WiredWX Hobby Weather ToolsLog in

 


Yet another Win Blue Problem

3 posters

descriptionYet another Win Blue Problem EmptyYet another Win Blue Problem

more_horiz
Win Blue won't let me run any programs while I am not in safe mode. I can't open my task manager, run HijackThis, DDS, Malwarebytes Anti-Malware or Avenger. I have run these programs in safe mode and cleaned some Win Blue stuff up but that has not helped outside safe mode. In addition my computer seems to reboot after a certain amount of time.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
My desktop background has been hijacked by a warning that my computer is infected with spyware and there is no option to change it under Control Panel - Personalize. I can't open the control panel directly but I can by opening personalize with a right click on my desktop and then navigating to it using the directory structure.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
BTW I am typing this in parts worried about a reboot. I am running Vista Ultimate Service Pack 1.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
Hello.
Try this.

  • Now open a new notepad file.
  • Input this into the notepad file:

    [Version]
    Signature=$CHICAGO$

    [DefaultInstall]
    AddReg=Del.Settings

    [Del.Settings]
    HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,setup2.exe,0x00000000
    HKLM,software\microsoft\windows\currentVersion\Run,WinBlueSoft,0x00000000
    HKU,DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run,setup2.exe,0x00000000
    HKLM,software\microsoft\windows nt\currentversion\windows,AppInit_DLLs,0x00000000


  • Save this as fixreg.inf, save it to your desktop.
  • Right click fixreg.inf and select install.

Then reboot, let me know if you can run any exe file now.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
I created the file in safe mode but the installation failed while in safe mode.

I then tried to install it in regular mode but it did not seem to do anything. It looked to me like it would not install just like it would not run an exe file. I did reboot and I still can't run exe files.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
Hello.
I want to try this.

Now open a new notepad file.
Input this into the notepad file:

@echo off
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows /v AppInit_DLLs /t REG_SZ /d "" /f
del fix.bat
exit


Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
The .bat file ran (it deleted itself). But I still could not install the .inf file afterwards. Neither could I run any programs afterwards.

However in safe mode the .bat file ran and then I could install the .inf file which I could not before.

Since I can not do anything except in safe mode I thought I would post a HijackThis log in my next post.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:51 PM, on 6/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RandMAC] C:\Program Files\MadMACs1.2\MadMACs\MadMACs.exe doittoit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6085 bytes

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
Can yuo try to Run this tool in Safe Mode,



  • Download combofix from here
    Link 1
    Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

Yet another Win Blue Problem CF_download_FF

Yet another Win Blue Problem CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
ComboFix warned that I was running AVG, and I do have AVG 8.5 installed. However there is no AVG icon on the taskbar in safe mode. In addition I could not see AVG as an application or process in task manager. I decided to go ahead anyway. The following is the ComboFix.txt file contents.

ComboFix 09-06-01.03 - sean 06/02/2009 20:04.1 - NTFSx86 NETWORK
Microsoft®️ Windows Vista™️ Ultimate 6.0.6001.1.1252.1.1033.18.3326.2808 [GMT -7:00]
Running from: c:\users\sean\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
c:\windows\10259notza-virus39e.bin
c:\windows\103969z5m7da.cpl
c:\windows\105bac5dozr3091.ocx
c:\windows\10736vir9z545.dll
c:\windows\10901hacktool53z9.bin
c:\windows\10953hzcktool2f39.exe
c:\windows\109aspzrse18495.exe
c:\windows\11152spzmbot679.dll
c:\windows\11519vi9uz555.exe
c:\windows\11710not-z9v5rus510.cpl
c:\windows\12195no9-a-virus11z.ocx
c:\windows\131z8s5ambo91f.bin
c:\windows\13791spamzot50.dll
c:\windows\14475not-z-virus5929.exe
c:\windows\145z2troj49c.exe
c:\windows\14779zot-a-v5rus982.ocx
c:\windows\149bthrea5117z8.exe
c:\windows\15099zot-a-9irus3d3.cpl
c:\windows\15134hazktool5249.exe
c:\windows\15521zpy9f8.exe
c:\windows\155559py70z.ocx
c:\windows\15567noz-a-vir9s4f8.ocx
c:\windows\15580tro947az.exe
c:\windows\15674zackto9l45d.bin
c:\windows\1589s9y69z.exe
c:\windows\15994spz2f3.exe
c:\windows\16142v9rusz365.dll
c:\windows\165zvir19455.cpl
c:\windows\1674do9n5oader6z1.bin
c:\windows\16925zi9us565.ocx
c:\windows\1757st5a9z889.exe
c:\windows\1759threat532z5.exe
c:\windows\17c0zow9loa5er788.cpl
c:\windows\17eddo9nlo5der10z9.ocx
c:\windows\18316virz94cd5.exe
c:\windows\18533nzt-9-vi5us3a2.ocx
c:\windows\1893ztro51b79.ocx
c:\windows\18z0tr593b6.cpl
c:\windows\19005vzrus5a9.exe
c:\windows\19195not-a-virus574z.bin
c:\windows\19215hacktzol47f9.dll
c:\windows\19254hazktool5c09.cpl
c:\windows\192fspzrse2157.ocx
c:\windows\19468tzoj452.exe
c:\windows\195fdowzloa95r2209.bin
c:\windows\195spa9botza8.dll
c:\windows\195z1wor5163.dll
c:\windows\19606wo5m3z8.dll
c:\windows\19630vir5sz13.cpl
c:\windows\1964sp5mboz329.exe
c:\windows\19920tr9z5a6.cpl
c:\windows\19995zr9j552.cpl
c:\windows\19a9vzr1505.exe
c:\windows\1b145tza91674.exe
c:\windows\1b20v5rz90.cpl
c:\windows\1d19spywa5z18429.cpl
c:\windows\1d389ddwaz51408.dll
c:\windows\1e36t9iefz529.exe
c:\windows\1eczspy59re1842.cpl
c:\windows\1f9szarse1965.dll
c:\windows\1z589ownloader179.bin
c:\windows\1z916hacktoo9ea5.cpl
c:\windows\203089a5ktoolzeb.bin
c:\windows\2094zviru5790.dll
c:\windows\21729vi9uz5cc5.dll
c:\windows\21803szy5b9.exe
c:\windows\22756wor9752z.cpl
c:\windows\23295spz569.bin
c:\windows\2347z5dw9re2301.ocx
c:\windows\24192wz5m45f.ocx
c:\windows\24257troj7zd9.ocx
c:\windows\24549notza-virus59c.cpl
c:\windows\247z9hacktool15e.ocx
c:\windows\24c2thi951z47.bin
c:\windows\24z34h9cktool52b.dll
c:\windows\24z98w59m6e2.bin
c:\windows\25002vir9sze5.dll
c:\windows\25117spam9ot659z.exe
c:\windows\25176s5am9oz7e.ocx
c:\windows\25183zirus6989.cpl
c:\windows\25376not-9-viruz355.bin
c:\windows\2555stea9234z.bin
c:\windows\25631s5ambzt469.exe
c:\windows\25741h5zktoo937d.exe
c:\windows\25840v9rusz26.bin
c:\windows\25925hzckto5l7b4.dll
c:\windows\25a59pyware1959z.exe
c:\windows\25z97worm49d.cpl
c:\windows\26635hacz9ool3675.dll
c:\windows\26849viz5s7b9.bin
c:\windows\26973tr9j5cz.exe
c:\windows\26d8addwaze95105.dll
c:\windows\26z82vi5us349.bin
c:\windows\27598n9t-a-vzrus738.exe
c:\windows\27999hac9t5olzaf.exe
c:\windows\2830795z726.cpl
c:\windows\28761zot-a5vir9s436.bin
c:\windows\287949zambo561f.cpl
c:\windows\28905hzckt9ol6365.bin
c:\windows\28ces59warz374.bin
c:\windows\29385tr9j759z.cpl
c:\windows\295th9ef1z45.ocx
c:\windows\29c3zhreat19253.cpl
c:\windows\29c6spar9ez925.exe
c:\windows\29z78vi9us55f.cpl
c:\windows\29ze9teal3005.ocx
c:\windows\2a59down5oazer1259.dll
c:\windows\2a9zth5ea91978.dll
c:\windows\2aa4addz5r9439.exe
c:\windows\2bee5hr9at18189z.cpl
c:\windows\2c46backd5or4z19.ocx
c:\windows\2c84spazse5984.exe
c:\windows\2e42backzo592507.dll
c:\windows\2e59szyware2445.dll
c:\windows\2z4spamb5t925.dll
c:\windows\2za95ddware1324.exe
c:\windows\2zc2vir13595.exe
c:\windows\30259zpamb5t67c9.cpl
c:\windows\3049z5ot-a-virus6f4.ocx
c:\windows\30972spambot52cz.cpl
c:\windows\30c9virz453.exe
c:\windows\31390zirus754.cpl
c:\windows\31805troj2z59.cpl
c:\windows\31864z9rm555.ocx
c:\windows\31888not-9-vir5s1ez.cpl
c:\windows\31939not-a-ziru54e5.dll
c:\windows\31955noz-a-virus459.exe
c:\windows\319czpar5e3005.cpl
c:\windows\31azspa9se22735.dll
c:\windows\31z49wor54bd.ocx
c:\windows\32257spazbo9231.dll
c:\windows\32391wzrm5985.bin
c:\windows\32536vi5uz9c5.exe
c:\windows\3259zteal3074.dll
c:\windows\325z3n9t-a-virus5295.cpl
c:\windows\3270zpamb9t55f.dll
c:\windows\329z4hackto5l3be.bin
c:\windows\34099hrea519z95.cpl
c:\windows\34z9sp5556.cpl
c:\windows\3553spa5se9z26.ocx
c:\windows\355d9ownloader765z.bin
c:\windows\35z39sp97b9.ocx
c:\windows\3651spyzare31429.exe
c:\windows\36a0vir5z69.cpl
c:\windows\36z3vi92155.bin
c:\windows\3760vir2595z.dll
c:\windows\377cs5arze22389.ocx
c:\windows\39189ro5z32.ocx
c:\windows\39975hief2836z.cpl
c:\windows\39b9addwa5z1725.cpl
c:\windows\39c0spar5e1z85.cpl
c:\windows\3a34d5wn9oader288z.ocx
c:\windows\3ab5ba9k5ozr1852.cpl
c:\windows\3b39sz5rse296.bin
c:\windows\3bf5dowzloader2559.cpl
c:\windows\3e059owzl5ader2045.bin
c:\windows\3z39s5eal42.bin
c:\windows\3z50vir9577.dll
c:\windows\3z59not-a-5irus5f09.cpl
c:\windows\3z64dow95oader1649.cpl
c:\windows\3z76th9ef3544.bin
c:\windows\407d9ack5oor460z.ocx
c:\windows\41bzdownloa5er2739.bin
c:\windows\4267not-a-95rus3z3.cpl
c:\windows\42795zrm542.exe
c:\windows\4359downz9ader730.dll
c:\windows\45e2addwarz9775.ocx
c:\windows\45z0tro965a.ocx
c:\windows\4672steaz28459.dll
c:\windows\46b25ackd9orz395.bin
c:\windows\47559ir5z652.ocx
c:\windows\4909doznloader2735.cpl
c:\windows\4926hack59ol2zf.dll
c:\windows\4930ad5ware2z23.exe
c:\windows\4948spars5181z.ocx
c:\windows\496bth5ef221z.bin
c:\windows\49b3addwaze2505.bin
c:\windows\4b09threa9812z5.ocx
c:\windows\4bb49zr5at13949.dll
c:\windows\4c51s9ywaze1866.dll
c:\windows\4d085ddware9225z.exe
c:\windows\4d94steal56z9.bin
c:\windows\4dz9vir9549.bin
c:\windows\4fz29ddware1858.exe
c:\windows\5050thr9at319z9.dll
c:\windows\50a6downloader1z49.dll
c:\windows\517z9spam9ot5cd.exe
c:\windows\526dsp5warz3922.exe
c:\windows\5301ztroj489.ocx
c:\windows\5349zworm69e.dll
c:\windows\53560worz319.bin
c:\windows\535adoznloader9205.cpl
c:\windows\535z9ir2949.bin
c:\windows\53cadoznlo9der274.dll
c:\windows\53d85hreat31z98.cpl
c:\windows\5490spazb9t68d.exe
c:\windows\54956sz94c6.bin
c:\windows\5507vizus6f29.ocx
c:\windows\551cbackdoor91z9.exe
c:\windows\564e9pyware31z2.dll
c:\windows\568zstea9185.cpl
c:\windows\56fev9r1z36.bin
c:\windows\56z9steal28505.exe
c:\windows\5712bac95ooz213.ocx
c:\windows\57381spambztd9.ocx
c:\windows\57949worz5e5.exe
c:\windows\57e9stez944.ocx
c:\windows\5894t5oz494.exe
c:\windows\58997spy9zb.dll
c:\windows\5969thzeat10192.dll
c:\windows\596zspywar51391.dll
c:\windows\59755not-a-vir9s2dz.dll
c:\windows\59892wo9m55dz.cpl
c:\windows\5996th9efz1715.exe
c:\windows\59a2steaz891.cpl
c:\windows\59acsp5ware2z43.ocx
c:\windows\59c9viz2648.bin
c:\windows\59z9thief2808.cpl
c:\windows\5aa9baczdoor2566.ocx
c:\windows\5b58downz9ader905.exe
c:\windows\5b6fsp59ze1630.cpl
c:\windows\5b8cthreat91961z.dll
c:\windows\5bz9downloader2598.ocx
c:\windows\5c60zddwar512709.cpl
c:\windows\5cczvir14429.ocx
c:\windows\5czaddwar92525.dll
c:\windows\5e0zbackdo9r1455.exe
c:\windows\5f4caddwzr92959.dll
c:\windows\5z50thie5919.dll
c:\windows\5z87ba9kdoor1743.cpl
c:\windows\605z9teal2469.dll
c:\windows\605ztroj509.dll
c:\windows\6096zddwa5e147.dll
c:\windows\60ds5yware1960z.ocx
c:\windows\61559pzmbot5c9.exe
c:\windows\6343s5arsz13079.dll
c:\windows\6467dow59oadzr1479.cpl
c:\windows\64d3d9wnlo5der10z4.cpl
c:\windows\64z4spy59re1281.ocx
c:\windows\6504download9r131z.dll
c:\windows\65adad9warez107.exe
c:\windows\65bathze51962.dll
c:\windows\6614addwzr53098.cpl
c:\windows\6639zpywa9e1295.ocx
c:\windows\665t5reat2974z.ocx
c:\windows\687t5ie91z0.dll
c:\windows\68addow5zoader915.ocx
c:\windows\68b8sza5se1429.exe
c:\windows\68bz59reat1164.ocx
c:\windows\6913backd5or2355z.exe
c:\windows\6918sp5rse2526z.ocx
c:\windows\694d5hrzat29420.exe
c:\windows\695bspyware29z9.bin
c:\windows\695ddo5nloader22z9.cpl
c:\windows\6bbbzparse2591.dll
c:\windows\6d909pars51z77.bin
c:\windows\6z29thre5t25724.cpl
c:\windows\6z639ot-a-virus3e5.ocx
c:\windows\6z805ir1955.cpl
c:\windows\6zb9thie5672.ocx
c:\windows\6zbcs9e5l993.dll
c:\windows\70d5szyware97425.exe
c:\windows\73fb5azkdoor23959.ocx
c:\windows\7429viz9295.bin
c:\windows\74f2t9reat3051z.ocx
c:\windows\751zvir1393.dll
c:\windows\752aaddzare9285.ocx
c:\windows\754z9ir1486.bin
c:\windows\7566spzw95e1226.bin
c:\windows\756zthi953125.cpl
c:\windows\7588zir9s339.exe
c:\windows\7599spyware200z.dll
c:\windows\7755spz9bot5f4.cpl
c:\windows\77fathrzat5978.ocx
c:\windows\7850spy9are2398z.bin
c:\windows\786495rmz3.cpl
c:\windows\788cdownloz95r400.cpl
c:\windows\78baspars599z.exe
c:\windows\7944z9rea524105.cpl
c:\windows\79z4thr5at14911.dll
c:\windows\7bb5hief1938z.dll
c:\windows\7cb9spzwar91135.cpl
c:\windows\7fefth5eaz181379.dll
c:\windows\8087za5kt9ol4f.ocx
c:\windows\8275owzlo9der968.ocx
c:\windows\837baczdoor2995.bin
c:\windows\8391spz4d5.bin
c:\windows\85zvir25489.cpl
c:\windows\8z50w9rm7b8.dll
c:\windows\90513z5rus556.bin
c:\windows\90zf5ir2599.ocx
c:\windows\91277sz520.bin
c:\windows\915w9zm5d9.exe
c:\windows\91e3backdozr425.ocx
c:\windows\91f4st5zl2812.bin
c:\windows\920athr5at1619z.bin
c:\windows\9263n9t5a-viruz365.cpl
c:\windows\926fbazkdoor32205.dll
c:\windows\92886tzo5c8.dll
c:\windows\9335tzreat1475.dll
c:\windows\937espywarez259.dll
c:\windows\9461zroj2ef5.exe
c:\windows\95196s5ambzt44.exe
c:\windows\953esparsz584.cpl
c:\windows\9594zspambot4555.dll
c:\windows\959cthiez50.exe
c:\windows\95d0baczdoor3227.exe
c:\windows\9688wozm105.dll
c:\windows\969zvirus5a1.dll
c:\windows\96baddwaze14559.dll
c:\windows\98536nzt-a-virus2b5.exe
c:\windows\98fzaddware5472.bin
c:\windows\9999not-a-vi5us6z7.ocx
c:\windows\9bz4addware2050.exe
c:\windows\9c2zsteal17785.ocx
c:\windows\9c84spazse1575.dll
c:\windows\9d51virz161.dll
c:\windows\9e36back5zor2278.cpl
c:\windows\9e7asparsez9695.cpl
c:\windows\9e84thzef26635.dll
c:\windows\9fct59ef8z4.ocx
c:\windows\9z5ebackdoor2477.bin
c:\windows\beczhief21895.bin
c:\windows\e7zdow5loader898.ocx
c:\windows\fz8thr5a917757.exe

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
c:\windows\system32\10706v9ru56zb.cpl
c:\windows\system32\11595tro9zc5.bin
c:\windows\system32\1170ste9lz5.ocx
c:\windows\system32\11935szy755.dll
c:\windows\system32\11z849p5146.ocx
c:\windows\system32\12279sp9mbot5d1z.bin
c:\windows\system32\122s9ywzr5323.bin
c:\windows\system32\12539troz5b19.dll
c:\windows\system32\126099ot-a-virusza35.bin
c:\windows\system32\12852hazktool19d5.bin
c:\windows\system32\1295vir2z945.bin
c:\windows\system32\1339spyz915.bin
c:\windows\system32\13978notza-5i9us1b8.ocx
c:\windows\system32\14158h9zktool260.cpl
c:\windows\system32\142795pz147.cpl
c:\windows\system32\14d89p5ware3252z.dll
c:\windows\system32\15257s9ambot7zf.ocx
c:\windows\system32\15368n9t-5-vzrus4c8.ocx
c:\windows\system32\1539zworm229.bin
c:\windows\system32\15509pzdc.bin
c:\windows\system32\155z9py5b9.ocx
c:\windows\system32\157039py26bz.exe
c:\windows\system32\16539tr5j5cdz.exe
c:\windows\system32\16991trzj79b5.cpl
c:\windows\system32\1719sp5zse3010.exe
c:\windows\system32\1726d59nloader2z7.ocx
c:\windows\system32\17323h95ztool4b5.exe
c:\windows\system32\17959v5z9sc2.ocx
c:\windows\system32\179bstz9l505.exe
c:\windows\system32\17z55troj549.bin
c:\windows\system32\189485ot-a-zirus91c.dll
c:\windows\system32\18982szambot545.ocx
c:\windows\system32\189ct5ief251z.exe
c:\windows\system32\18f3thrza918605.exe
c:\windows\system32\18z56not5a-virus47f9.exe
c:\windows\system32\19372vi5uz94a.cpl
c:\windows\system32\19499tzo55c7.dll
c:\windows\system32\1950backdoz52805.exe
c:\windows\system32\19569tzoj2895.ocx
c:\windows\system32\1959trojz6.cpl
c:\windows\system32\1966szeal553.bin
c:\windows\system32\19z8vir32965.ocx
c:\windows\system32\1c37th9ezt7651.cpl
c:\windows\system32\1c9evir245z5.dll
c:\windows\system32\1df1threa51229z.ocx
c:\windows\system32\1f75spyw9re8z1.ocx
c:\windows\system32\1z1295orm959.ocx
c:\windows\system32\1z289i573.ocx
c:\windows\system32\1z28hacktoo59c.exe
c:\windows\system32\1z58worm499.ocx
c:\windows\system32\1z654hacktool2b9.ocx
c:\windows\system32\1z777spa5bot1589.bin
c:\windows\system32\1z98wo9m651.bin
c:\windows\system32\1ze9addwar911205.bin
c:\windows\system32\206455ot9azvirus38d.dll
c:\windows\system32\206z69ot-5-virusaf.cpl
c:\windows\system32\20946hacktool25z.ocx
c:\windows\system32\20z70sp5519.cpl
c:\windows\system32\21238s9amzot6515.dll
c:\windows\system32\212659ot-a-zirus4b5.cpl
c:\windows\system32\21340sp92az5.exe
c:\windows\system32\22190vi5zs5f2.ocx
c:\windows\system32\225725p9mzot57f.ocx
c:\windows\system32\227715r9j23z.exe
c:\windows\system32\22z16hack9ool105.exe
c:\windows\system32\23005ha5kt9oz29e.ocx
c:\windows\system32\2319tr5j7zb.exe
c:\windows\system32\2337back5zor12709.bin
c:\windows\system32\23757w9r57cz.dll
c:\windows\system32\240459zy2d.ocx
c:\windows\system32\240859orm1z.bin
c:\windows\system32\2417s5zmbot39d.bin
c:\windows\system32\24305zp9mbot455.cpl
c:\windows\system32\24532zo5-a-virus559.cpl
c:\windows\system32\24769wz5m950.ocx
c:\windows\system32\24z59t59j6d3.cpl
c:\windows\system32\25195spy2dz5.cpl
c:\windows\system32\25456szy5d9.dll
c:\windows\system32\25579wzrm75c.dll
c:\windows\system32\25905troj939z.dll
c:\windows\system32\25c0sparsz932.cpl
c:\windows\system32\26445s9ambzt3a.bin
c:\windows\system32\26926vi5zs4c0.bin
c:\windows\system32\26aa9d5warez987.exe
c:\windows\system32\26z055r9j371.bin
c:\windows\system32\27210h9ckt5ol4zd.ocx
c:\windows\system32\273579pyz65.dll
c:\windows\system32\27904not-59virzs70d.bin
c:\windows\system32\27913ha5ktooz73b.dll
c:\windows\system32\27916spam5ot656z.bin
c:\windows\system32\27970tz5j499.bin
c:\windows\system32\28368wozm7495.cpl
c:\windows\system32\2922s5arse3074z.exe
c:\windows\system32\293405ack9oolz41.bin
c:\windows\system32\29344zac59ool52e.cpl
c:\windows\system32\29596h5cktool4e4z.ocx
c:\windows\system32\2959t9oz2a8.cpl
c:\windows\system32\298965roj55z.bin
c:\windows\system32\29898troz552.exe
c:\windows\system32\29943tr5z39a.ocx
c:\windows\system32\29951s5ambzt53f.exe
c:\windows\system32\29a6downzoad5r1494.bin
c:\windows\system32\29z39spy75e.dll
c:\windows\system32\29z5threat937.exe
c:\windows\system32\2cd55hreat1829z9.dll
c:\windows\system32\2d9b5parsz669.bin
c:\windows\system32\2e99steaz581.bin
c:\windows\system32\2ec9spywzre2535.cpl
c:\windows\system32\2z3125pambo97e0.cpl
c:\windows\system32\2z384s952e8.exe
c:\windows\system32\2z46sp5mb9t6e1.exe
c:\windows\system32\2z56spy5029.exe
c:\windows\system32\3025zhackto9l1285.dll
c:\windows\system32\30887not-5-vi9zs710.ocx
c:\windows\system32\30915pyware32z7.cpl
c:\windows\system32\31324tro9252z.ocx
c:\windows\system32\31564v5ruz429.exe
c:\windows\system32\31a5backdooz5988.dll
c:\windows\system32\32260hac9t5ol616z.cpl
c:\windows\system32\3291downzoa9er5005.exe
c:\windows\system32\32bzthie530539.cpl
c:\windows\system32\32e7zackdoor10589.ocx
c:\windows\system32\3361t9i5f26z1.dll
c:\windows\system32\345zthief119.exe
c:\windows\system32\3519vir9z5c0.dll
c:\windows\system32\35634virus94z.exe
c:\windows\system32\3589spambot3z.dll
c:\windows\system32\359zadd5are544.exe
c:\windows\system32\35b6zi91445.exe
c:\windows\system32\35z39ro5758.bin
c:\windows\system32\382cba5k9ooz1214.ocx
c:\windows\system32\38e6t9reat5721z.cpl
c:\windows\system32\39295nzt5a-virus11b.bin
c:\windows\system32\39z9sp9rs5260.ocx
c:\windows\system32\3a9th5e9tz541.cpl
c:\windows\system32\3b85viz26019.dll
c:\windows\system32\3e87spars9513z.exe
c:\windows\system32\3ed5zte5l987.bin
c:\windows\system32\3z45threat1983.cpl
c:\windows\system32\3z609worm7925.dll
c:\windows\system32\3z75s9arse16005.ocx
c:\windows\system32\3z96s5y399.cpl
c:\windows\system32\4075spzmbot1b9.cpl
c:\windows\system32\42a4bazkd5or2957.dll
c:\windows\system32\44165zreat97736.dll
c:\windows\system32\4525backdooz8259.ocx
c:\windows\system32\457ethreat9z675.cpl
c:\windows\system32\45c1spyware998z.ocx
c:\windows\system32\45d29ddwarez63.dll
c:\windows\system32\475cvi91z5.dll
c:\windows\system32\47e5b59kdoor30z1.ocx
c:\windows\system32\47fzbackdoo91568.bin
c:\windows\system32\4869spz559.ocx
c:\windows\system32\491ddowzlo5der2574.cpl
c:\windows\system32\491eba5kdoorz502.cpl
c:\windows\system32\491t5oj4dz.ocx
c:\windows\system32\4987addware9551z.bin
c:\windows\system32\4bb7dow5l9ader15z0.bin
c:\windows\system32\4cedtzreat959495.dll
c:\windows\system32\4cz5vir8569.exe
c:\windows\system32\4f11spy9are222z5.bin
c:\windows\system32\4f93tzief1259.cpl
c:\windows\system32\4z2595r348.ocx
c:\windows\system32\4z34tr9j785.cpl
c:\windows\system32\5002not-a-v9rzs41.dll
c:\windows\system32\50b55ddwaze32649.bin
c:\windows\system32\50z29worm4b29.exe
c:\windows\system32\51105virus9ez.exe
c:\windows\system32\51324spa9bot2z5.exe
c:\windows\system32\5172spywz9e14175.ocx
c:\windows\system32\5213zparse94025.dll
c:\windows\system32\5249downlzader809.dll
c:\windows\system32\52583spy76z9.ocx

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
c:\windows\system32\527not-a-vizu96a9.dll
c:\windows\system32\52b3spywar91z62.dll
c:\windows\system32\530ba9dware8z9.dll
c:\windows\system32\53c8sp9warz947.dll
c:\windows\system32\53d0spzrse1695.dll
c:\windows\system32\5455bac5d9orz881.bin
c:\windows\system32\545ack9oor670z.ocx
c:\windows\system32\5535v9ruz6235.dll
c:\windows\system32\554bs9arz5903.bin
c:\windows\system32\55576hackzoo96f6.ocx
c:\windows\system32\5570dzwnloade91255.cpl
c:\windows\system32\55e7thz9at24697.exe
c:\windows\system32\5656zot-a-vi9us6cd.bin
c:\windows\system32\57aavirz659.ocx
c:\windows\system32\57z9b9ckdoor2255.ocx
c:\windows\system32\581f59rz49.bin
c:\windows\system32\58375parze5259.exe
c:\windows\system32\587zsparse2289.exe
c:\windows\system32\58914hackt9oz3ee.ocx
c:\windows\system32\58f1adz5are949.dll
c:\windows\system32\592ztroj5b0.cpl
c:\windows\system32\594c5ownloaderz819.ocx
c:\windows\system32\596dthreat1z279.dll
c:\windows\system32\5979b9ckdoor1890z.exe
c:\windows\system32\59915h9eat26663z.exe
c:\windows\system32\59995zoj6d49.cpl
c:\windows\system32\59dfzparse955.ocx
c:\windows\system32\5a0bs5eal32z9.exe
c:\windows\system32\5a50t9reat15z39.dll
c:\windows\system32\5b5f9ownloader3z50.cpl
c:\windows\system32\5b9ath5zat2955.ocx
c:\windows\system32\5c3t5zef2943.exe
c:\windows\system32\5c6a5pyware50z9.ocx
c:\windows\system32\5d0a5hreaz5909.cpl
c:\windows\system32\5d11s9ealz64.ocx
c:\windows\system32\5dd1stezl9589.dll
c:\windows\system32\5ea99i5314z.cpl
c:\windows\system32\5ec9szy5are2593.ocx
c:\windows\system32\5f39backdoor27z8.bin
c:\windows\system32\5fadbazkdoo92837.ocx
c:\windows\system32\5fzcthr5at23149.exe
c:\windows\system32\5z57w9rm259.bin
c:\windows\system32\5z79n5t-a-viru95b7.ocx
c:\windows\system32\5z9threat51941.bin
c:\windows\system32\604cspyware9z575.bin
c:\windows\system32\607ddowzload5r2694.cpl
c:\windows\system32\614baddzar93591.cpl
c:\windows\system32\619et5rezt18294.bin
c:\windows\system32\62159hzef2305.bin
c:\windows\system32\6279b5ckdoor1z80.ocx
c:\windows\system32\6332s5eal31z19.bin
c:\windows\system32\63565p9zbot5de.exe
c:\windows\system32\6397st5al82z.bin
c:\windows\system32\6508th9eat3575z.bin
c:\windows\system32\6517not-a-virus4z9.cpl
c:\windows\system32\651cspzr9e263.cpl
c:\windows\system32\655azparse2998.cpl
c:\windows\system32\6584h5c9toolz7f.cpl
c:\windows\system32\65945py39z.exe
c:\windows\system32\6597virus60z.bin
c:\windows\system32\659fvir426z.exe
c:\windows\system32\65c99hief1z50.ocx
c:\windows\system32\65fcdo9nloaderz47.ocx
c:\windows\system32\665asparze9521.ocx
c:\windows\system32\6692thi5z1929.cpl
c:\windows\system32\66zest5al9711.bin
c:\windows\system32\67espars539z3.dll
c:\windows\system32\6867wor9552z.ocx
c:\windows\system32\69z7sparse351.cpl
c:\windows\system32\69zest59l2088.ocx
c:\windows\system32\6ab0ad9wa5e213z.dll
c:\windows\system32\6c0sp9rsez715.dll
c:\windows\system32\6c45downloadzr905.cpl
c:\windows\system32\6c97zpy9are5190.exe
c:\windows\system32\6dd4spy9arz3506.dll
c:\windows\system32\6f8a5zyw9re883.dll
c:\windows\system32\6z439ro53fc.ocx
c:\windows\system32\6z9dv5r893.ocx
c:\windows\system32\6ze7addw5re19689.cpl
c:\windows\system32\7054downlzader58349.ocx
c:\windows\system32\7295ad9ware25z6.dll
c:\windows\system32\72d4downlzad5r968.cpl
c:\windows\system32\7353szeal2249.bin
c:\windows\system32\7406add9zre1345.exe
c:\windows\system32\7427s9zrse27455.dll
c:\windows\system32\7483v5ru93ze.bin
c:\windows\system32\751ftzief1559.exe
c:\windows\system32\75509hiez3059.ocx
c:\windows\system32\7559thief111z.bin
c:\windows\system32\7574nzt-a-vi9u513.ocx
c:\windows\system32\75a5thzef459.ocx
c:\windows\system32\7693no5-a-vizus943.ocx
c:\windows\system32\76z0spa9se1755.ocx
c:\windows\system32\78595tealz309.exe
c:\windows\system32\78a75ownloade92z42.dll
c:\windows\system32\790b9oznlo5der706.exe
c:\windows\system32\791d5ackdoor9026z.dll
c:\windows\system32\7953vir9z5.bin
c:\windows\system32\798zv5r293.bin
c:\windows\system32\7995sp5rsz2141.dll
c:\windows\system32\79zd5ackdoor2570.cpl
c:\windows\system32\7aaestezl5995.dll
c:\windows\system32\7b039d5waze2527.dll
c:\windows\system32\7bz99hief2351.exe
c:\windows\system32\7c5e5ackdozr2219.ocx
c:\windows\system32\7cz195r580.dll
c:\windows\system32\7d7dzwnloa9e52966.cpl
c:\windows\system32\7d80d9wnzoa5er136.bin
c:\windows\system32\7z15v9r2563.bin
c:\windows\system32\7z88s5yware1597.ocx
c:\windows\system32\7zd1thief56529.ocx
c:\windows\system32\8000tz9j258.exe
c:\windows\system32\85fdow5lzade92897.cpl
c:\windows\system32\9029zroj252.bin
c:\windows\system32\905espyware311z.bin
c:\windows\system32\911bspy5arez999.dll
c:\windows\system32\91574z5cktool7b0.ocx
c:\windows\system32\919z8h5cktool4da.exe
c:\windows\system32\91czspyware24825.bin
c:\windows\system32\920z9arse4985.cpl
c:\windows\system32\9287wo5z179.cpl
c:\windows\system32\92ddsteal5z82.bin
c:\windows\system32\934spamboz659.cpl
c:\windows\system32\9350h5cztool9b.cpl
c:\windows\system32\9435vizus3ed.cpl
c:\windows\system32\95072hacktooz1e4.ocx
c:\windows\system32\9515zorm239.ocx
c:\windows\system32\95280not-a-viruszb5.dll
c:\windows\system32\9556z9oj38f.dll
c:\windows\system32\95585troj5zb.cpl
c:\windows\system32\95605p9598z.cpl
c:\windows\system32\9563addwarz265.bin
c:\windows\system32\956thief290z.dll
c:\windows\system32\958fthreat7z03.exe
c:\windows\system32\95czir54.exe
c:\windows\system32\96656szambot540.exe
c:\windows\system32\96815pzrse2220.bin
c:\windows\system32\976szarse2357.bin
c:\windows\system32\987zvir2585.bin
c:\windows\system32\991vi5usz9b.ocx
c:\windows\system32\99506not-z-viru5659.cpl
c:\windows\system32\9967z5am9ot61.ocx
c:\windows\system32\99z45py243.ocx
c:\windows\system32\9a14zhie52401.dll
c:\windows\system32\9b25py9are2z1.exe
c:\windows\system32\9b75tzreat29355.ocx
c:\windows\system32\9b7t5ief3076z.ocx
c:\windows\system32\9be9addware35z3.exe
c:\windows\system32\9c6zpyw5re285.dll
c:\windows\system32\9d4aadd5arez647.cpl
c:\windows\system32\9z19virus5de.cpl
c:\windows\system32\9z21steal558.ocx
c:\windows\system32\aa35parsz2971.ocx
c:\windows\system32\ae7add5zr9500.dll
c:\windows\system32\af5addware199z.cpl
c:\windows\system32\b5d9dzware2586.dll
c:\windows\system32\b91zteal5960.cpl
c:\windows\system32\becthz5a923613.bin
c:\windows\system32\d9fdownloade5z0639.bin
c:\windows\system32\ddzt5ief25599.exe
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\e1baddw9re29z5.cpl
c:\windows\system32\e99virz9645.cpl
c:\windows\system32\eb5downloz9er997.dll
c:\windows\system32\f00v952371z.bin
c:\windows\system32\setup2.exe
c:\windows\system32\z0535spy59f.bin
c:\windows\system32\z0639troj7555.exe
c:\windows\system32\z0818hackto5l579.dll
c:\windows\system32\z19cthreat53952.cpl
c:\windows\system32\z2015teal3096.exe
c:\windows\system32\z20669o5-a-virus5ed.bin
c:\windows\system32\z2242wor597a.dll
c:\windows\system32\z234d5wnloader1190.exe
c:\windows\system32\z246back5oor17249.bin
c:\windows\system32\z260addwar95463.exe
c:\windows\system32\z2899sp575f.cpl
c:\windows\system32\z39spy755.bin
c:\windows\system32\z436spyw9r52227.dll
c:\windows\system32\z49e9hreat32235.cpl
c:\windows\system32\z5094wo5m399.bin
c:\windows\system32\z5230v5rus973.dll
c:\windows\system32\z565spyware1955.bin
c:\windows\system32\z58559iru55b6.dll
c:\windows\system32\z6caadd9are2957.cpl
c:\windows\system32\z7945ddware2871.ocx
c:\windows\system32\z7d7spyw5re1498.exe
c:\windows\system32\z881vi9451.ocx
c:\windows\system32\z905addw9re3015.exe
c:\windows\system32\z9198troj359.bin
c:\windows\system32\z938spy59d.ocx
c:\windows\system32\z93e59arse1124.cpl
c:\windows\system32\z9878n5t-a-virus244.cpl
c:\windows\system32\z995not-a-virus797.cpl
c:\windows\system32\z9f5vir503.ocx
c:\windows\system32\zb51vi91930.ocx
c:\windows\system32\zbb1backdoo52968.exe
c:\windows\system32\zcbcsp5ware2529.bin
c:\windows\system32\ze95ddware2302.bin
c:\windows\system32\zec9thi5f1292.dll
c:\windows\system32\zf9cth5eat32453.dll

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
c:\windows\z0165t9oj6e5.ocx
c:\windows\z075troj954.cpl
c:\windows\z1059hacktool6d9.cpl
c:\windows\z1580not-a9virus530.ocx
c:\windows\z1650wor955.exe
c:\windows\z191tr5j92b.exe
c:\windows\z196spambot158.dll
c:\windows\z35965a9ktool345.dll
c:\windows\z35985irus971.exe
c:\windows\z4007not-5-v9rus508.dll
c:\windows\z40not-9-virus757.cpl
c:\windows\z4370virus3c59.dll
c:\windows\z4525s9yb1.dll
c:\windows\z525s59115.exe
c:\windows\z5377hack9ool594.cpl
c:\windows\z6502spy449.exe
c:\windows\z672download9r27725.exe
c:\windows\z6bbthi9f4695.cpl
c:\windows\z7649s5y1dc.dll
c:\windows\z8095spy75c.ocx
c:\windows\z8b4addw9re5014.exe
c:\windows\z915w9rm321.cpl
c:\windows\z9927virus145.dll
c:\windows\z9b75ackdoor1938.exe
c:\windows\z9ceba9kdoor5625.cpl
c:\windows\zf75v9r1292.dll
c:\windows\zfca95r2595.ocx

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 03:10 . 2009-06-03 03:10 -------- d-----w- c:\users\sean\AppData\Local\temp
2009-06-03 03:10 . 2009-06-03 03:10 -------- d-----w- c:\users\Wormy\AppData\Local\temp
2009-06-02 03:59 . 2009-06-02 03:59 -------- d-----w- c:\program files\Trend Micro
2009-06-02 03:36 . 2009-06-02 03:36 -------- d-----w- c:\windows\Sun
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\users\sean\AppData\Roaming\Malwarebytes
2009-06-02 03:20 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 03:20 . 2009-06-02 03:20 -------- d-----w- c:\programdata\Malwarebytes
2009-06-02 03:20 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 03:09 . 2009-06-02 03:09 574 ----a-w- C:\cleanup.bat
2009-06-02 03:09 . 2009-06-02 03:09 19286 ----a-w- C:\cleanup.exe
2009-06-02 03:09 . 2009-06-02 03:09 135168 ----a-w- C:\zip.exe
2009-06-02 01:25 . 2009-06-02 01:25 5179 ----a-w- c:\windows\54t59jz.exe
2009-06-02 01:24 . 2009-06-02 01:24 348160 ----a-w- c:\windows\system32\blocker.dll
2009-05-18 15:05 . 2009-05-08 16:49 486168 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-18 15:05 . 2009-05-08 16:49 2051864 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-18 15:05 . 2009-05-08 16:49 354584 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-05-18 15:05 . 2009-05-08 16:49 3288344 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-05-18 15:05 . 2009-05-08 16:49 424472 ----a-w- c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-18 15:05 . 2009-05-08 16:49 312088 ----a-w- c:\programdata\avg8\update\backup\avglngx.dll
2009-05-18 15:05 . 2009-05-08 16:49 177432 ----a-w- c:\programdata\avg8\update\backup\avgmail.dll
2009-05-18 15:02 . 2009-05-08 16:44 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-05-18 15:02 . 2009-05-08 16:44 1437464 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-05-17 16:19 . 2009-05-08 16:49 2302232 ----a-w- c:\programdata\avg8\update\backup\avguiadv.dll
2009-05-17 16:19 . 2009-05-08 16:49 3399960 ----a-w- c:\programdata\avg8\update\backup\avgui.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 03:36 . 2007-09-28 21:36 1356 ----a-w- c:\users\sean\AppData\Local\d3d9caps.dat
2009-05-28 17:18 . 2009-02-04 05:14 -------- d-----w- c:\program files\Curse
2009-05-14 10:02 . 2007-10-14 03:52 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 10:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 16:49 . 2009-02-03 17:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-08 16:49 . 2008-04-27 23:03 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-08 16:49 . 2008-04-27 23:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-06 07:40 . 2008-05-20 22:39 -------- d-----w- c:\programdata\media center programs
2009-04-19 10:12 . 2009-04-19 10:12 -------- d-----w- c:\program files\MagicDisc
2009-04-19 10:08 . 2009-04-19 10:08 -------- d-----w- c:\program files\MagicISO
2009-03-17 03:38 . 2009-04-16 20:20 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:20 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 21:18 . 2009-04-05 20:52 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-04-05 20:52 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-04-05 20:52 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-04-05 20:52 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 22:27 . 2009-04-05 20:52 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 22:27 . 2009-04-05 20:52 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 22:27 . 2009-04-05 20:52 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-05-15 1933312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 1261568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RandMAC"="c:\program files\MadMACs1.2\MadMACs\MadMACs.exe" [2008-08-07 253245]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 92704]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-02-13 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-02-13 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-05-26 1283344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Wormy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OneNote Table Of Contents.onetoc2 [2009-4-4 3656]

c:\users\sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-4-19 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk
backup=c:\windows\pss\Hawking Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{98B127AE-85A5-4079-AC46-70C42CC7DE43}c:\\program files\\turbine\\dungeons & dragons online - stormreach\\dndclient.exe"= UDP:c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"UDP Query User{4C8FD282-2335-44C7-A9D8-49A154ECE0C3}c:\\program files\\turbine\\dungeons & dragons online - stormreach\\dndclient.exe"= TCP:c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"TCP Query User{F21FCED1-918C-44EF-86D3-AFC64ACF2B11}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{1F321628-792B-40A8-B9BF-886B8A39F577}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{D73528E4-E97F-4D39-9460-7CE6F30678D2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1875E92A-9C70-4C1F-95FA-D3A0B69600B9}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DFCC8892-E928-4F01-90B8-7548739FFA75}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3585F77C-E717-4272-AEA4-76A64796BC12}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{97842A9F-CE6C-4056-B4DF-EC5F7E19F623}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D3A35673-DD95-4E7F-8E8F-DE19E5BF2652}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{35CAD35F-69E1-4C9A-A781-8091772553AB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0EC37945-EC97-481A-8594-5E82176C5A14}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{4AC8A5F9-35DB-41E0-95E2-A18B9B868B4A}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{596970D5-3A9D-4BFC-ACEF-F1FD98F2807B}c:\\matrix games\\empires in arms\\update.exe"= UDP:c:\matrix games\empires in arms\update.exe:TrueUpdate Client
"UDP Query User{DDCCD428-96CC-4625-B803-5A31503F49BC}c:\\matrix games\\empires in arms\\update.exe"= TCP:c:\matrix games\empires in arms\update.exe:TrueUpdate Client
"{94AFD6CC-2891-4794-B06E-2CE7FC432867}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{66B2C133-F1F2-4D2C-8A4E-C00144A6B873}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3E239F7-E0AC-4C16-B5AF-E57B40C73C65}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{BB0FB226-F26B-4B3E-ADCE-08D19BAFF754}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D86F399E-B185-4FC8-B0BB-640AEE2269A4}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{565F1EF6-E355-4B03-900E-FDA7F2FD115F}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [6/27/2008 1:40 AM 335872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/27/2008 4:03 PM 325896]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/3/2009 10:43 AM 298776]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\System32\drivers\athru6.sys [7/5/2007 2:57 AM 873472]
S3 ctgame;Game Port;c:\windows\System32\drivers\CTGAME.SYS [2/13/2007 4:46 PM 19128]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinBlueSoft - (no file)
HKLM-RunOnce- - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 20:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-03 20:11
ComboFix-quarantined-files.txt 2009-06-03 03:11

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 67,143,356,416 bytes free

896 --- E O F --- 2009-06-02 00:59

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
I see that you are running BitLord.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitLord is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • BitLord

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
C:\cleanup.bat
C:\cleanup.exe
C:\zip.exe
c:\windows\54t59jz.exe
c:\windows\system32\blocker.dll

Folder::
c:\program files\bitlord

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F21FCED1-918C-44EF-86D3-AFC64ACF2B11}c:\\program files\\bitlord\\bitlord.exe"=-
"UDP Query User{1F321628-792B-40A8-B9BF-886B8A39F577}c:\\program files\\bitlord\\bitlord.exe"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Yet another Win Blue Problem Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

descriptionYet another Win Blue Problem EmptyRe: Yet another Win Blue Problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum