Winbluesoft

c:\windows\system32\7198spars918z5.dll
c:\windows\system32\725eaddw9r52677z.cpl
c:\windows\system32\74afzhi5f3998.exe
c:\windows\system32\74z9vi57189.ocx
c:\windows\system32\750ethzef2093.bin
c:\windows\system32\7550back9oorz023.exe
c:\windows\system32\7554spz9bot7ed.dll
c:\windows\system32\756s5z792.dll
c:\windows\system32\75769roj59z.exe
c:\windows\system32\7606v5z13449.exe
c:\windows\system32\7714bz5kdoor2009.dll
c:\windows\system32\781z9te5l2325.ocx
c:\windows\system32\7849azdwar913445.bin
c:\windows\system32\78d0addwaze9582.ocx
c:\windows\system32\7947hacktool1z59.bin
c:\windows\system32\7947zhr9at16935.ocx
c:\windows\system32\798zhackto5l2db.bin
c:\windows\system32\79be9te5lz056.bin
c:\windows\system32\79d5s5zal484.ocx
c:\windows\system32\7ae5steal918z.ocx
c:\windows\system32\7b9zthie5697.exe
c:\windows\system32\7c40thrza54389.cpl
c:\windows\system32\7c5bdown9oadez1313.cpl
c:\windows\system32\7c6ddow5loadez1982.exe
c:\windows\system32\7d9fvir353z.cpl
c:\windows\system32\7dc5addwarz97095.exe
c:\windows\system32\7z1bad9ware5867.exe
c:\windows\system32\83z9t5oj1b0.cpl
c:\windows\system32\8505hazk5ool4e39.dll
c:\windows\system32\8592worz539.ocx
c:\windows\system32\8784szambot59f.bin
c:\windows\system32\90417sp5z31.exe
c:\windows\system32\90615zrm5b09.ocx
c:\windows\system32\91069spz25.exe
c:\windows\system32\9115virz137.dll
c:\windows\system32\91494hack5ool1za.exe
c:\windows\system32\91665spam5ot57cz.bin
c:\windows\system32\9344zworm5d1.dll
c:\windows\system32\93758wor5cz.exe
c:\windows\system32\9481hack5zo9c5.bin
c:\windows\system32\949c5hrezt1406.ocx
c:\windows\system32\94zcadd5are2424.bin
c:\windows\system32\9511baczd5or2819.exe
c:\windows\system32\951spzm9ot4b0.cpl
c:\windows\system32\95854vir5s2cz.exe
c:\windows\system32\95vir974z.bin
c:\windows\system32\95z7spy4f0.dll
c:\windows\system32\9682s5y2zb9.bin
c:\windows\system32\96z4wo5m50f.ocx
c:\windows\system32\9735sparse21z3.ocx
c:\windows\system32\97925tealz1.dll
c:\windows\system32\97cszarse1915.dll
c:\windows\system32\9903wzrm453.bin
c:\windows\system32\9950spzrse436.dll
c:\windows\system32\9987zteal19235.exe
c:\windows\system32\9ebzhr9at15533.dll
c:\windows\system32\9z85troj1ed.bin
c:\windows\system32\9z93v5rus2e7.bin
c:\windows\system32\9zf55hief69.cpl
c:\windows\system32\a90addware59z.bin
c:\windows\system32\c5ft9r5az26654.bin
c:\windows\system32\d4dbackd9orz858.cpl
c:\windows\system32\d50stzal25795.ocx
c:\windows\system32\z0059troj4909.exe
c:\windows\system32\z0e3spyw9re5091.ocx
c:\windows\system32\z0f35ir892.bin
c:\windows\system32\z1273s5y6f9.dll
c:\windows\system32\z185spambot959.cpl
c:\windows\system32\z198spam9ot537.ocx
c:\windows\system32\z19a5ackdoor1543.exe
c:\windows\system32\z242vir21395.exe
c:\windows\system32\z259vir5305.exe
c:\windows\system32\z26not-a-v5ru942b.ocx
c:\windows\system32\z3299hackto9l615.dll
c:\windows\system32\z3d0backdo9r5685.cpl
c:\windows\system32\z4579ackdoor2332.cpl
c:\windows\system32\z485vir5980.bin
c:\windows\system32\z554stea91850.exe
c:\windows\system32\z5755hack9ool474.dll
c:\windows\system32\z576addwa593098.ocx
c:\windows\system32\z5a5steal22895.cpl
c:\windows\system32\z6952spambot2e5.ocx
c:\windows\system32\z6b8ste951179.dll
c:\windows\system32\z7705vi9us88.bin
c:\windows\system32\z898worm559.cpl
c:\windows\system32\z96309p563d.ocx
c:\windows\system32\z97495pambot677.dll
c:\windows\system32\z9818not-a-vir5s7b9.cpl
c:\windows\system32\z9863vi5us2189.cpl
c:\windows\system32\z9b3addware3259.exe
c:\windows\system32\z9esparse1556.dll
c:\windows\system32\z9f5steal958.exe
c:\windows\system32\zc5t9ief13235.cpl
c:\windows\system32\zc8fa5dw9re1635.dll
c:\windows\system32\zda5thre9t18283.cpl
c:\windows\system32\zf97d5wnloader2103.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LDISKL
-------\Service_ldiskl


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 19:27 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 19:27 . 2009-06-23 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 19:27 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 19:00 . 2009-06-23 19:00 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 14:33 . 2009-06-22 14:33 -------- d-----w- c:\program files\MSSOAP
2009-06-22 14:33 . 2009-06-22 14:33 -------- d-----w- c:\program files\Webroot
2009-06-20 13:42 . 2009-06-20 13:42 -------- d-----w- c:\program files\Enigma Software Group
2009-06-20 13:40 . 2009-06-23 02:28 -------- d-----w- c:\program files\STOPzilla!
2009-06-19 15:56 . 2009-06-19 15:56 14848 ----a-w- c:\windows\9z9wo5med.exe
2009-06-10 14:22 . 2009-06-10 14:22 152576 ----a-w- c:\documents and settings\Daniel Vancil\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 06:14 . 2009-06-04 06:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-03 14:08 . 2009-06-03 14:09 -------- d-----w- c:\documents and settings\Daniel Vancil\Application Data\Media Player Classic
2009-06-03 13:28 . 2009-06-04 20:19 -------- d-----w- c:\program files\Essentials Codec Pack
2009-05-25 14:03 . 2009-05-25 14:03 -------- d-----w- c:\documents and settings\Daniel Vancil\Local Settings\Application Data\Yahoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 18:48 . 2009-05-03 03:42 71464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-23 18:22 . 2008-08-13 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-22 14:24 . 2006-12-30 15:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 12:38 . 2006-06-29 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-20 13:41 . 2006-06-29 03:16 -------- d-----w- c:\program files\Common Files\STOPzilla!
2009-06-20 12:56 . 2007-11-23 18:17 -------- d-----w- c:\documents and settings\Daniel Vancil\Application Data\GetRightToGo
2009-06-18 12:48 . 2009-04-13 00:15 -------- d-----w- c:\program files\Galaxy Online
2009-06-10 14:23 . 2007-11-24 03:54 -------- d-----w- c:\program files\Java
2009-06-05 11:12 . 2008-12-29 11:25 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2009-05-25 13:55 . 2008-08-15 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-21 16:33 . 2008-12-01 17:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 19:13 . 2009-05-12 19:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-11 14:03 . 2008-08-13 17:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-11 14:03 . 2008-08-13 17:02 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-11 14:03 . 2008-08-13 17:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-11 14:03 . 2008-08-13 17:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-08 04:13 . 2006-10-29 17:56 20312 ----a-w- c:\documents and settings\Daniel Vancil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 04:18 . 2009-05-03 04:18 -------- d-----w- c:\program files\Bethesda Softworks
2009-05-03 04:18 . 2006-06-18 04:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-03 03:43 . 2009-05-03 02:14 -------- d-----w- c:\program files\WebEx
2009-05-03 03:39 . 2009-05-03 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-05-03 03:37 . 2009-05-03 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-05-03 02:13 . 2009-05-03 02:13 -------- d-----w- c:\program files\MSBuild
2009-05-03 02:11 . 2009-05-03 02:11 -------- d-----w- c:\program files\Reference Assemblies
2009-05-03 02:09 . 2009-05-03 02:09 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-05-03 02:08 . 2009-05-03 02:08 -------- d-----w- c:\program files\Linksys
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 15:58 . 2009-04-07 15:58 152576 ----a-w- c:\documents and settings\Daniel Vancil\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-07 15:30 . 2009-04-07 15:30 286720 ------w- c:\windows\Setup1.exe
2009-04-07 15:30 . 2009-04-07 15:30 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-03-26 01:44 . 2009-03-26 01:44 84992 ----a-w- c:\documents and settings\Daniel Vancil\Application Data\Sun\Java\Deployment\cache\6.0\18\24829952-47e7c3aa-n\atl2k.dll
2009-03-26 01:44 . 2009-03-26 01:44 131072 ----a-w- c:\documents and settings\Daniel Vancil\Application Data\Sun\Java\Deployment\cache\6.0\18\24829952-47e7c3aa-n\jflash.dll
2009-03-26 01:44 . 2009-03-26 01:44 102400 ----a-w- c:\documents and settings\Daniel Vancil\Application Data\Sun\Java\Deployment\cache\6.0\18\24829952-47e7c3aa-n\atl98.dll
2006-10-23 00:49 . 2006-10-23 00:49 560 ----a-w- c:\program files\Global.sw
2004-08-04 12:00 . 2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-04 12:00 50688 --sh--w- c:\windows\twain_32.dll
2004-07-30 06:04 . 2004-07-30 06:04 1216 --sh--w- c:\windows\Twunk_16.dll
2004-07-30 06:04 . 2004-07-30 06:04 1216 --sh--w- c:\windows\Twunk_32.dll
2008-04-14 00:11 . 2004-08-04 12:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-04 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-04 12:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-04 12:00 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-04 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-04 12:00 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-04 12:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-18 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-06-20 77824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

c:\documents and settings\Daniel Vancil\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\Downloads\GameSpot\GameSpotDownloadManager_Win32.exe [2008-4-16 876544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 05:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 14:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IGN\\Download Manager\\DLM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/13/2008 12:02 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/13/2008 12:02 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/13/2008 12:01 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/13/2008 12:01 PM 298776]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 4:30 AM 204800]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\Drivers\FarDrive.sys --> c:\windows\system32\Drivers\FarDrive.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [11/20/2008 10:30 PM 33752]
.
.
------- Supplementary Scan -------
.
uStart Page = www.excite.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: musicmatch.com\online
DPF: {CE837F87-F828-492E-91A6-9A24E529DBC2} - hxxp://microsoft.viewlicense.com/License/Distro/WinMedia_Updater.ocx
DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} - hxxp://download.globalhauri.com/Eng/online_up/vrupdate.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 15:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-484061587-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,96,6a,1f,1e,74,6b,1c,b8,a9,0a,a4,a3,47,2a,5d,79,a3,49,c0,03,d1,89,
79,6b,6c,98,b9,31,87,78,c6,ec,35,26,dc,43,1b,57,1c,7a,9a,20,c7,bf,7c,1a,7d,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-746137067-484061587-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:49,8f,53,62,a2,7f,35,8d,41,e6,4a,d2,fb,3b,d2,41,fc,ba,a5,05,2f,
5c,e3,6f,47,49,4b,b8,da,ff,16,f6,d7,70,ff,f5,10,3d,5f,0a,26,f8,39,cf,19,60,\
"rkeysecu"=hex:fe,9a,4a,a1,97,36,8a,e9,eb,f6,52,b9,44,d0,50,55
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)

I tried every single fix in this forum to no avail, 8 hours later, I tried Spyware Doctor Antivirus because they guaranteed their product would remove this virus/worm, and it worked. I paid $29.00 for a one year, 3 user license and that finally did it. I ran a full scan twice and somehow it finally removed the problem and the icon that nothing else would get rid of. So forget all this nonsense and trying to figure out which files to remove, they don't work. I was afraid this wouldn't work and I'd be out an additional $29.00 but it did fortunately which was a whole lot less than what I would have had to pay a tech person to come out and figure this out for me. Try it, hope it works for you but it definitely did for me and I am 100% novice. I have had to become somewhat self-sufficient or go broke trying to keep my office computers working. If you can't afford a full-time IT person you better get some education if you have to use PCs in your business. Good Luck!

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\9z9wo5med.exe
  
  :reg
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=-
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\windows\9z9wo5med.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\AntiVirusDisableNotify deleted successfully.

OTM by OldTimer - Version 3.0.0.1 log created on 06232009_162055

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Everything seems GREAT!!! You are a GOD!!! I'm short on money, but Friday I'll try to make a donation!!!