Yet another Win Blue Problem

Win Blue won't let me run any programs while I am not in safe mode. I can't open my task manager, run HijackThis, DDS, Malwarebytes Anti-Malware or Avenger. I have run these programs in safe mode and cleaned some Win Blue stuff up but that has not helped outside safe mode. In addition my computer seems to reboot after a certain amount of time.

My desktop background has been hijacked by a warning that my computer is infected with spyware and there is no option to change it under Control Panel - Personalize. I can't open the control panel directly but I can by opening personalize with a right click on my desktop and then navigating to it using the directory structure.

BTW I am typing this in parts worried about a reboot. I am running Vista Ultimate Service Pack 1.

Hello.
Try this.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  [Version]
  Signature=$CHICAGO$
  
  [DefaultInstall]
  AddReg=Del.Settings
  
  [Del.Settings]
  HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,setup2.exe,0x00000000
  HKLM,software\microsoft\windows\currentVersion\Run,WinBlueSoft,0x00000000
  HKU,DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run,setup2.exe,0x00000000
  HKLM,software\microsoft\windows nt\currentversion\windows,AppInit_DLLs,0x00000000
  
  

  
  
• Save this as fixreg.inf, save it to your desktop.
  
• Right click fixreg.inf and select install.
  

Then reboot, let me know if you can run any exe file now.

I created the file in safe mode but the installation failed while in safe mode.

I then tried to install it in regular mode but it did not seem to do anything. It looked to me like it would not install just like it would not run an exe file. I did reboot and I still can't run exe files.

Hello.
I want to try this.

Now open a new notepad file.
Input this into the notepad file:

@echo off
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows /v AppInit_DLLs /t REG_SZ /d "" /f
del fix.bat
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

The .bat file ran (it deleted itself). But I still could not install the .inf file afterwards. Neither could I run any programs afterwards.

However in safe mode the .bat file ran and then I could install the .inf file which I could not before.

Since I can not do anything except in safe mode I thought I would post a HijackThis log in my next post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:51 PM, on 6/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RandMAC] C:\Program Files\MadMACs1.2\MadMACs\MadMACs.exe doittoit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6085 bytes

Can yuo try to Run this tool in Safe Mode,

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix warned that I was running AVG, and I do have AVG 8.5 installed. However there is no AVG icon on the taskbar in safe mode. In addition I could not see AVG as an application or process in task manager. I decided to go ahead anyway. The following is the ComboFix.txt file contents.

ComboFix 09-06-01.03 - sean 06/02/2009 20:04.1 - NTFSx86 NETWORK
Microsoft Windows Vista Ultimate 6.0.6001.1.1252.1.1033.18.3326.2808 [GMT -7:00]
Running from: c:\users\sean\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10259notza-virus39e.bin
c:\windows\103969z5m7da.cpl
c:\windows\105bac5dozr3091.ocx
c:\windows\10736vir9z545.dll
c:\windows\10901hacktool53z9.bin
c:\windows\10953hzcktool2f39.exe
c:\windows\109aspzrse18495.exe
c:\windows\11152spzmbot679.dll
c:\windows\11519vi9uz555.exe
c:\windows\11710not-z9v5rus510.cpl
c:\windows\12195no9-a-virus11z.ocx
c:\windows\131z8s5ambo91f.bin
c:\windows\13791spamzot50.dll
c:\windows\14475not-z-virus5929.exe
c:\windows\145z2troj49c.exe
c:\windows\14779zot-a-v5rus982.ocx
c:\windows\149bthrea5117z8.exe
c:\windows\15099zot-a-9irus3d3.cpl
c:\windows\15134hazktool5249.exe
c:\windows\15521zpy9f8.exe
c:\windows\155559py70z.ocx
c:\windows\15567noz-a-vir9s4f8.ocx
c:\windows\15580tro947az.exe
c:\windows\15674zackto9l45d.bin
c:\windows\1589s9y69z.exe
c:\windows\15994spz2f3.exe
c:\windows\16142v9rusz365.dll
c:\windows\165zvir19455.cpl
c:\windows\1674do9n5oader6z1.bin
c:\windows\16925zi9us565.ocx
c:\windows\1757st5a9z889.exe
c:\windows\1759threat532z5.exe
c:\windows\17c0zow9loa5er788.cpl
c:\windows\17eddo9nlo5der10z9.ocx
c:\windows\18316virz94cd5.exe
c:\windows\18533nzt-9-vi5us3a2.ocx
c:\windows\1893ztro51b79.ocx
c:\windows\18z0tr593b6.cpl
c:\windows\19005vzrus5a9.exe
c:\windows\19195not-a-virus574z.bin
c:\windows\19215hacktzol47f9.dll
c:\windows\19254hazktool5c09.cpl
c:\windows\192fspzrse2157.ocx
c:\windows\19468tzoj452.exe
c:\windows\195fdowzloa95r2209.bin
c:\windows\195spa9botza8.dll
c:\windows\195z1wor5163.dll
c:\windows\19606wo5m3z8.dll
c:\windows\19630vir5sz13.cpl
c:\windows\1964sp5mboz329.exe
c:\windows\19920tr9z5a6.cpl
c:\windows\19995zr9j552.cpl
c:\windows\19a9vzr1505.exe
c:\windows\1b145tza91674.exe
c:\windows\1b20v5rz90.cpl
c:\windows\1d19spywa5z18429.cpl
c:\windows\1d389ddwaz51408.dll
c:\windows\1e36t9iefz529.exe
c:\windows\1eczspy59re1842.cpl
c:\windows\1f9szarse1965.dll
c:\windows\1z589ownloader179.bin
c:\windows\1z916hacktoo9ea5.cpl
c:\windows\203089a5ktoolzeb.bin
c:\windows\2094zviru5790.dll
c:\windows\21729vi9uz5cc5.dll
c:\windows\21803szy5b9.exe
c:\windows\22756wor9752z.cpl
c:\windows\23295spz569.bin
c:\windows\2347z5dw9re2301.ocx
c:\windows\24192wz5m45f.ocx
c:\windows\24257troj7zd9.ocx
c:\windows\24549notza-virus59c.cpl
c:\windows\247z9hacktool15e.ocx
c:\windows\24c2thi951z47.bin
c:\windows\24z34h9cktool52b.dll
c:\windows\24z98w59m6e2.bin
c:\windows\25002vir9sze5.dll
c:\windows\25117spam9ot659z.exe
c:\windows\25176s5am9oz7e.ocx
c:\windows\25183zirus6989.cpl
c:\windows\25376not-9-viruz355.bin
c:\windows\2555stea9234z.bin
c:\windows\25631s5ambzt469.exe
c:\windows\25741h5zktoo937d.exe
c:\windows\25840v9rusz26.bin
c:\windows\25925hzckto5l7b4.dll
c:\windows\25a59pyware1959z.exe
c:\windows\25z97worm49d.cpl
c:\windows\26635hacz9ool3675.dll
c:\windows\26849viz5s7b9.bin
c:\windows\26973tr9j5cz.exe
c:\windows\26d8addwaze95105.dll
c:\windows\26z82vi5us349.bin
c:\windows\27598n9t-a-vzrus738.exe
c:\windows\27999hac9t5olzaf.exe
c:\windows\2830795z726.cpl
c:\windows\28761zot-a5vir9s436.bin
c:\windows\287949zambo561f.cpl
c:\windows\28905hzckt9ol6365.bin
c:\windows\28ces59warz374.bin
c:\windows\29385tr9j759z.cpl
c:\windows\295th9ef1z45.ocx
c:\windows\29c3zhreat19253.cpl
c:\windows\29c6spar9ez925.exe
c:\windows\29z78vi9us55f.cpl
c:\windows\29ze9teal3005.ocx
c:\windows\2a59down5oazer1259.dll
c:\windows\2a9zth5ea91978.dll
c:\windows\2aa4addz5r9439.exe
c:\windows\2bee5hr9at18189z.cpl
c:\windows\2c46backd5or4z19.ocx
c:\windows\2c84spazse5984.exe
c:\windows\2e42backzo592507.dll
c:\windows\2e59szyware2445.dll
c:\windows\2z4spamb5t925.dll
c:\windows\2za95ddware1324.exe
c:\windows\2zc2vir13595.exe
c:\windows\30259zpamb5t67c9.cpl
c:\windows\3049z5ot-a-virus6f4.ocx
c:\windows\30972spambot52cz.cpl
c:\windows\30c9virz453.exe
c:\windows\31390zirus754.cpl
c:\windows\31805troj2z59.cpl
c:\windows\31864z9rm555.ocx
c:\windows\31888not-9-vir5s1ez.cpl
c:\windows\31939not-a-ziru54e5.dll
c:\windows\31955noz-a-virus459.exe
c:\windows\319czpar5e3005.cpl
c:\windows\31azspa9se22735.dll
c:\windows\31z49wor54bd.ocx
c:\windows\32257spazbo9231.dll
c:\windows\32391wzrm5985.bin
c:\windows\32536vi5uz9c5.exe
c:\windows\3259zteal3074.dll
c:\windows\325z3n9t-a-virus5295.cpl
c:\windows\3270zpamb9t55f.dll
c:\windows\329z4hackto5l3be.bin
c:\windows\34099hrea519z95.cpl
c:\windows\34z9sp5556.cpl
c:\windows\3553spa5se9z26.ocx
c:\windows\355d9ownloader765z.bin
c:\windows\35z39sp97b9.ocx
c:\windows\3651spyzare31429.exe
c:\windows\36a0vir5z69.cpl
c:\windows\36z3vi92155.bin
c:\windows\3760vir2595z.dll
c:\windows\377cs5arze22389.ocx
c:\windows\39189ro5z32.ocx
c:\windows\39975hief2836z.cpl
c:\windows\39b9addwa5z1725.cpl
c:\windows\39c0spar5e1z85.cpl
c:\windows\3a34d5wn9oader288z.ocx
c:\windows\3ab5ba9k5ozr1852.cpl
c:\windows\3b39sz5rse296.bin
c:\windows\3bf5dowzloader2559.cpl
c:\windows\3e059owzl5ader2045.bin
c:\windows\3z39s5eal42.bin
c:\windows\3z50vir9577.dll
c:\windows\3z59not-a-5irus5f09.cpl
c:\windows\3z64dow95oader1649.cpl
c:\windows\3z76th9ef3544.bin
c:\windows\407d9ack5oor460z.ocx
c:\windows\41bzdownloa5er2739.bin
c:\windows\4267not-a-95rus3z3.cpl
c:\windows\42795zrm542.exe
c:\windows\4359downz9ader730.dll
c:\windows\45e2addwarz9775.ocx
c:\windows\45z0tro965a.ocx
c:\windows\4672steaz28459.dll
c:\windows\46b25ackd9orz395.bin
c:\windows\47559ir5z652.ocx
c:\windows\4909doznloader2735.cpl
c:\windows\4926hack59ol2zf.dll
c:\windows\4930ad5ware2z23.exe
c:\windows\4948spars5181z.ocx
c:\windows\496bth5ef221z.bin
c:\windows\49b3addwaze2505.bin
c:\windows\4b09threa9812z5.ocx
c:\windows\4bb49zr5at13949.dll
c:\windows\4c51s9ywaze1866.dll
c:\windows\4d085ddware9225z.exe
c:\windows\4d94steal56z9.bin
c:\windows\4dz9vir9549.bin
c:\windows\4fz29ddware1858.exe
c:\windows\5050thr9at319z9.dll
c:\windows\50a6downloader1z49.dll
c:\windows\517z9spam9ot5cd.exe
c:\windows\526dsp5warz3922.exe
c:\windows\5301ztroj489.ocx
c:\windows\5349zworm69e.dll
c:\windows\53560worz319.bin
c:\windows\535adoznloader9205.cpl
c:\windows\535z9ir2949.bin
c:\windows\53cadoznlo9der274.dll
c:\windows\53d85hreat31z98.cpl
c:\windows\5490spazb9t68d.exe
c:\windows\54956sz94c6.bin
c:\windows\5507vizus6f29.ocx
c:\windows\551cbackdoor91z9.exe
c:\windows\564e9pyware31z2.dll
c:\windows\568zstea9185.cpl
c:\windows\56fev9r1z36.bin
c:\windows\56z9steal28505.exe
c:\windows\5712bac95ooz213.ocx
c:\windows\57381spambztd9.ocx
c:\windows\57949worz5e5.exe
c:\windows\57e9stez944.ocx
c:\windows\5894t5oz494.exe
c:\windows\58997spy9zb.dll
c:\windows\5969thzeat10192.dll
c:\windows\596zspywar51391.dll
c:\windows\59755not-a-vir9s2dz.dll
c:\windows\59892wo9m55dz.cpl
c:\windows\5996th9efz1715.exe
c:\windows\59a2steaz891.cpl
c:\windows\59acsp5ware2z43.ocx
c:\windows\59c9viz2648.bin
c:\windows\59z9thief2808.cpl
c:\windows\5aa9baczdoor2566.ocx
c:\windows\5b58downz9ader905.exe
c:\windows\5b6fsp59ze1630.cpl
c:\windows\5b8cthreat91961z.dll
c:\windows\5bz9downloader2598.ocx
c:\windows\5c60zddwar512709.cpl
c:\windows\5cczvir14429.ocx
c:\windows\5czaddwar92525.dll
c:\windows\5e0zbackdo9r1455.exe
c:\windows\5f4caddwzr92959.dll
c:\windows\5z50thie5919.dll
c:\windows\5z87ba9kdoor1743.cpl
c:\windows\605z9teal2469.dll
c:\windows\605ztroj509.dll
c:\windows\6096zddwa5e147.dll
c:\windows\60ds5yware1960z.ocx
c:\windows\61559pzmbot5c9.exe
c:\windows\6343s5arsz13079.dll
c:\windows\6467dow59oadzr1479.cpl
c:\windows\64d3d9wnlo5der10z4.cpl
c:\windows\64z4spy59re1281.ocx
c:\windows\6504download9r131z.dll
c:\windows\65adad9warez107.exe
c:\windows\65bathze51962.dll
c:\windows\6614addwzr53098.cpl
c:\windows\6639zpywa9e1295.ocx
c:\windows\665t5reat2974z.ocx
c:\windows\687t5ie91z0.dll
c:\windows\68addow5zoader915.ocx
c:\windows\68b8sza5se1429.exe
c:\windows\68bz59reat1164.ocx
c:\windows\6913backd5or2355z.exe
c:\windows\6918sp5rse2526z.ocx
c:\windows\694d5hrzat29420.exe
c:\windows\695bspyware29z9.bin
c:\windows\695ddo5nloader22z9.cpl
c:\windows\6bbbzparse2591.dll
c:\windows\6d909pars51z77.bin
c:\windows\6z29thre5t25724.cpl
c:\windows\6z639ot-a-virus3e5.ocx
c:\windows\6z805ir1955.cpl
c:\windows\6zb9thie5672.ocx
c:\windows\6zbcs9e5l993.dll
c:\windows\70d5szyware97425.exe
c:\windows\73fb5azkdoor23959.ocx
c:\windows\7429viz9295.bin
c:\windows\74f2t9reat3051z.ocx
c:\windows\751zvir1393.dll
c:\windows\752aaddzare9285.ocx
c:\windows\754z9ir1486.bin
c:\windows\7566spzw95e1226.bin
c:\windows\756zthi953125.cpl
c:\windows\7588zir9s339.exe
c:\windows\7599spyware200z.dll
c:\windows\7755spz9bot5f4.cpl
c:\windows\77fathrzat5978.ocx
c:\windows\7850spy9are2398z.bin
c:\windows\786495rmz3.cpl
c:\windows\788cdownloz95r400.cpl
c:\windows\78baspars599z.exe
c:\windows\7944z9rea524105.cpl
c:\windows\79z4thr5at14911.dll
c:\windows\7bb5hief1938z.dll
c:\windows\7cb9spzwar91135.cpl
c:\windows\7fefth5eaz181379.dll
c:\windows\8087za5kt9ol4f.ocx
c:\windows\8275owzlo9der968.ocx
c:\windows\837baczdoor2995.bin
c:\windows\8391spz4d5.bin
c:\windows\85zvir25489.cpl
c:\windows\8z50w9rm7b8.dll
c:\windows\90513z5rus556.bin
c:\windows\90zf5ir2599.ocx
c:\windows\91277sz520.bin
c:\windows\915w9zm5d9.exe
c:\windows\91e3backdozr425.ocx
c:\windows\91f4st5zl2812.bin
c:\windows\920athr5at1619z.bin
c:\windows\9263n9t5a-viruz365.cpl
c:\windows\926fbazkdoor32205.dll
c:\windows\92886tzo5c8.dll
c:\windows\9335tzreat1475.dll
c:\windows\937espywarez259.dll
c:\windows\9461zroj2ef5.exe
c:\windows\95196s5ambzt44.exe
c:\windows\953esparsz584.cpl
c:\windows\9594zspambot4555.dll
c:\windows\959cthiez50.exe
c:\windows\95d0baczdoor3227.exe
c:\windows\9688wozm105.dll
c:\windows\969zvirus5a1.dll
c:\windows\96baddwaze14559.dll
c:\windows\98536nzt-a-virus2b5.exe
c:\windows\98fzaddware5472.bin
c:\windows\9999not-a-vi5us6z7.ocx
c:\windows\9bz4addware2050.exe
c:\windows\9c2zsteal17785.ocx
c:\windows\9c84spazse1575.dll
c:\windows\9d51virz161.dll
c:\windows\9e36back5zor2278.cpl
c:\windows\9e7asparsez9695.cpl
c:\windows\9e84thzef26635.dll
c:\windows\9fct59ef8z4.ocx
c:\windows\9z5ebackdoor2477.bin
c:\windows\beczhief21895.bin
c:\windows\e7zdow5loader898.ocx
c:\windows\fz8thr5a917757.exe

c:\windows\system32\10706v9ru56zb.cpl
c:\windows\system32\11595tro9zc5.bin
c:\windows\system32\1170ste9lz5.ocx
c:\windows\system32\11935szy755.dll
c:\windows\system32\11z849p5146.ocx
c:\windows\system32\12279sp9mbot5d1z.bin
c:\windows\system32\122s9ywzr5323.bin
c:\windows\system32\12539troz5b19.dll
c:\windows\system32\126099ot-a-virusza35.bin
c:\windows\system32\12852hazktool19d5.bin
c:\windows\system32\1295vir2z945.bin
c:\windows\system32\1339spyz915.bin
c:\windows\system32\13978notza-5i9us1b8.ocx
c:\windows\system32\14158h9zktool260.cpl
c:\windows\system32\142795pz147.cpl
c:\windows\system32\14d89p5ware3252z.dll
c:\windows\system32\15257s9ambot7zf.ocx
c:\windows\system32\15368n9t-5-vzrus4c8.ocx
c:\windows\system32\1539zworm229.bin
c:\windows\system32\15509pzdc.bin
c:\windows\system32\155z9py5b9.ocx
c:\windows\system32\157039py26bz.exe
c:\windows\system32\16539tr5j5cdz.exe
c:\windows\system32\16991trzj79b5.cpl
c:\windows\system32\1719sp5zse3010.exe
c:\windows\system32\1726d59nloader2z7.ocx
c:\windows\system32\17323h95ztool4b5.exe
c:\windows\system32\17959v5z9sc2.ocx
c:\windows\system32\179bstz9l505.exe
c:\windows\system32\17z55troj549.bin
c:\windows\system32\189485ot-a-zirus91c.dll
c:\windows\system32\18982szambot545.ocx
c:\windows\system32\189ct5ief251z.exe
c:\windows\system32\18f3thrza918605.exe
c:\windows\system32\18z56not5a-virus47f9.exe
c:\windows\system32\19372vi5uz94a.cpl
c:\windows\system32\19499tzo55c7.dll
c:\windows\system32\1950backdoz52805.exe
c:\windows\system32\19569tzoj2895.ocx
c:\windows\system32\1959trojz6.cpl
c:\windows\system32\1966szeal553.bin
c:\windows\system32\19z8vir32965.ocx
c:\windows\system32\1c37th9ezt7651.cpl
c:\windows\system32\1c9evir245z5.dll
c:\windows\system32\1df1threa51229z.ocx
c:\windows\system32\1f75spyw9re8z1.ocx
c:\windows\system32\1z1295orm959.ocx
c:\windows\system32\1z289i573.ocx
c:\windows\system32\1z28hacktoo59c.exe
c:\windows\system32\1z58worm499.ocx
c:\windows\system32\1z654hacktool2b9.ocx
c:\windows\system32\1z777spa5bot1589.bin
c:\windows\system32\1z98wo9m651.bin
c:\windows\system32\1ze9addwar911205.bin
c:\windows\system32\206455ot9azvirus38d.dll
c:\windows\system32\206z69ot-5-virusaf.cpl
c:\windows\system32\20946hacktool25z.ocx
c:\windows\system32\20z70sp5519.cpl
c:\windows\system32\21238s9amzot6515.dll
c:\windows\system32\212659ot-a-zirus4b5.cpl
c:\windows\system32\21340sp92az5.exe
c:\windows\system32\22190vi5zs5f2.ocx
c:\windows\system32\225725p9mzot57f.ocx
c:\windows\system32\227715r9j23z.exe
c:\windows\system32\22z16hack9ool105.exe
c:\windows\system32\23005ha5kt9oz29e.ocx
c:\windows\system32\2319tr5j7zb.exe
c:\windows\system32\2337back5zor12709.bin
c:\windows\system32\23757w9r57cz.dll
c:\windows\system32\240459zy2d.ocx
c:\windows\system32\240859orm1z.bin
c:\windows\system32\2417s5zmbot39d.bin
c:\windows\system32\24305zp9mbot455.cpl
c:\windows\system32\24532zo5-a-virus559.cpl
c:\windows\system32\24769wz5m950.ocx
c:\windows\system32\24z59t59j6d3.cpl
c:\windows\system32\25195spy2dz5.cpl
c:\windows\system32\25456szy5d9.dll
c:\windows\system32\25579wzrm75c.dll
c:\windows\system32\25905troj939z.dll
c:\windows\system32\25c0sparsz932.cpl
c:\windows\system32\26445s9ambzt3a.bin
c:\windows\system32\26926vi5zs4c0.bin
c:\windows\system32\26aa9d5warez987.exe
c:\windows\system32\26z055r9j371.bin
c:\windows\system32\27210h9ckt5ol4zd.ocx
c:\windows\system32\273579pyz65.dll
c:\windows\system32\27904not-59virzs70d.bin
c:\windows\system32\27913ha5ktooz73b.dll
c:\windows\system32\27916spam5ot656z.bin
c:\windows\system32\27970tz5j499.bin
c:\windows\system32\28368wozm7495.cpl
c:\windows\system32\2922s5arse3074z.exe
c:\windows\system32\293405ack9oolz41.bin
c:\windows\system32\29344zac59ool52e.cpl
c:\windows\system32\29596h5cktool4e4z.ocx
c:\windows\system32\2959t9oz2a8.cpl
c:\windows\system32\298965roj55z.bin
c:\windows\system32\29898troz552.exe
c:\windows\system32\29943tr5z39a.ocx
c:\windows\system32\29951s5ambzt53f.exe
c:\windows\system32\29a6downzoad5r1494.bin
c:\windows\system32\29z39spy75e.dll
c:\windows\system32\29z5threat937.exe
c:\windows\system32\2cd55hreat1829z9.dll
c:\windows\system32\2d9b5parsz669.bin
c:\windows\system32\2e99steaz581.bin
c:\windows\system32\2ec9spywzre2535.cpl
c:\windows\system32\2z3125pambo97e0.cpl
c:\windows\system32\2z384s952e8.exe
c:\windows\system32\2z46sp5mb9t6e1.exe
c:\windows\system32\2z56spy5029.exe
c:\windows\system32\3025zhackto9l1285.dll
c:\windows\system32\30887not-5-vi9zs710.ocx
c:\windows\system32\30915pyware32z7.cpl
c:\windows\system32\31324tro9252z.ocx
c:\windows\system32\31564v5ruz429.exe
c:\windows\system32\31a5backdooz5988.dll
c:\windows\system32\32260hac9t5ol616z.cpl
c:\windows\system32\3291downzoa9er5005.exe
c:\windows\system32\32bzthie530539.cpl
c:\windows\system32\32e7zackdoor10589.ocx
c:\windows\system32\3361t9i5f26z1.dll
c:\windows\system32\345zthief119.exe
c:\windows\system32\3519vir9z5c0.dll
c:\windows\system32\35634virus94z.exe
c:\windows\system32\3589spambot3z.dll
c:\windows\system32\359zadd5are544.exe
c:\windows\system32\35b6zi91445.exe
c:\windows\system32\35z39ro5758.bin
c:\windows\system32\382cba5k9ooz1214.ocx
c:\windows\system32\38e6t9reat5721z.cpl
c:\windows\system32\39295nzt5a-virus11b.bin
c:\windows\system32\39z9sp9rs5260.ocx
c:\windows\system32\3a9th5e9tz541.cpl
c:\windows\system32\3b85viz26019.dll
c:\windows\system32\3e87spars9513z.exe
c:\windows\system32\3ed5zte5l987.bin
c:\windows\system32\3z45threat1983.cpl
c:\windows\system32\3z609worm7925.dll
c:\windows\system32\3z75s9arse16005.ocx
c:\windows\system32\3z96s5y399.cpl
c:\windows\system32\4075spzmbot1b9.cpl
c:\windows\system32\42a4bazkd5or2957.dll
c:\windows\system32\44165zreat97736.dll
c:\windows\system32\4525backdooz8259.ocx
c:\windows\system32\457ethreat9z675.cpl
c:\windows\system32\45c1spyware998z.ocx
c:\windows\system32\45d29ddwarez63.dll
c:\windows\system32\475cvi91z5.dll
c:\windows\system32\47e5b59kdoor30z1.ocx
c:\windows\system32\47fzbackdoo91568.bin
c:\windows\system32\4869spz559.ocx
c:\windows\system32\491ddowzlo5der2574.cpl
c:\windows\system32\491eba5kdoorz502.cpl
c:\windows\system32\491t5oj4dz.ocx
c:\windows\system32\4987addware9551z.bin
c:\windows\system32\4bb7dow5l9ader15z0.bin
c:\windows\system32\4cedtzreat959495.dll
c:\windows\system32\4cz5vir8569.exe
c:\windows\system32\4f11spy9are222z5.bin
c:\windows\system32\4f93tzief1259.cpl
c:\windows\system32\4z2595r348.ocx
c:\windows\system32\4z34tr9j785.cpl
c:\windows\system32\5002not-a-v9rzs41.dll
c:\windows\system32\50b55ddwaze32649.bin
c:\windows\system32\50z29worm4b29.exe
c:\windows\system32\51105virus9ez.exe
c:\windows\system32\51324spa9bot2z5.exe
c:\windows\system32\5172spywz9e14175.ocx
c:\windows\system32\5213zparse94025.dll
c:\windows\system32\5249downlzader809.dll
c:\windows\system32\52583spy76z9.ocx

c:\windows\system32\527not-a-vizu96a9.dll
c:\windows\system32\52b3spywar91z62.dll
c:\windows\system32\530ba9dware8z9.dll
c:\windows\system32\53c8sp9warz947.dll
c:\windows\system32\53d0spzrse1695.dll
c:\windows\system32\5455bac5d9orz881.bin
c:\windows\system32\545ack9oor670z.ocx
c:\windows\system32\5535v9ruz6235.dll
c:\windows\system32\554bs9arz5903.bin
c:\windows\system32\55576hackzoo96f6.ocx
c:\windows\system32\5570dzwnloade91255.cpl
c:\windows\system32\55e7thz9at24697.exe
c:\windows\system32\5656zot-a-vi9us6cd.bin
c:\windows\system32\57aavirz659.ocx
c:\windows\system32\57z9b9ckdoor2255.ocx
c:\windows\system32\581f59rz49.bin
c:\windows\system32\58375parze5259.exe
c:\windows\system32\587zsparse2289.exe
c:\windows\system32\58914hackt9oz3ee.ocx
c:\windows\system32\58f1adz5are949.dll
c:\windows\system32\592ztroj5b0.cpl
c:\windows\system32\594c5ownloaderz819.ocx
c:\windows\system32\596dthreat1z279.dll
c:\windows\system32\5979b9ckdoor1890z.exe
c:\windows\system32\59915h9eat26663z.exe
c:\windows\system32\59995zoj6d49.cpl
c:\windows\system32\59dfzparse955.ocx
c:\windows\system32\5a0bs5eal32z9.exe
c:\windows\system32\5a50t9reat15z39.dll
c:\windows\system32\5b5f9ownloader3z50.cpl
c:\windows\system32\5b9ath5zat2955.ocx
c:\windows\system32\5c3t5zef2943.exe
c:\windows\system32\5c6a5pyware50z9.ocx
c:\windows\system32\5d0a5hreaz5909.cpl
c:\windows\system32\5d11s9ealz64.ocx
c:\windows\system32\5dd1stezl9589.dll
c:\windows\system32\5ea99i5314z.cpl
c:\windows\system32\5ec9szy5are2593.ocx
c:\windows\system32\5f39backdoor27z8.bin
c:\windows\system32\5fadbazkdoo92837.ocx
c:\windows\system32\5fzcthr5at23149.exe
c:\windows\system32\5z57w9rm259.bin
c:\windows\system32\5z79n5t-a-viru95b7.ocx
c:\windows\system32\5z9threat51941.bin
c:\windows\system32\604cspyware9z575.bin
c:\windows\system32\607ddowzload5r2694.cpl
c:\windows\system32\614baddzar93591.cpl
c:\windows\system32\619et5rezt18294.bin
c:\windows\system32\62159hzef2305.bin
c:\windows\system32\6279b5ckdoor1z80.ocx
c:\windows\system32\6332s5eal31z19.bin
c:\windows\system32\63565p9zbot5de.exe
c:\windows\system32\6397st5al82z.bin
c:\windows\system32\6508th9eat3575z.bin
c:\windows\system32\6517not-a-virus4z9.cpl
c:\windows\system32\651cspzr9e263.cpl
c:\windows\system32\655azparse2998.cpl
c:\windows\system32\6584h5c9toolz7f.cpl
c:\windows\system32\65945py39z.exe
c:\windows\system32\6597virus60z.bin
c:\windows\system32\659fvir426z.exe
c:\windows\system32\65c99hief1z50.ocx
c:\windows\system32\65fcdo9nloaderz47.ocx
c:\windows\system32\665asparze9521.ocx
c:\windows\system32\6692thi5z1929.cpl
c:\windows\system32\66zest5al9711.bin
c:\windows\system32\67espars539z3.dll
c:\windows\system32\6867wor9552z.ocx
c:\windows\system32\69z7sparse351.cpl
c:\windows\system32\69zest59l2088.ocx
c:\windows\system32\6ab0ad9wa5e213z.dll
c:\windows\system32\6c0sp9rsez715.dll
c:\windows\system32\6c45downloadzr905.cpl
c:\windows\system32\6c97zpy9are5190.exe
c:\windows\system32\6dd4spy9arz3506.dll
c:\windows\system32\6f8a5zyw9re883.dll
c:\windows\system32\6z439ro53fc.ocx
c:\windows\system32\6z9dv5r893.ocx
c:\windows\system32\6ze7addw5re19689.cpl
c:\windows\system32\7054downlzader58349.ocx
c:\windows\system32\7295ad9ware25z6.dll
c:\windows\system32\72d4downlzad5r968.cpl
c:\windows\system32\7353szeal2249.bin
c:\windows\system32\7406add9zre1345.exe
c:\windows\system32\7427s9zrse27455.dll
c:\windows\system32\7483v5ru93ze.bin
c:\windows\system32\751ftzief1559.exe
c:\windows\system32\75509hiez3059.ocx
c:\windows\system32\7559thief111z.bin
c:\windows\system32\7574nzt-a-vi9u513.ocx
c:\windows\system32\75a5thzef459.ocx
c:\windows\system32\7693no5-a-vizus943.ocx
c:\windows\system32\76z0spa9se1755.ocx
c:\windows\system32\78595tealz309.exe
c:\windows\system32\78a75ownloade92z42.dll
c:\windows\system32\790b9oznlo5der706.exe
c:\windows\system32\791d5ackdoor9026z.dll
c:\windows\system32\7953vir9z5.bin
c:\windows\system32\798zv5r293.bin
c:\windows\system32\7995sp5rsz2141.dll
c:\windows\system32\79zd5ackdoor2570.cpl
c:\windows\system32\7aaestezl5995.dll
c:\windows\system32\7b039d5waze2527.dll
c:\windows\system32\7bz99hief2351.exe
c:\windows\system32\7c5e5ackdozr2219.ocx
c:\windows\system32\7cz195r580.dll
c:\windows\system32\7d7dzwnloa9e52966.cpl
c:\windows\system32\7d80d9wnzoa5er136.bin
c:\windows\system32\7z15v9r2563.bin
c:\windows\system32\7z88s5yware1597.ocx
c:\windows\system32\7zd1thief56529.ocx
c:\windows\system32\8000tz9j258.exe
c:\windows\system32\85fdow5lzade92897.cpl
c:\windows\system32\9029zroj252.bin
c:\windows\system32\905espyware311z.bin
c:\windows\system32\911bspy5arez999.dll
c:\windows\system32\91574z5cktool7b0.ocx
c:\windows\system32\919z8h5cktool4da.exe
c:\windows\system32\91czspyware24825.bin
c:\windows\system32\920z9arse4985.cpl
c:\windows\system32\9287wo5z179.cpl
c:\windows\system32\92ddsteal5z82.bin
c:\windows\system32\934spamboz659.cpl
c:\windows\system32\9350h5cztool9b.cpl
c:\windows\system32\9435vizus3ed.cpl
c:\windows\system32\95072hacktooz1e4.ocx
c:\windows\system32\9515zorm239.ocx
c:\windows\system32\95280not-a-viruszb5.dll
c:\windows\system32\9556z9oj38f.dll
c:\windows\system32\95585troj5zb.cpl
c:\windows\system32\95605p9598z.cpl
c:\windows\system32\9563addwarz265.bin
c:\windows\system32\956thief290z.dll
c:\windows\system32\958fthreat7z03.exe
c:\windows\system32\95czir54.exe
c:\windows\system32\96656szambot540.exe
c:\windows\system32\96815pzrse2220.bin
c:\windows\system32\976szarse2357.bin
c:\windows\system32\987zvir2585.bin
c:\windows\system32\991vi5usz9b.ocx
c:\windows\system32\99506not-z-viru5659.cpl
c:\windows\system32\9967z5am9ot61.ocx
c:\windows\system32\99z45py243.ocx
c:\windows\system32\9a14zhie52401.dll
c:\windows\system32\9b25py9are2z1.exe
c:\windows\system32\9b75tzreat29355.ocx
c:\windows\system32\9b7t5ief3076z.ocx
c:\windows\system32\9be9addware35z3.exe
c:\windows\system32\9c6zpyw5re285.dll
c:\windows\system32\9d4aadd5arez647.cpl
c:\windows\system32\9z19virus5de.cpl
c:\windows\system32\9z21steal558.ocx
c:\windows\system32\aa35parsz2971.ocx
c:\windows\system32\ae7add5zr9500.dll
c:\windows\system32\af5addware199z.cpl
c:\windows\system32\b5d9dzware2586.dll
c:\windows\system32\b91zteal5960.cpl
c:\windows\system32\becthz5a923613.bin
c:\windows\system32\d9fdownloade5z0639.bin
c:\windows\system32\ddzt5ief25599.exe
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\e1baddw9re29z5.cpl
c:\windows\system32\e99virz9645.cpl
c:\windows\system32\eb5downloz9er997.dll
c:\windows\system32\f00v952371z.bin
c:\windows\system32\setup2.exe
c:\windows\system32\z0535spy59f.bin
c:\windows\system32\z0639troj7555.exe
c:\windows\system32\z0818hackto5l579.dll
c:\windows\system32\z19cthreat53952.cpl
c:\windows\system32\z2015teal3096.exe
c:\windows\system32\z20669o5-a-virus5ed.bin
c:\windows\system32\z2242wor597a.dll
c:\windows\system32\z234d5wnloader1190.exe
c:\windows\system32\z246back5oor17249.bin
c:\windows\system32\z260addwar95463.exe
c:\windows\system32\z2899sp575f.cpl
c:\windows\system32\z39spy755.bin
c:\windows\system32\z436spyw9r52227.dll
c:\windows\system32\z49e9hreat32235.cpl
c:\windows\system32\z5094wo5m399.bin
c:\windows\system32\z5230v5rus973.dll
c:\windows\system32\z565spyware1955.bin
c:\windows\system32\z58559iru55b6.dll
c:\windows\system32\z6caadd9are2957.cpl
c:\windows\system32\z7945ddware2871.ocx
c:\windows\system32\z7d7spyw5re1498.exe
c:\windows\system32\z881vi9451.ocx
c:\windows\system32\z905addw9re3015.exe
c:\windows\system32\z9198troj359.bin
c:\windows\system32\z938spy59d.ocx
c:\windows\system32\z93e59arse1124.cpl
c:\windows\system32\z9878n5t-a-virus244.cpl
c:\windows\system32\z995not-a-virus797.cpl
c:\windows\system32\z9f5vir503.ocx
c:\windows\system32\zb51vi91930.ocx
c:\windows\system32\zbb1backdoo52968.exe
c:\windows\system32\zcbcsp5ware2529.bin
c:\windows\system32\ze95ddware2302.bin
c:\windows\system32\zec9thi5f1292.dll
c:\windows\system32\zf9cth5eat32453.dll

c:\windows\z0165t9oj6e5.ocx
c:\windows\z075troj954.cpl
c:\windows\z1059hacktool6d9.cpl
c:\windows\z1580not-a9virus530.ocx
c:\windows\z1650wor955.exe
c:\windows\z191tr5j92b.exe
c:\windows\z196spambot158.dll
c:\windows\z35965a9ktool345.dll
c:\windows\z35985irus971.exe
c:\windows\z4007not-5-v9rus508.dll
c:\windows\z40not-9-virus757.cpl
c:\windows\z4370virus3c59.dll
c:\windows\z4525s9yb1.dll
c:\windows\z525s59115.exe
c:\windows\z5377hack9ool594.cpl
c:\windows\z6502spy449.exe
c:\windows\z672download9r27725.exe
c:\windows\z6bbthi9f4695.cpl
c:\windows\z7649s5y1dc.dll
c:\windows\z8095spy75c.ocx
c:\windows\z8b4addw9re5014.exe
c:\windows\z915w9rm321.cpl
c:\windows\z9927virus145.dll
c:\windows\z9b75ackdoor1938.exe
c:\windows\z9ceba9kdoor5625.cpl
c:\windows\zf75v9r1292.dll
c:\windows\zfca95r2595.ocx

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 03:10 . 2009-06-03 03:10 -------- d-----w- c:\users\sean\AppData\Local\temp
2009-06-03 03:10 . 2009-06-03 03:10 -------- d-----w- c:\users\Wormy\AppData\Local\temp
2009-06-02 03:59 . 2009-06-02 03:59 -------- d-----w- c:\program files\Trend Micro
2009-06-02 03:36 . 2009-06-02 03:36 -------- d-----w- c:\windows\Sun
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\users\sean\AppData\Roaming\Malwarebytes
2009-06-02 03:20 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\programdata\Malwarebytes
2009-06-02 03:20 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 03:09 . 2009-06-02 03:09 574 ----a-w- C:\cleanup.bat
2009-06-02 03:09 . 2009-06-02 03:09 19286 ----a-w- C:\cleanup.exe
2009-06-02 03:09 . 2009-06-02 03:09 135168 ----a-w- C:\zip.exe
2009-06-02 01:25 . 2009-06-02 01:25 5179 ----a-w- c:\windows\54t59jz.exe
2009-06-02 01:24 . 2009-06-02 01:24 348160 ----a-w- c:\windows\system32\blocker.dll
2009-05-18 15:05 . 2009-05-08 16:49 486168 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-18 15:05 . 2009-05-08 16:49 2051864 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-18 15:05 . 2009-05-08 16:49 354584 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-05-18 15:05 . 2009-05-08 16:49 3288344 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-05-18 15:05 . 2009-05-08 16:49 424472 ----a-w- c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-18 15:05 . 2009-05-08 16:49 312088 ----a-w- c:\programdata\avg8\update\backup\avglngx.dll
2009-05-18 15:05 . 2009-05-08 16:49 177432 ----a-w- c:\programdata\avg8\update\backup\avgmail.dll
2009-05-18 15:02 . 2009-05-08 16:44 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-05-18 15:02 . 2009-05-08 16:44 1437464 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-05-17 16:19 . 2009-05-08 16:49 2302232 ----a-w- c:\programdata\avg8\update\backup\avguiadv.dll
2009-05-17 16:19 . 2009-05-08 16:49 3399960 ----a-w- c:\programdata\avg8\update\backup\avgui.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 03:36 . 2007-09-28 21:36 1356 ----a-w- c:\users\sean\AppData\Local\d3d9caps.dat
2009-05-28 17:18 . 2009-02-04 05:14 -------- d-----w- c:\program files\Curse
2009-05-14 10:02 . 2007-10-14 03:52 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 10:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 16:49 . 2009-02-03 17:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-08 16:49 . 2008-04-27 23:03 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-08 16:49 . 2008-04-27 23:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-06 07:40 . 2008-05-20 22:39 -------- d-----w- c:\programdata\media center programs
2009-04-19 10:12 . 2009-04-19 10:12 -------- d-----w- c:\program files\MagicDisc
2009-04-19 10:08 . 2009-04-19 10:08 -------- d-----w- c:\program files\MagicISO
2009-03-17 03:38 . 2009-04-16 20:20 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:20 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 21:18 . 2009-04-05 20:52 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-04-05 20:52 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-04-05 20:52 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-04-05 20:52 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 22:27 . 2009-04-05 20:52 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 22:27 . 2009-04-05 20:52 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 22:27 . 2009-04-05 20:52 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-05-15 1933312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 1261568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RandMAC"="c:\program files\MadMACs1.2\MadMACs\MadMACs.exe" [2008-08-07 253245]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 92704]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-02-13 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-02-13 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-05-26 1283344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Wormy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OneNote Table Of Contents.onetoc2 [2009-4-4 3656]

c:\users\sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-4-19 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk
backup=c:\windows\pss\Hawking Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{98B127AE-85A5-4079-AC46-70C42CC7DE43}c:\\program files\\turbine\\dungeons & dragons online - stormreach\\dndclient.exe"= UDP:c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"UDP Query User{4C8FD282-2335-44C7-A9D8-49A154ECE0C3}c:\\program files\\turbine\\dungeons & dragons online - stormreach\\dndclient.exe"= TCP:c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"TCP Query User{F21FCED1-918C-44EF-86D3-AFC64ACF2B11}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{1F321628-792B-40A8-B9BF-886B8A39F577}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{D73528E4-E97F-4D39-9460-7CE6F30678D2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1875E92A-9C70-4C1F-95FA-D3A0B69600B9}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DFCC8892-E928-4F01-90B8-7548739FFA75}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3585F77C-E717-4272-AEA4-76A64796BC12}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{97842A9F-CE6C-4056-B4DF-EC5F7E19F623}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D3A35673-DD95-4E7F-8E8F-DE19E5BF2652}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{35CAD35F-69E1-4C9A-A781-8091772553AB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0EC37945-EC97-481A-8594-5E82176C5A14}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{4AC8A5F9-35DB-41E0-95E2-A18B9B868B4A}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{596970D5-3A9D-4BFC-ACEF-F1FD98F2807B}c:\\matrix games\\empires in arms\\update.exe"= UDP:c:\matrix games\empires in arms\update.exe:TrueUpdate Client
"UDP Query User{DDCCD428-96CC-4625-B803-5A31503F49BC}c:\\matrix games\\empires in arms\\update.exe"= TCP:c:\matrix games\empires in arms\update.exe:TrueUpdate Client
"{94AFD6CC-2891-4794-B06E-2CE7FC432867}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{66B2C133-F1F2-4D2C-8A4E-C00144A6B873}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3E239F7-E0AC-4C16-B5AF-E57B40C73C65}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{BB0FB226-F26B-4B3E-ADCE-08D19BAFF754}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D86F399E-B185-4FC8-B0BB-640AEE2269A4}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{565F1EF6-E355-4B03-900E-FDA7F2FD115F}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [6/27/2008 1:40 AM 335872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/27/2008 4:03 PM 325896]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/3/2009 10:43 AM 298776]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\System32\drivers\athru6.sys [7/5/2007 2:57 AM 873472]
S3 ctgame;Game Port;c:\windows\System32\drivers\CTGAME.SYS [2/13/2007 4:46 PM 19128]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinBlueSoft - (no file)
HKLM-RunOnce- - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 20:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-03 20:11
ComboFix-quarantined-files.txt 2009-06-03 03:11

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 67,143,356,416 bytes free

896 --- E O F --- 2009-06-02 00:59

I see that you are running BitLord.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitLord is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• BitLord
  

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
C:\cleanup.bat
C:\cleanup.exe
C:\zip.exe
c:\windows\54t59jz.exe
c:\windows\system32\blocker.dll

Folder::
c:\program files\bitlord

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F21FCED1-918C-44EF-86D3-AFC64ACF2B11}c:\\program files\\bitlord\\bitlord.exe"=-
"UDP Query User{1F321628-792B-40A8-B9BF-886B8A39F577}c:\\program files\\bitlord\\bitlord.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-01.03 - sean 06/03/2009 8:39.2 - NTFSx86 NETWORK
Microsoft Windows Vista Ultimate 6.0.6001.1.1252.1.1033.18.3326.2726 [GMT -7:00]
Running from: c:\users\sean\Desktop\Combo-Fix.exe
Command switches used :: c:\users\sean\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\cleanup.bat"
"C:\cleanup.exe"
"c:\windows\54t59jz.exe"
"c:\windows\system32\blocker.dll"
"C:\zip.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.bat
C:\cleanup.exe
c:\program files\bitlord
c:\program files\bitlord\Downloads\Lanny Barby performing_by_majed12.mp4.bc!
c:\program files\bitlord\lang\lang_ar_ae.xml
c:\program files\bitlord\lang\lang_bg_bg.xml
c:\program files\bitlord\lang\lang_ca_es.xml
c:\program files\bitlord\lang\lang_cz_cz.xml
c:\program files\bitlord\lang\lang_da_dk.xml
c:\program files\bitlord\lang\lang_de_de.xml
c:\program files\bitlord\lang\lang_el_gr.xml
c:\program files\bitlord\lang\lang_en_us.xml
c:\program files\bitlord\lang\lang_es_ar.xml
c:\program files\bitlord\lang\lang_es_es.xml
c:\program files\bitlord\lang\lang_et_ee.xml
c:\program files\bitlord\lang\lang_fi_fi.xml
c:\program files\bitlord\lang\lang_fr_fr.xml
c:\program files\bitlord\lang\lang_gl_es.xml
c:\program files\bitlord\lang\lang_he_il.xml
c:\program files\bitlord\lang\lang_hu_hu.xml
c:\program files\bitlord\lang\lang_it_it.xml
c:\program files\bitlord\lang\lang_jp_jp.xml
c:\program files\bitlord\lang\lang_ko_kr.xml
c:\program files\bitlord\lang\lang_nb_no.xml
c:\program files\bitlord\lang\lang_nl_nl.xml
c:\program files\bitlord\lang\lang_pl_pl.xml
c:\program files\bitlord\lang\lang_pt_br.xml
c:\program files\bitlord\lang\lang_pt_pt.xml
c:\program files\bitlord\lang\lang_ro_ro.xml
c:\program files\bitlord\lang\lang_ru_ru.xml
c:\program files\bitlord\lang\lang_sk_sk.xml
c:\program files\bitlord\lang\lang_sl_si.xml
c:\program files\bitlord\lang\lang_sr_sr.xml
c:\program files\bitlord\lang\lang_sv_se.xml
c:\program files\bitlord\lang\lang_th_th.xml
c:\program files\bitlord\lang\lang_tr_tr.xml
c:\program files\bitlord\lang\lang_va_es.xml
c:\program files\bitlord\lang\lang_zh_tw.xml
c:\program files\bitlord\rules\ipfilter.dat
c:\windows\54t59jz.exe
c:\windows\system32\blocker.dll
C:\zip.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 15:41 . 2009-06-03 15:43 -------- d-----w- c:\users\sean\AppData\Local\temp
2009-06-03 15:41 . 2009-06-03 15:41 -------- d-----w- c:\users\Wormy\AppData\Local\temp
2009-06-02 03:59 . 2009-06-02 03:59 -------- d-----w- c:\program files\Trend Micro
2009-06-02 03:36 . 2009-06-02 03:36 -------- d-----w- c:\windows\Sun
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\users\sean\AppData\Roaming\Malwarebytes
2009-06-02 03:20 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\programdata\Malwarebytes
2009-06-02 03:20 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-18 15:05 . 2009-05-08 16:49 486168 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-18 15:05 . 2009-05-08 16:49 2051864 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-18 15:05 . 2009-05-08 16:49 354584 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-05-18 15:05 . 2009-05-08 16:49 3288344 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-05-18 15:05 . 2009-05-08 16:49 424472 ----a-w- c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-18 15:05 . 2009-05-08 16:49 312088 ----a-w- c:\programdata\avg8\update\backup\avglngx.dll
2009-05-18 15:05 . 2009-05-08 16:49 177432 ----a-w- c:\programdata\avg8\update\backup\avgmail.dll
2009-05-18 15:02 . 2009-05-08 16:44 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-05-18 15:02 . 2009-05-08 16:44 1437464 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-05-17 16:19 . 2009-05-08 16:49 2302232 ----a-w- c:\programdata\avg8\update\backup\avguiadv.dll
2009-05-17 16:19 . 2009-05-08 16:49 3399960 ----a-w- c:\programdata\avg8\update\backup\avgui.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 08:13 . 2007-09-28 21:36 1356 ----a-w- c:\users\sean\AppData\Local\d3d9caps.dat
2009-06-03 07:49 . 2009-06-03 07:49 -------- d-----w- c:\users\sean\AppData\Roaming\Media Player Classic
2009-05-28 17:18 . 2009-02-04 05:14 -------- d-----w- c:\program files\Curse
2009-05-14 10:02 . 2007-10-14 03:52 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 10:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 16:49 . 2009-02-03 17:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-08 16:49 . 2008-04-27 23:03 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-08 16:49 . 2008-04-27 23:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-06 07:40 . 2008-05-20 22:39 -------- d-----w- c:\programdata\media center programs
2009-04-19 10:12 . 2009-04-19 10:12 -------- d-----w- c:\program files\MagicDisc
2009-04-19 10:08 . 2009-04-19 10:08 -------- d-----w- c:\program files\MagicISO
2009-03-17 03:38 . 2009-04-16 20:20 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:20 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 21:18 . 2009-04-05 20:52 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-04-05 20:52 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-04-05 20:52 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-04-05 20:52 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 22:27 . 2009-04-05 20:52 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 22:27 . 2009-04-05 20:52 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 22:27 . 2009-04-05 20:52 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_03.10.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-28 21:43 . 2009-06-03 15:44 42928 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-06-03 15:44 75840 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:03 . 2009-06-03 00:38 75840 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-28 21:43 . 2009-06-03 15:44 4606 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1353801986-901182099-2165180864-1000_UserData.bin
+ 2009-06-03 15:42 . 2009-06-03 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-03 15:42 . 2009-06-03 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-05-15 1933312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 1261568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RandMAC"="c:\program files\MadMACs1.2\MadMACs\MadMACs.exe" [2008-08-07 253245]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 92704]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-02-13 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-02-13 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Wormy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OneNote Table Of Contents.onetoc2 [2009-4-4 3656]

c:\users\sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-4-19 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk
backup=c:\windows\pss\Hawking Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{98B127AE-85A5-4079-AC46-70C42CC7DE43}c:\\program files\\turbine\\dungeons & dragons online - stormreach\\dndclient.exe"= UDP:c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"UDP Query User{4C8FD282-2335-44C7-A9D8-49A154ECE0C3}c:\\program files\\turbine\\dungeons & dragons online - stormreach\\dndclient.exe"= TCP:c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"{D73528E4-E97F-4D39-9460-7CE6F30678D2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1875E92A-9C70-4C1F-95FA-D3A0B69600B9}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DFCC8892-E928-4F01-90B8-7548739FFA75}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3585F77C-E717-4272-AEA4-76A64796BC12}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{97842A9F-CE6C-4056-B4DF-EC5F7E19F623}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D3A35673-DD95-4E7F-8E8F-DE19E5BF2652}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{35CAD35F-69E1-4C9A-A781-8091772553AB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0EC37945-EC97-481A-8594-5E82176C5A14}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{4AC8A5F9-35DB-41E0-95E2-A18B9B868B4A}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{596970D5-3A9D-4BFC-ACEF-F1FD98F2807B}c:\\matrix games\\empires in arms\\update.exe"= UDP:c:\matrix games\empires in arms\update.exe:TrueUpdate Client
"UDP Query User{DDCCD428-96CC-4625-B803-5A31503F49BC}c:\\matrix games\\empires in arms\\update.exe"= TCP:c:\matrix games\empires in arms\update.exe:TrueUpdate Client
"{94AFD6CC-2891-4794-B06E-2CE7FC432867}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{66B2C133-F1F2-4D2C-8A4E-C00144A6B873}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3E239F7-E0AC-4C16-B5AF-E57B40C73C65}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{BB0FB226-F26B-4B3E-ADCE-08D19BAFF754}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D86F399E-B185-4FC8-B0BB-640AEE2269A4}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{565F1EF6-E355-4B03-900E-FDA7F2FD115F}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/27/2008 4:03 PM 325896]
R3 ctgame;Game Port;c:\windows\System32\drivers\CTGAME.SYS [2/13/2007 4:46 PM 19128]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\System32\drivers\athru6.sys [7/5/2007 2:57 AM 873472]

--- Other Services/Drivers In Memory ---

*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - mcdbus
*Deregistered* - mouclass
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - ossrv
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 08:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3848)
c:\windows\System32\ctagent.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\AEADISRV.EXE
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
c:\windows\System32\java.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-06-03 8:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 15:47
ComboFix2.txt 2009-06-03 03:11

Pre-Run: 65,065,103,360 bytes free
Post-Run: 61,562,650,624 bytes free

402 --- E O F --- 2009-06-02 00:59

After this run I can now run programs on my computer.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

While I can run programs something is eating up a CPU cycles. CPU usage is bouncing between 35 and 50% with nothing open other than background stuff. The mouse pointer always appears busy and flickers. Closing programs does not work very well.

The above issues seem to happen while logged in to my computer on a user account. I don't seem to have the same problems on my admin account.

Here is the HijackThis log run from my admin account.

Last edited by Wormy on 4th June 2009, 12:17 am; edited 1 time in total (Reason for editing : Additional Information)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:06 PM, on 6/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RandMAC] C:\Program Files\MadMACs1.2\MadMACs\MadMACs.exe doittoit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5550 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [RandMAC] C:\Program Files\MadMACs1.2\MadMACs\MadMACs.exe doittoit
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
  O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
  O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Now reboot.

Let me know if the CPU jumping has stopped or happens less frequently.

My CPU jumping has stopped. The mouse is no longer always busy and I can close programs again.

I am having an issue with Warhammer Online after this last fix. Warpatch.exe keeps saying that it is already running. This is a common problem after a game crash but not after a reboot. I have rebooted multiple times and shutdown completely once. Usually when I get this message after a crash I can kill the warpatch.exe process through task manager but not this time. The process is not listed in task manager.;

It turns out that this problem only occurs from my user account not my admin account.

Last edited by Wormy on 4th June 2009, 2:45 pm; edited 2 times in total (Reason for editing : Additional Information)

Hello.
Most probably caused by killing the CurseClient run value.
I don't understand why it wants it running at startup when it can be started via the Start Menu, but whatever, we can restore it.

• Open HijackThis.
  
• When Hijack This opens, click "View the list of backups"
  
• Then find and tick the box next to this line: O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
  
• Press "Restore", then reboot.
  

Still having error problems about WarHammer now?

That did not do it. However while checking into this I noticed that I could not run programs as administrator from my user account. It used to be that programs would ask for my admin password and then run, now they just ignore the request to run as administrator and run as normal. This was made clear with Ventrilo which shows me old Vent servers that I no longer access when not run as administrator (vista requires that I run Ventrilo as admin for it to work when warhammer is the primary window).

I am not sure what changed but while reset some programs on my computer I started to be able to use admin mode again on my user account. Thanks for all the help.