WiredWX Hobby Weather ToolsLog in

 


descriptionI'm in Winbluesoft HELL!!!! - Page 2 EmptyRe: I'm in Winbluesoft HELL!!!!

more_horiz
=============== Created Last 30 ================

2009-06-12 07:34 3,060 a------- c:\windows\system32\4d39parse272z5.ocx
2009-06-12 04:54 14,272 a------- c:\windows\system32\59z05ir431.ocx
2009-06-10 13:09 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-10 13:09 696,832 a------- c:\windows\system32\localspl.dll
2009-06-09 09:59 --d----- c:\windows\pss
2009-06-08 19:47 --d----- c:\program files\Trend Micro
2009-06-08 18:56 --d----- c:\program files\Enigma Software Group
2009-06-08 11:32 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-08 11:32 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-08 11:32 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-08 11:32 --d----- c:\program files\common files\PC Tools
2009-06-08 11:32 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-08 11:31 --d----- c:\users\lance\appdata\roaming\PC Tools
2009-06-08 11:31 --d----- c:\programdata\PC Tools
2009-06-08 11:31 --d----- c:\program files\Spyware Doctor
2009-06-08 11:31 --d----- c:\progra~2\PC Tools
2009-06-08 11:17 --d----- c:\users\lance\appdata\roaming\Malwarebytes
2009-06-08 06:28 15,094 a------- c:\windows\5159zownloader2366.dll
2009-06-07 20:45 a-d----- c:\programdata\TEMP
2009-06-07 20:33 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-06-07 20:08 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 20:07 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-07 20:07 --d----- c:\programdata\Malwarebytes
2009-06-07 20:07 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-07 20:07 --d----- c:\progra~2\Malwarebytes
2009-06-07 20:01 --d----- c:\users\lance\appdata\roaming\IObit
2009-06-07 20:01 --d----- c:\program files\IObit
2009-06-07 16:20 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-07 16:20 --d----- c:\programdata\Avira
2009-06-07 16:20 --d----- c:\program files\Avira
2009-06-07 16:20 --d----- c:\progra~2\Avira
2009-06-06 04:45 16,662 a------- c:\windows\4f18back5oor25z39.exe
2009-06-06 02:54 13,684 a------- c:\windows\396dspywzr519829.bin
2009-06-05 16:19 4 a------- c:\windows\system32\gxvxccount
2009-06-05 16:07 6,368 a------- c:\windows\5609ziru536d9.exe
2009-06-05 15:15 10,139 a------- c:\windows\15014not-a-vz9us4d.ocx
2009-06-04 22:19 --d----- c:\program files\VirtualDJ
2009-06-04 08:06 12,292 a------- c:\windows\system32\6499zir11615.cpl
2009-06-04 03:48 6,647 a------- c:\windows\system32\587ztr5j589.exe
2009-06-04 00:50 9,873 a------- c:\windows\5b9ath5ez99.exe
2009-06-03 18:35 --d----- c:\users\lance\appdata\roaming\YouSendIt
2009-06-03 18:33 --d----- c:\program files\YouSendIt
2009-06-03 18:31 --d----- c:\windows\Downloaded Installations
2009-06-02 20:51 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-01 18:42 --d----- c:\users\lance\appdata\roaming\LimeWire
2009-06-01 11:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-01 08:51 --d----- c:\program files\Counter-Strike 1.6
2009-06-01 03:09 2,743 a------- c:\windows\595aszeal627.bin
2009-05-28 18:10 18,146 a------- c:\windows\7f5fbackzoor22509.ocx
2009-05-28 10:35 -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 10:35 -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 10:35 --d----- c:\programdata\Lavasoft
2009-05-28 10:35 --d----- c:\program files\Lavasoft
2009-05-28 01:31 15,637 a------- c:\windows\system32\109zbackdoo5401.cpl
2009-05-27 20:52 17,368 a------- c:\windows\16885s9amboz318.ocx
2009-05-26 11:05 14,420 a------- c:\windows\system32\5130thizf1890.cpl
2009-05-26 03:00 --d----- c:\program files\MSXML 4.0
2009-05-26 02:04 11,927 a------- c:\windows\system32\dz9ad5wa9e94.exe
2009-05-25 14:01 --d----- c:\programdata\AVSVideoBurner
2009-05-25 14:01 --d----- c:\progra~2\AVSVideoBurner
2009-05-25 12:54 --d----- c:\users\lance\appdata\roaming\AVS4YOU
2009-05-25 12:54 --d----- c:\programdata\AVS4YOU
2009-05-25 12:54 --d----- c:\progra~2\AVS4YOU
2009-05-25 12:48 --d----- c:\program files\common files\AVSMedia
2009-05-25 12:47 974,848 a------- c:\windows\system32\mfc70.dll
2009-05-25 12:47 487,424 a------- c:\windows\system32\msvcp70.dll
2009-05-25 12:47 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-05-25 12:47 --d----- c:\program files\AVS4YOU
2009-05-24 12:41 --d----- c:\programdata\Ahead
2009-05-24 12:37 --d----- c:\programdata\Nero
2009-05-24 12:37 --d----- c:\program files\Nero
2009-05-24 12:37 --d----- c:\progra~2\Nero
2009-05-24 12:18 --d----- c:\program files\AskTBar
2009-05-23 12:49 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-23 12:49 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-23 12:49 --d----- c:\program files\iPod
2009-05-23 12:49 --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-23 12:49 --d----- c:\program files\iTunes
2009-05-23 12:49 --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-23 04:23 16,296 a------- c:\windows\system32\69z7d5wnloader695.cpl
2009-05-22 23:20 18,417 a------- c:\windows\system32\20104troz509.ocx
2009-05-22 17:53 12,737 a------- c:\windows\system32\29225s59166z.dll
2009-05-22 12:51 12,080 a------- c:\windows\6648zte9l1155.bin
2009-05-20 06:54 15,313 a------- c:\windows\system32\3607s5y9are240z.exe
2009-05-19 05:32 6,184 a------- c:\windows\system32\1zed9ackdoor5708.cpl
2009-05-16 11:23 17,616 a------- c:\windows\system32\3835spy90z.cpl
2009-05-15 15:10 11,096 a------- c:\windows\51234spy29ez.exe
2009-05-15 11:43 3,071 a------- c:\windows\52651not-a-v9rus12z.dll
2009-05-15 05:31 4,702 a------- c:\windows\936a5dware1673z.ocx
2009-05-15 04:21 12,969 a------- c:\windows\ba5downloa9er5z9.ocx

==================== Find3M ====================

2009-06-06 18:50 15,195 a------- c:\windows\system32\958znot-a-viru563b.bin
2009-05-13 00:00 16,374 a------- c:\windows\system32\198ba5kdoor2543z.exe
2009-05-10 03:34 6,620 a------- c:\windows\5814s9eal31z0.dll
2009-05-10 00:19 11,907 a------- c:\windows\system32\504ez9ief1186.dll
2009-05-08 12:27 7,583 a------- c:\windows\259z6troj371.exe
2009-05-08 06:11 12,324 a------- c:\windows\system32\z5535ir309.dll
2009-05-07 16:03 3,435 a------- c:\windows\system32\156azir3091.bin
2009-05-05 11:36 3,148 a------- c:\windows\system32\z16929r5j5fd.dll
2009-05-05 08:51 15,446 a------- c:\windows\295zhackto5l9a2.dll
2009-05-03 20:17 6,406 a------- c:\windows\954fdownloader3039z.dll
2009-05-03 12:20 9,770 a------- c:\windows\2999trz52be.dll
2009-04-30 20:55 3,255 a------- c:\windows\system32\z959vi9us43b5.bin
2009-04-27 18:20 3,611 a------- c:\windows\58169troj20z.bin
2009-04-24 22:34 7,061 a------- c:\windows\system32\5924szeal5609.dll
2009-04-24 12:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 12:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 12:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 12:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 12:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 09:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 08:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-24 07:56 17,028 a------- c:\windows\25974n9t-a-virzsc5.exe
2009-04-23 09:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:23 10,304 a------- c:\windows\system32\65zbadd5are29909.exe
2009-04-20 18:22 3,917 a------- c:\windows\system32\993955irus3e8z.bin
2009-04-20 16:21 16,411 a------- c:\windows\system32\3e37spa5s92697z.bin
2009-04-20 08:55 2,573 a------- c:\windows\system32\815zac9toolb.bin
2009-04-19 10:09 5,587 a------- c:\windows\system32\1094szambot485.dll
2009-04-16 03:09 7,530 a------- c:\windows\1454addzare2996.dll
2009-04-08 22:13 18,408 a------- c:\windows\15692trojza59.dll
2009-04-06 08:48 5,765 a------- c:\windows\14543viru96d5z.dll
2009-04-01 16:12 5,657 a------- c:\windows\system32\7dbspyw5re238z9.dll
2009-04-01 06:22 5,301 a------- c:\windows\system32\9896sparse5846z.dll
2009-04-01 04:55 9,471 a------- c:\windows\system32\4480zpy5cf9.bin
2009-03-25 19:39 10,009 a------- c:\windows\system32\24659zroj1539.bin
2009-03-24 13:39 14,870 a------- c:\windows\6509threzt21988.bin
2009-03-24 06:55 14,046 a------- c:\windows\1791addzare5691.exe
2009-03-23 08:30 16,931 a------- c:\windows\d0z9teal2537.bin
2009-03-22 16:59 8,576 a------- c:\windows\65199pywar52724z.bin
2009-03-20 09:30 3,423 a------- c:\windows\system32\45f5zpyware549.dll
2009-03-20 08:04 3,134 a------- c:\windows\6zdb59wnloader408.bin
2009-03-20 01:51 15,126 a------- c:\windows\50e9tz5e9563.exe
2009-03-19 22:48 5,124 a------- c:\windows\system32\58065o9mz12.dll
2009-03-16 23:16 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:16 14,848 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:16 25,600 a------- c:\windows\system32\amxread.dll
2009-03-14 10:37 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-14 10:37 86,016 a------- c:\windows\inf\infstor.dat
2009-03-14 10:37 51,200 a------- c:\windows\inf\infpub.dat
2008-12-18 22:23 174 a--sh--- c:\program files\desktop.ini
2008-06-11 09:04 665,600 a------- c:\windows\inf\drvindex.dat
2007-11-23 02:49 32 a------- c:\programdata\ezsid.dat
2007-11-23 02:49 32 a------- c:\progra~2\ezsid.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:07:53.58 ===============

descriptionI'm in Winbluesoft HELL!!!! - Page 2 EmptyRe: I'm in Winbluesoft HELL!!!!

more_horiz
Hello.
You are still infected.

  • Download combofix from here
    Link 1
    Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

I'm in Winbluesoft HELL!!!! - Page 2 CF_download_FF

I'm in Winbluesoft HELL!!!! - Page 2 CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV. (Avira/Ad-watch)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum