please help win soft blue

View previous topic View next topic Go down

please help win soft blue

Post by gogetanico on 11th May 2009, 9:39 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.23.55, on 11/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\oodag.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SonicWALL\SonicWALL Anti-Spam Desktop\mantispm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\setup2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\Nicola\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Nicola\Desktop\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Disattivazione del cookie per la pubblicità - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\SonicWALL\SonicWALL Anti-Spam Desktop\mantispm.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\Windows\system32\rundll83.exe
O4 - HKCU\..\Run: [nvd32_r] rundll32.exe "C:\Users\Nicola\AppData\Roaming\unobi.dll" s
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\ProgramData\proto.dll" run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKCU\..\Run: [Lsass Service] C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\lsass.exe
O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\Windows\system32\rundll83.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA76E85C-10C5-4E9D-9291-779BE0E2FDD8}: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Servizio di Google Update (gupdate1c9b9696dace39f) (gupdate1c9b9696dace39f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13870 bytes

gogetanico
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-05-11
OS OS : Vista
Points Points : 27696
# Likes # Likes : 0

View user profile

Back to top Go down

Re: please help win soft blue

Post by Belahzur on 11th May 2009, 12:03 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
    O4 - HKCU\..\Run: [Hotfix-KB5504305] C:\Windows\system32\rundll83.exe
    O4 - HKCU\..\Run: [nvd32_r] rundll32.exe "C:\Users\Nicola\AppData\Roaming\unobi.dll" s
    O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\ProgramData\proto.dll" run
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    O4 - HKCU\..\Run: [Lsass Service] C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\lsass.exe
    O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\Windows\system32\rundll83.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EA76E85C-10C5-4E9D-9291-779BE0E2FDD8}: NameServer = 85.255.112.149,85.255.112.214
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

log file

Post by gogetanico on 12th May 2009, 12:18 pm

Malwarebytes' Anti-Malware 1.36
Versione del database: 2114
Windows 6.0.6001 Service Pack 1

12/05/2009 14.03.58
mbam-log-2009-05-12 (14-03-58).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 203249
Tempo trascorso: 1 hour(s), 42 minute(s), 25 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 2
Elementi dato del registro infetti: 1
Cartelle infette: 2
File infetti: 11

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\WiniBlueSoft (Rogue.WiniBlue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DigitalLabs (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalLabs (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvd32_r (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\lsa\Hotfix-KB5504305 (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ea76e85c-10c5-4e9d-9291-779be0e2fdd8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.149,85.255.112.214 -> Quarantined and deleted successfully.

Cartelle infette:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigitalLabs (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DigitalLabs (Trojan.DNSChanger) -> Quarantined and deleted successfully.

File infetti:
C:\Program Files\Alcohol Soft\Alcohol 120\patch_ssc.exe (Trojan.Patch) -> Quarantined and deleted successfully.
C:\Program Files\DigitalLabs\Uninstall.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\2A64.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Local\Temp\setup2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\setup2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Book\mssDc2[2].dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigitalLabs\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Nicola\AppData\Roaming\unobi.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxcirodlxmxkqqhedxypnpnulxrbccyxtsr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

gogetanico
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-05-11
OS OS : Vista
Points Points : 27696
# Likes # Likes : 0

View user profile

Back to top Go down

Re: please help win soft blue

Post by Belahzur on 13th May 2009, 11:58 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

dds.txt 1

Post by gogetanico on 13th May 2009, 1:20 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Nicola at 15.13.58,04 on 13/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2046.923 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\oodag.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SonicWALL\SonicWALL Anti-Spam Desktop\mantispm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Nicola\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\conime.exe
C:\Users\Nicola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSEARCH PAGE = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Disattivazione del cookie per la pubblicità: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Matador] "c:\progra~1\sonicwall\sonicwall anti-spam desktop\mantispm.exe" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Acer Tour Reminder]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll



continue

gogetanico
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-05-11
OS OS : Vista
Points Points : 27696
# Likes # Likes : 0

View user profile

Back to top Go down

Re: please help win soft blue

Post by gogetanico on 13th May 2009, 1:21 pm

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-9 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-10 114768]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-10-11 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-8-14 50688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-10 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-10 51792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-9 348752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-8-14 43008]
S2 gupdate1c9b9696dace39f;Servizio di Google Update (gupdate1c9b9696dace39f);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-14 179712]

=============== Created Last 30 ================

2009-05-12 16:07 3,273 a------- c:\windows\system32\1fd6dow9loa5er2080z.ocx
2009-05-12 12:18 --d----- c:\users\nicola\appdata\roaming\Malwarebytes
2009-05-12 12:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-12 12:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 12:18 --d----- c:\programdata\Malwarebytes
2009-05-12 12:18 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-12 12:18 --d----- c:\progra~2\Malwarebytes
2009-05-09 15:14 --d----- c:\program files\common files\PC Tools
2009-05-09 15:14 --d----- c:\users\nicola\appdata\roaming\PC Tools
2009-05-09 15:14 --d----- c:\programdata\PC Tools
2009-05-09 15:14 --d----- c:\program files\Spyware Doctor
2009-05-09 15:14 --d----- c:\progra~2\PC Tools
2009-05-09 13:08 --d----- c:\program files\a-squared Free
2009-05-09 08:17 17,511 a------- c:\windows\4z9ste59484.dll
2009-05-09 00:23 8,925 a------- c:\windows\69e2z9reat4505.dll
2009-05-08 18:58 3,894 a------- c:\windows\system32\13994zr5j476.dll
2009-05-07 06:05 13,342 a------- c:\windows\system32\25330sz9127.bin
2009-05-05 02:59 12,290 a------- c:\windows\system32\458b9pyw5rz2745.cpl
2009-05-05 00:41 12,121 a------- c:\windows\system32\92z9n9t-a-virus54.exe
2009-05-04 13:30 100,700 a---h--- c:\windows\system32\mlfcache.dat
2009-05-04 12:21 9,677 a------- c:\windows\56259azktoolfa.exe
2009-05-03 21:48 --d----- c:\program files\ACER Crystal Eye webcam
2009-05-03 00:38 14,731 a------- c:\windows\system32\4c5dz5d9are780.dll
2009-05-02 14:52 3,151 a------- c:\windows\52cb9ckdoor208z.exe
2009-05-02 00:29 16,993 a------- c:\windows\14z95spy296.dll
2009-04-28 07:50 13,153 a------- c:\windows\system32\25420spamb5z259.ocx
2009-04-28 02:58 9,950 a------- c:\windows\system32\7b94vi95z66.cpl
2009-04-23 18:28 5,462 a------- c:\windows\system32\92z37wor5203.exe
2009-04-23 14:49 8,571 a------- c:\windows\2391downloadzr2755.ocx
2009-04-22 15:19 10,723 a------- c:\windows\system32\5df6th9ezt16855.cpl
2009-04-21 09:27 2,823 a------- c:\windows\65fdspy5arez960.cpl
2009-04-21 05:44 13,344 a------- c:\windows\system32\17498zi9us454.dll
2009-04-19 12:21 6,831 a------- c:\windows\7594addwzre1639.dll
2009-04-18 05:30 13,033 a------- c:\windows\system32\z276viru5913.exe
2009-04-17 20:59 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-04-17 20:59 --d----- c:\users\nicola\appdata\roaming\TuneUp Software
2009-04-17 20:59 --d----- c:\programdata\TuneUp Software
2009-04-17 20:59 --d----- c:\program files\TuneUp Utilities 2009
2009-04-17 20:59 --d----- c:\progra~2\TuneUp Software
2009-04-17 20:58 --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-17 20:58 --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-17 16:34 84,480 a------- c:\windows\system32\ff_vfw.dll
2009-04-17 16:34 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-04-17 16:34 --d----- c:\program files\ffdshow
2009-04-16 16:32 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-16 16:32 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-16 16:32 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-16 16:32 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-16 16:32 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-04-16 16:32 551,424 a------- c:\windows\system32\rpcss.dll
2009-04-16 01:48 --d----- c:\users\nicola\DvD
2009-04-14 18:38 109,822 a------- c:\windows\system32\oodbs.lor
2009-04-14 12:32 174 a------- c:\windows\game.ini
2009-04-14 10:16 --d----- c:\windows\system32\oodag
2009-04-14 10:06 --d----- c:\program files\OO Software
2009-04-14 09:47 --d----- c:\program files\Alcohol Soft
2009-04-14 09:44 715,248 a------- c:\windows\system32\drivers\sptd.sys
2009-04-14 09:41 --d----- c:\users\nicola\appdata\roaming\IDM
2009-04-14 09:41 --d----- c:\users\nicola\appdata\roaming\DMCache
2009-04-14 09:41 --d----- c:\program files\Internet Download Manager
2009-04-14 00:54 --d----- c:\program files\MegaLink
2009-04-14 00:49 --d----- c:\programdata\ConeXware
2009-04-14 00:49 --d----- c:\progra~2\ConeXware
2009-04-14 00:31 --d----- c:\users\nicola\appdata\roaming\FDRLab

==================== Find3M ====================

2009-05-13 14:57 662,846 a------- c:\windows\system32\perfh010.dat
2009-05-13 14:57 120,326 a------- c:\windows\system32\perfc010.dat
2009-05-13 14:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-13 14:55 51,200 a------- c:\windows\inf\infpub.dat
2009-05-12 12:20 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-08 21:10 101,990 a------- c:\users\nicola\appdata\roaming\nvModes.dat
2009-04-13 02:11 13,073 a------- c:\windows\4b0a9pywaze2758.dll
2009-04-10 12:40 5,837 a------- c:\windows\system32\90957spzmbot2d5.dll
2009-04-10 10:32 2,625 a------- c:\windows\system32\92546zpy1a2.exe
2009-04-09 23:41 86,016 a------- c:\windows\inf\infstor.dat
2009-04-09 21:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-08 21:53 13,940 a------- c:\windows\system32\1995stezl17919.exe
2009-04-05 13:46 5,481 a------- c:\windows\7859virz265.dll
2009-04-02 05:46 4,532 a------- c:\windows\system32\2816spyz5re1509.dll
2009-04-01 23:56 10,781 a------- c:\windows\4d3es9azse4125.exe
2009-03-26 17:35 210,352 a------- c:\windows\system32\idmmbc.dll
2009-03-26 16:41 6,500 a------- c:\windows\system32\1235ztr9j717.dll
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-24 08:38 13,378 a------- c:\windows\system32\8z2troj593.bin
2009-03-23 05:19 10,241 a------- c:\windows\14956nzt-a-virus1e15.bin
2009-03-20 17:11 3,389 a------- c:\windows\system32\6bfbv9z555.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 00:05 14,650 a------- c:\windows\6105az5w9re863.exe
2009-03-17 07:24 9,627 a------- c:\windows\system32\b57spazse2097.bin
2009-03-17 05:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 05:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 05:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-16 17:32 10,921 a------- c:\windows\27361v9zus61a5.bin
2009-03-16 13:16 5,849 a------- c:\windows\system32\1z264not-a-viru5189.dll
2009-03-15 14:15 7,094 a------- c:\windows\24535trzj792.dll
2009-03-14 17:37 13,121 a------- c:\windows\52869pzrse2534.bin
2009-03-12 00:43 13,350 a------- c:\windows\51525zoj791.exe
2009-03-09 17:18 13,108 a------- c:\windows\30559s5y1a5z.exe
2009-03-08 05:32 17,912 a------- c:\windows\z529spyware22025.bin
2009-03-06 23:46 3,722 a------- c:\windows\system32\46f0vi95637z.bin
2009-03-03 06:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 06:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 06:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 06:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 06:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 06:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 06:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 05:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 04:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 04:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-03-01 13:30 12,401 a------- c:\windows\system32\54d7spywar911z5.exe
2009-02-28 20:57 6,096 a------- c:\windows\398v9ru52dz.bin
2009-02-25 21:59 1,316,096 a------- c:\windows\system32\ooscrsav.scr
2009-02-25 21:59 730,368 a------- c:\windows\system32\oodsvct.exe
2009-02-25 21:59 1,352,960 a------- c:\windows\system32\oodag.exe
2009-02-25 21:58 2,553,088 a------- c:\windows\system32\oodtray.exe
2009-02-25 21:57 194,816 a------- c:\windows\system32\oodbs.exe
2009-02-25 21:53 951,552 a------- c:\windows\system32\oodtrrs.dll
2009-02-25 21:53 541,952 a------- c:\windows\system32\oodssrs.dll
2009-02-25 21:53 9,984 a------- c:\windows\system32\oodbsrs.dll
2009-02-25 21:53 8,448 a------- c:\windows\system32\OODAGRS.DLL
2009-02-25 21:52 15,616 a------- c:\windows\system32\OODAGMG.DLL
2009-02-23 20:03 15,104 a------- c:\windows\system32\ootmapi.dll
2009-02-20 21:40 7,326 a------- c:\windows\system32\z1d5download9r2980.exe
2009-02-17 22:16 5,031 a------- c:\windows\system32\98z9spamb597ba.bin
2009-02-16 16:32 5,933 a------- c:\windows\255955py99z.bin
2009-02-14 23:37 16,492 a------- c:\windows\system32\583a9zr2554.exe
2009-02-14 19:12 3,405 a------- c:\windows\4e89zhreat21625.dll
2009-02-13 10:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 10:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-02 15:19 174 a--sh--- c:\program files\desktop.ini
2009-02-02 15:08 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-06 03:48 36,614 a------- c:\windows\inf\perflib\0410\perfd.dat
2006-11-06 03:48 331,172 a------- c:\windows\inf\perflib\0410\perfi.dat
2006-11-06 03:48 331,172 a------- c:\windows\inf\perflib\0410\perfh.dat
2006-11-06 03:48 36,614 a------- c:\windows\inf\perflib\0410\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15.15.00,69 ===============

gogetanico
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-05-11
OS OS : Vista
Points Points : 27696
# Likes # Likes : 0

View user profile

Back to top Go down

Re: please help win soft blue

Post by Belahzur on 13th May 2009, 1:26 pm

Hello.

I see that you are running uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If uTorrent is not removed, then I won't help you.

If you choose to follow my recommendation then follow these instructions.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following programs:

    uTorrent
    Java 6 Update 7

  • Click on the Uninstall/Change button at the top.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\1fd6dow9loa5er2080z.ocx
    c:\windows\4z9ste59484.dll
    c:\windows\69e2z9reat4505.dll
    c:\windows\system32\13994zr5j476.dll
    c:\windows\system32\25330sz9127.bin
    c:\windows\system32\458b9pyw5rz2745.cpl
    c:\windows\system32\92z9n9t-a-virus54.exe
    c:\windows\system32\mlfcache.dat
    c:\windows\56259azktoolfa.exe
    c:\windows\system32\4c5dz5d9are780.dll
    c:\windows\52cb9ckdoor208z.exe
    c:\windows\14z95spy296.dll
    c:\windows\system32\25420spamb5z259.ocx
    c:\windows\system32\7b94vi95z66.cpl
    c:\windows\system32\92z37wor5203.exe
    c:\windows\2391downloadzr2755.ocx
    c:\windows\system32\5df6th9ezt16855.cpl
    c:\windows\65fdspy5arez960.cpl
    c:\windows\system32\17498zi9us454.dll
    c:\windows\7594addwzre1639.dll
    c:\windows\system32\z276viru5913.exe
    c:\windows\4b0a9pywaze2758.dll
    c:\windows\system32\90957spzmbot2d5.dll
    c:\windows\system32\92546zpy1a2.exe
    c:\windows\system32\1995stezl17919.exe
    c:\windows\7859virz265.dll
    c:\windows\system32\2816spyz5re1509.dll
    c:\windows\4d3es9azse4125.exe
    c:\windows\system32\1235ztr9j717.dll
    c:\windows\system32\8z2troj593.bin
    c:\windows\14956nzt-a-virus1e15.bin
    c:\windows\system32\6bfbv9z555.dll
    c:\windows\6105az5w9re863.exe
    c:\windows\system32\b57spazse2097.bin
    c:\windows\27361v9zus61a5.bin
    c:\windows\system32\1z264not-a-viru5189.dll
    c:\windows\24535trzj792.dll
    c:\windows\52869pzrse2534.bin
    c:\windows\51525zoj791.exe
    c:\windows\30559s5y1a5z.exe
    c:\windows\z529spyware22025.bin
    c:\windows\system32\46f0vi95637z.bin
    c:\windows\system32\54d7spywar911z5.exe
    c:\windows\398v9ru52dz.bin
    c:\windows\system32\z1d5download9r2980.exe
    c:\windows\system32\98z9spamb597ba.bin
    c:\windows\255955py99z.bin
    c:\windows\system32\583a9zr2554.exe
    c:\windows\4e89zhreat21625.dll
    C:\Program Files\uTorrent


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum