dll
2009-04-10 12:40 5,837 a------- c:\windows\system32\90957spzmbot2d5.dll
2009-04-10 10:32 2,625 a------- c:\windows\system32\92546zpy1a2.exe
2009-04-09 23:41 86,016 a------- c:\windows\inf\infstor.dat
2009-04-09 21:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-08 21:53 13,940 a------- c:\windows\system32\1995stezl17919.exe
2009-04-05 13:46 5,481 a------- c:\windows\7859virz265.dll
2009-04-02 05:46 4,532 a------- c:\windows\system32\2816spyz5re1509.dll
2009-04-01 23:56 10,781 a------- c:\windows\4d3es9azse4125.exe
2009-03-26 17:35 210,352 a------- c:\windows\system32\idmmbc.dll
2009-03-26 16:41 6,500 a------- c:\windows\system32\1235ztr9j717.dll
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-24 08:38 13,378 a------- c:\windows\system32\8z2troj593.bin
2009-03-23 05:19 10,241 a------- c:\windows\14956nzt-a-virus1e15.bin
2009-03-20 17:11 3,389 a------- c:\windows\system32\6bfbv9z555.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 00:05 14,650 a------- c:\windows\6105az5w9re863.exe
2009-03-17 07:24 9,627 a------- c:\windows\system32\b57spazse2097.bin
2009-03-17 05:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 05:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 05:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-16 17:32 10,921 a------- c:\windows\27361v9zus61a5.bin
2009-03-16 13:16 5,849 a------- c:\windows\system32\1z264not-a-viru5189.dll
2009-03-15 14:15 7,094 a------- c:\windows\24535trzj792.dll
2009-03-14 17:37 13,121 a------- c:\windows\52869pzrse2534.bin
2009-03-12 00:43 13,350 a------- c:\windows\51525zoj791.exe
2009-03-09 17:18 13,108 a------- c:\windows\30559s5y1a5z.exe
2009-03-08 05:32 17,912 a------- c:\windows\z529spyware22025.bin
2009-03-06 23:46 3,722 a------- c:\windows\system32\46f0vi95637z.bin
2009-03-03 06:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 06:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 06:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 06:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 06:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 06:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 06:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 05:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 04:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 04:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-03-01 13:30 12,401 a------- c:\windows\system32\54d7spywar911z5.exe
2009-02-28 20:57 6,096 a------- c:\windows\398v9ru52dz.bin
2009-02-25 21:59 1,316,096 a------- c:\windows\system32\ooscrsav.scr
2009-02-25 21:59 730,368 a------- c:\windows\system32\oodsvct.exe
2009-02-25 21:59 1,352,960 a------- c:\windows\system32\oodag.exe
2009-02-25 21:58 2,553,088 a------- c:\windows\system32\oodtray.exe
2009-02-25 21:57 194,816 a------- c:\windows\system32\oodbs.exe
2009-02-25 21:53 951,552 a------- c:\windows\system32\oodtrrs.dll
2009-02-25 21:53 541,952 a------- c:\windows\system32\oodssrs.dll
2009-02-25 21:53 9,984 a------- c:\windows\system32\oodbsrs.dll
2009-02-25 21:53 8,448 a------- c:\windows\system32\OODAGRS.DLL
2009-02-25 21:52 15,616 a------- c:\windows\system32\OODAGMG.DLL
2009-02-23 20:03 15,104 a------- c:\windows\system32\ootmapi.dll
2009-02-20 21:40 7,326 a------- c:\windows\system32\z1d5download9r2980.exe
2009-02-17 22:16 5,031 a------- c:\windows\system32\98z9spamb597ba.bin
2009-02-16 16:32 5,933 a------- c:\windows\255955py99z.bin
2009-02-14 23:37 16,492 a------- c:\windows\system32\583a9zr2554.exe
2009-02-14 19:12 3,405 a------- c:\windows\4e89zhreat21625.dll
2009-02-13 10:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 10:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-02 15:19 174 a--sh--- c:\program files\desktop.ini
2009-02-02 15:08 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-06 03:48 36,614 a------- c:\windows\inf\perflib\0410\perfd.dat
2006-11-06 03:48 331,172 a------- c:\windows\inf\perflib\0410\perfi.dat
2006-11-06 03:48 331,172 a------- c:\windows\inf\perflib\0410\perfh.dat
2006-11-06 03:48 36,614 a------- c:\windows\inf\perflib\0410\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15.15.00,69 ===============

Re: please help win soft blue13th May 2009, 1:26 pm

Hello.

I see that you are running uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If uTorrent is not removed, then I won't help you.

If you choose to follow my recommendation then follow these instructions.

Click Start >> Control Panel.
Under the Programs click Uninstall a Program
Highlight the following programs:

uTorrent
Java 6 Update 7
Click on the Uninstall/Change button at the top.

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it.
Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
c:\windows\system32\1fd6dow9loa5er2080z.ocx
c:\windows\4z9ste59484.dll
c:\windows\69e2z9reat4505.dll
c:\windows\system32\13994zr5j476.dll
c:\windows\system32\25330sz9127.bin
c:\windows\system32\458b9pyw5rz2745.cpl
c:\windows\system32\92z9n9t-a-virus54.exe
c:\windows\system32\mlfcache.dat
c:\windows\56259azktoolfa.exe
c:\windows\system32\4c5dz5d9are780.dll
c:\windows\52cb9ckdoor208z.exe
c:\windows\14z95spy296.dll
c:\windows\system32\25420spamb5z259.ocx
c:\windows\system32\7b94vi95z66.cpl
c:\windows\system32\92z37wor5203.exe
c:\windows\2391downloadzr2755.ocx
c:\windows\system32\5df6th9ezt16855.cpl
c:\windows\65fdspy5arez960.cpl
c:\windows\system32\17498zi9us454.dll
c:\windows\7594addwzre1639.dll
c:\windows\system32\z276viru5913.exe
c:\windows\4b0a9pywaze2758.dll
c:\windows\system32\90957spzmbot2d5.dll
c:\windows\system32\92546zpy1a2.exe
c:\windows\system32\1995stezl17919.exe
c:\windows\7859virz265.dll
c:\windows\system32\2816spyz5re1509.dll
c:\windows\4d3es9azse4125.exe
c:\windows\system32\1235ztr9j717.dll
c:\windows\system32\8z2troj593.bin
c:\windows\14956nzt-a-virus1e15.bin
c:\windows\system32\6bfbv9z555.dll
c:\windows\6105az5w9re863.exe
c:\windows\system32\b57spazse2097.bin
c:\windows\27361v9zus61a5.bin
c:\windows\system32\1z264not-a-viru5189.dll
c:\windows\24535trzj792.dll
c:\windows\52869pzrse2534.bin
c:\windows\51525zoj791.exe
c:\windows\30559s5y1a5z.exe
c:\windows\z529spyware22025.bin
c:\windows\system32\46f0vi95637z.bin
c:\windows\system32\54d7spywar911z5.exe
c:\windows\398v9ru52dz.bin
c:\windows\system32\z1d5download9r2980.exe
c:\windows\system32\98z9spamb597ba.bin
c:\windows\255955py99z.bin
c:\windows\system32\583a9zr2554.exe
c:\windows\4e89zhreat21625.dll
C:\Program Files\uTorrent
Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

please help win soft blue

descriptionplease help win soft blue11th May 2009, 9:39 am

descriptionRe: please help win soft blue11th May 2009, 12:03 pm

descriptionlog file12th May 2009, 12:18 pm

descriptionRe: please help win soft blue13th May 2009, 11:58 am

descriptiondds.txt 113th May 2009, 1:20 pm

descriptionRe: please help win soft blue13th May 2009, 1:21 pm

descriptionRe: please help win soft blue13th May 2009, 1:26 pm

descriptionRe: please help win soft blue