Can't update avg, spybot or malwarebytes

Hi everyone!

I believe I'm infected by some sort of virus/worm/malware.

I am unable to update AVG, spybot, or malwarebytes. I'll get a message saying can not connect to the server, or something like that, however my internet connections are fine. Also, my firewall is not blocking those programs.

Further more, I can not download the microsoft malicious program removal tool. A link opens up and says page can not be displayed. Also, I can not even access www.malwarebytes.org

In my amateur opinion, this sounds like conficker perhaps?

Any help would be appreaciated, my hijackthis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:04 PM, on 5/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Mattie Z\Desktop\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA2072] command /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Log\2007 Dec 17 - 03_36_20 PM_468.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4618] cmd /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Log\2007 Dec 17 - 03_36_20 PM_468.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1077] command /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Log\2007 Dec 17 - 03_36_28 PM_156.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7393] cmd /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Log\2007 Dec 17 - 03_36_28 PM_156.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8879] command /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Settings\ScanResults.pie"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2946] cmd /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Settings\ScanResults.pie"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6461] command /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Log\2007 Dec 17 - 03_36_20 PM_468.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5076] cmd /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Log\2007 Dec 17 - 03_36_20 PM_468.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3796] command /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Log\2007 Dec 17 - 03_36_28 PM_156.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7336] cmd /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Log\2007 Dec 17 - 03_36_28 PM_156.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7696] command /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Settings\ScanResults.pie"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8336] cmd /c del "C:\Documents and Settings\Mattie Z\Application Data\AdwareAlert\Settings\ScanResults.pie"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197220252328
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - https://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c9cc445acf6fda) (gupdate1c9cc445acf6fda) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 12558 bytes

Can someone please help me?

bump??

if no one can help me thats fine, just please say you don't have the time

Hello please be patient as you are not the only one who requires assistance.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

thank you so much for getting back to me! here's the combo-fix log:

ComboFix 09-05-26.02 - Mattie Z 05/26/2009 22:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.431 [GMT -5:00]
Running from: c:\documents and settings\Mattie Z\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090526-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10124z95m485.ocx
c:\windows\101719ot-a-vir5s5z6.dll
c:\windows\10696hac5tool4z5.bin
c:\windows\10697hacktool2zc5.dll
c:\windows\10955wzrm637.exe
c:\windows\10z93sp5a4.dll
c:\windows\11230v9r5s47z.cpl
c:\windows\11462spa9zot50.cpl
c:\windows\115z4not-a-viru9135.ocx
c:\windows\11f19hreaz110025.exe
c:\windows\1204bzckdo9r5187.cpl
c:\windows\12405sza95ot19.bin
c:\windows\1285zsp9mbot39.dll
c:\windows\13395zot-a-vi5us390.cpl
c:\windows\1350vi9772z.bin
c:\windows\1385doznlo9der2972.cpl
c:\windows\13952wz5m799.cpl
c:\windows\139z4h5c9tool2ec.exe
c:\windows\13a9st9al2z695.dll
c:\windows\140th9ez525429.cpl
c:\windows\144z45ir9s6af.exe
c:\windows\14543tro97fz.exe
c:\windows\1478downloaze9955.cpl
c:\windows\14945ha5ktozl29.ocx
c:\windows\14z74virus599.exe
c:\windows\15052hazktool7a39.exe
c:\windows\151zvir2789.ocx
c:\windows\15283hac9tool67az.cpl
c:\windows\15529worm581z.ocx
c:\windows\15591worm55z.dll
c:\windows\156c9ddware155z.ocx
c:\windows\15916zorm9c2.cpl
c:\windows\15982spz5d85.ocx
c:\windows\159z8vir9s4045.ocx
c:\windows\15f9pzware864.bin
c:\windows\15z69viru91ee.ocx
c:\windows\16351z9cktool5bb.bin
c:\windows\163955rzj1799.ocx
c:\windows\173a9dwa5ez215.cpl
c:\windows\173z09py375.dll
c:\windows\17473h9cktoo51z6.bin
c:\windows\17519roj5z0.ocx
c:\windows\175es9ezl203.ocx
c:\windows\186zthr9at15859.exe
c:\windows\18897zot-a-95rus259.ocx
c:\windows\18d9backd9oz954.dll
c:\windows\19487vzr5s24f9.bin
c:\windows\1955th9eaz290325.cpl
c:\windows\19959vir5z50d.cpl
c:\windows\1996bz9kdoor5729.cpl
c:\windows\1a5ds9yware1257z.cpl
c:\windows\1bezsteal7295.dll
c:\windows\1ddespywzre15089.exe
c:\windows\1df09hzef27695.dll
c:\windows\1e165hief1489z.ocx
c:\windows\1e19thie985z.dll
c:\windows\1ecebzck9o5r1019.bin
c:\windows\1f76zo9nloader30275.exe
c:\windows\1fazspar5e9566.exe
c:\windows\1z280hacktool959.dll
c:\windows\1z99steal9255.exe
c:\windows\1zb7addw9re21425.cpl
c:\windows\2005zworm495.dll
c:\windows\20371v5r9z592.exe
c:\windows\20396hackt5olzbc.dll
c:\windows\203z0hack9o5l4f4.dll
c:\windows\20698wozm55.dll
c:\windows\2069b5zkdoor3935.exe
c:\windows\208319za5bot521.ocx
c:\windows\20929tzoj395.exe
c:\windows\20edt5ie919z4.ocx
c:\windows\21245hac9to5z6a2.bin
c:\windows\218765pz7369.bin
c:\windows\21z62spy4295.exe
c:\windows\221065zcktoo9347.ocx
c:\windows\226359rz528e.exe
c:\windows\22985zpamb5tf4.cpl
c:\windows\22z9down5oader1898.cpl
c:\windows\2350wor93a6z.cpl
c:\windows\23955spy2zd.bin
c:\windows\24082spzmbot59.dll
c:\windows\2436zs5ambot94c.ocx
c:\windows\243z65ack9ool1d7.dll
c:\windows\2455troj6z9.cpl
c:\windows\2469ha5ktool9z5.dll
c:\windows\24953sp9mzot34a.ocx
c:\windows\252329iru541z.bin
c:\windows\25957spy49z.bin
c:\windows\25959spazbot496.dll
c:\windows\25998spambot6zf.dll
c:\windows\259hackz5ol5d3.exe
c:\windows\259z9virus679.dll
c:\windows\25z90wor53cf.exe
c:\windows\265eb5ckdoorz955.ocx
c:\windows\26905hzef426.exe
c:\windows\26995vi5uz62d.cpl
c:\windows\27451sz9mbot48.cpl
c:\windows\27540not-a-vizus2a9.cpl
c:\windows\275559orz2f7.ocx
c:\windows\2776vir2z985.ocx
c:\windows\278569zambot85.ocx
c:\windows\2791zir2519.cpl
c:\windows\27f4a5dwzre3269.ocx
c:\windows\27z09tro5cb.bin
c:\windows\28083s5ambotz90.cpl
c:\windows\28449no5-z-virus4a9.cpl
c:\windows\28539vz5us449.dll
c:\windows\28948sz5mbot49b.exe
c:\windows\28957not-a9virus474z.ocx
c:\windows\28976spy9z25.cpl
c:\windows\29179not-5-virzs3ca9.cpl
c:\windows\2917v5z211.dll
c:\windows\2937bac5door2493z.exe
c:\windows\2956695amzot4c0.ocx
c:\windows\29656zot-a-vir9s38f.ocx
c:\windows\2969sp5rsez322.cpl
c:\windows\29720wzrm495.ocx
c:\windows\29abdownz5ader95.exe
c:\windows\29dzs9eal335.exe
c:\windows\2c05downloa9erz37.bin
c:\windows\2c9esp9wa5z2531.exe
c:\windows\2d93downloaz5r397.ocx
c:\windows\2eb45aczd9or3096.exe
c:\windows\2ef3spyzare11395.ocx
c:\windows\2z294v9r5sa0.exe
c:\windows\2z720vi59s57e.cpl
c:\windows\2z959spy5fd.exe
c:\windows\2z9ebackdoor1175.cpl
c:\windows\2za2v5r179.exe
c:\windows\2zf9steal2357.cpl
c:\windows\30386spam95t76z.cpl
c:\windows\30937notza-vi5us49a.ocx
c:\windows\31995hackz9ol774.cpl
c:\windows\31998not-a-viruz756.dll
c:\windows\32102sp957z.exe
c:\windows\325fspy9zre1042.cpl
c:\windows\32652haz9tool59.exe
c:\windows\32z55virus290.exe
c:\windows\335bb9ckdoor1535z.bin
c:\windows\34779r5jz0e.bin
c:\windows\3477spa5se1z89.bin
c:\windows\354sp9ware28z9.cpl
c:\windows\355daddw9re28z.exe
c:\windows\3588wor97f3z.dll
c:\windows\3635sp9r5e28z8.dll
c:\windows\3656zo5nloa9er2625.exe
c:\windows\375fbackdo59z68.exe
c:\windows\3a29zir305.bin
c:\windows\3bzcb5c9door2526.cpl
c:\windows\3e8bzir9015.bin
c:\windows\3z594spamb9t572.cpl
c:\windows\3z965sp97c6.dll
c:\windows\3zb8a5dware18669.ocx
c:\windows\3zc59ir404.cpl
c:\windows\4059z9rus376.bin
c:\windows\406abackdzo59535.cpl
c:\windows\42195iz1921.cpl
c:\windows\43a9thre5t132z3.exe
c:\windows\4479troz9a5.ocx
c:\windows\453bzckd9or720.bin
c:\windows\454dst9alz55.cpl
c:\windows\45bdzpy9are1104.ocx
c:\windows\45zeaddwar52199.dll
c:\windows\465e9zr57.dll
c:\windows\4693thrzat30542.bin
c:\windows\479bsteal65z5.bin
c:\windows\499ddo5nloazer1944.dll
c:\windows\4b95t9zef791.dll
c:\windows\4d6daddwzr51829.dll
c:\windows\4dd5sp9zse2456.bin
c:\windows\4e94d5wnloadzr1675.ocx
c:\windows\4ez5vi91758.ocx
c:\windows\4ez759yware3010.ocx
c:\windows\4fc5sparse92z1.exe
c:\windows\4z4cst5al599.ocx
c:\windows\4z99vir23095.bin
c:\windows\50055s9y13az.cpl
c:\windows\5094troj59z.ocx
c:\windows\509dback5oor901z.ocx
c:\windows\509z8worm53a.ocx
c:\windows\51611haz9tool3b3.bin
c:\windows\5196v5r982z.cpl
c:\windows\51z46spy199.exe
c:\windows\52z55i9us721.exe
c:\windows\5393zroj23d.bin
c:\windows\53e25hre9t2z634.exe
c:\windows\53z2threat18790.cpl
c:\windows\5494thief2531z.ocx
c:\windows\549adownloazer656.bin
c:\windows\549zsteal5619.exe
c:\windows\5509zir2191.dll
c:\windows\550fdoznloa9er1144.dll
c:\windows\5516virus5z9.exe
c:\windows\5519sp9rze2214.bin
c:\windows\5550th9ef84z.bin
c:\windows\5555sp5rsz18209.dll
c:\windows\5557spaz5ot9b2.exe
c:\windows\55a5szy9are513.exe
c:\windows\55z0worm18a9.cpl
c:\windows\55z9roj718.bin
c:\windows\56333vz9us747.bin
c:\windows\56f4st95l2z96.exe
c:\windows\57539hrezt55978.ocx
c:\windows\5754z9rus23.dll
c:\windows\5788zspambo951d.cpl
c:\windows\5795thzeat355.exe
c:\windows\586w9rz363.exe
c:\windows\589439zy5ef.exe
c:\windows\58e5zownloader9646.ocx
c:\windows\58spazse395.exe
c:\windows\590zthre5t4619.cpl
c:\windows\5924th9eat3z471.exe
c:\windows\596bspa5ze2179.bin
c:\windows\59ddthrea957z2.cpl
c:\windows\59ezvir617.bin
c:\windows\5b72spyware2z999.cpl
c:\windows\5b87sp59se2z89.cpl
c:\windows\5ba6zi92363.dll
c:\windows\5ca5threa92612z.dll
c:\windows\5d16t9ie5609z.bin
c:\windows\5dz5steal17589.exe
c:\windows\5dz95pyware1127.exe
c:\windows\5e5dsparze1490.cpl
c:\windows\5f9zthreat35135.ocx
c:\windows\5fe7backz5or1069.ocx
c:\windows\5fz9vir2525.exe
c:\windows\5z25ba5kd9or3168.bin
c:\windows\5z6795arse875.ocx
c:\windows\601z5ddwar92255.exe
c:\windows\605d9parsez121.exe
c:\windows\6062t9oj6z5.dll
c:\windows\60c8do5nloadzr90.cpl
c:\windows\61c9back5z9r2449.ocx
c:\windows\62005irzs968.ocx
c:\windows\634ethiefz295.bin
c:\windows\6389zro52de.ocx
c:\windows\6472downl5adzr91.exe
c:\windows\6491bac5zoor9952.ocx
c:\windows\653aa9dwarez43.bin
c:\windows\65z2addwar9788.cpl
c:\windows\6685dowzl9ader691.bin
c:\windows\66not-9-vi5us46z.dll
c:\windows\6794h5zktool233.exe
c:\windows\67b85hief1z69.cpl
c:\windows\6895downloader51z.dll
c:\windows\68bszeal15999.ocx
c:\windows\69175t9al2z51.exe
c:\windows\6949a5kdzor210.cpl
c:\windows\69a7stez52862.dll
c:\windows\69d5vzr3163.cpl
c:\windows\69zdb9ckdoor5145.exe
c:\windows\6a55back9zor8.bin
c:\windows\6b4zsp5ware9019.ocx
c:\windows\6e5fspar9z715.exe
c:\windows\6ffaba5kdoorz91.ocx
c:\windows\6z0c9hie52603.ocx
c:\windows\6z579py33e.bin
c:\windows\6z66s5eal2910.exe
c:\windows\6z92threat9475.bin
c:\windows\6zf95hief2321.exe
c:\windows\6zfesp9rse9095.cpl
c:\windows\709baddware5z39.cpl
c:\windows\729zv95use8.exe
c:\windows\732azhr59t2711.ocx
c:\windows\752aaddwa9e1640z.bin
c:\windows\753viru9247z.exe
c:\windows\75535oznloa9er33.ocx
c:\windows\75d9adz9are443.ocx
c:\windows\7612spa59e1099z.cpl
c:\windows\7750zpambo5296.ocx
c:\windows\7774z9o573c.ocx
c:\windows\77959hreat299z3.bin
c:\windows\7819spy5c5z.cpl
c:\windows\783zha59tool575.bin
c:\windows\7850v9r2z95.bin
c:\windows\787095oj5z7.bin
c:\windows\7932bz9kdoo5529.bin
c:\windows\7971hackt9ol58z.ocx
c:\windows\7a14s9yware19z5.exe
c:\windows\7az9bac9door8255.bin
c:\windows\7b455a9kdoor68z.exe
c:\windows\7b9spar591797z.dll
c:\windows\7bz25i973.bin
c:\windows\7e98sparsz850.bin
c:\windows\7f495ackdzor6459.dll
c:\windows\7f55sparse2z395.ocx
c:\windows\7z17spars98515.bin
c:\windows\7za5ste9l1655.cpl
c:\windows\808zvir5s4c99.ocx
c:\windows\8205vizus5599.exe
c:\windows\82475roz6389.dll
c:\windows\8325spamzot965.cpl
c:\windows\8568tro95z4.bin
c:\windows\85daddwar923z2.dll
c:\windows\8675a9kdoorz240.ocx
c:\windows\89429a5ktool1z9.ocx
c:\windows\896zw5rm79b.dll
c:\windows\901spzrs5936.dll
c:\windows\911bvi52z54.bin
c:\windows\9169trojz55.bin
c:\windows\923spywarez751.cpl
c:\windows\92sp5waze1584.dll
c:\windows\92steal16z45.dll
c:\windows\9309t5oj78z.cpl
c:\windows\9359downlzader3015.dll
c:\windows\93761wo5mz0f.ocx
c:\windows\93993s5z404.ocx
c:\windows\94529nzt-a-virus540.dll
c:\windows\95519pamzot154.exe
c:\windows\9554w9rm6z5.bin
c:\windows\95988h5zktool6cb.bin
c:\windows\95b6downloadez1565.bin
c:\windows\9604not-a-v5zus562.exe
c:\windows\96720spazbot605.ocx
c:\windows\96dczhief2205.cpl
c:\windows\971zir9s25d.dll
c:\windows\9818hacktooz559.bin
c:\windows\9955virzs5965.exe
c:\windows\9975zhacktool653.ocx
c:\windows\997worm5z5.ocx
c:\windows\9a85downlozder153.exe
c:\windows\9dzparse2595.bin
c:\windows\9e2astzal2525.exe
c:\windows\9f6bst5al6z4.dll
c:\windows\9faddzar52351.dll
c:\windows\9z056wor51f5.dll
c:\windows\9z76worm654.cpl
c:\windows\a9bbzckdoo5159.cpl
c:\windows\b58sz9rse2174.cpl
c:\windows\f55baczdoor5935.ocx
c:\windows\f669hr5at855z.cpl

c:\windows\system32\10795hack9ooz955.cpl
c:\windows\system32\1109zhackto5l18d.bin
c:\windows\system32\111359irusz52.ocx
c:\windows\system32\11150s5yz919.dll
c:\windows\system32\11539no9za-virus3f45.dll
c:\windows\system32\1159thr5at2z1499.ocx
c:\windows\system32\1164ztroj6095.bin
c:\windows\system32\11895zackt59l66f.dll
c:\windows\system32\11993nzt-a-virus6d59.exe
c:\windows\system32\1226ba5kdoor296z.dll
c:\windows\system32\125z4not-a-vi9us127.exe
c:\windows\system32\125z7wo59386.bin
c:\windows\system32\1275ba9kdoor25z25.dll
c:\windows\system32\131569py35fz.bin
c:\windows\system32\13205ackdooz2291.cpl
c:\windows\system32\1343znot-a-9irus653.exe
c:\windows\system32\13537nzt9a-viru51b0.bin
c:\windows\system32\1391virus55az.dll
c:\windows\system32\1398ztro95d3.ocx
c:\windows\system32\14056not-59viruz67c.cpl
c:\windows\system32\14078ha9ktozl5a8.dll
c:\windows\system32\14594spaz9ot2d5.ocx
c:\windows\system32\14652no9-a-virus78z.cpl
c:\windows\system32\1474downlza5er92.bin
c:\windows\system32\149615orm381z.exe
c:\windows\system32\15099spambo9664z.exe
c:\windows\system32\15131szy559.bin
c:\windows\system32\15165hzeat7729.bin
c:\windows\system32\152zspywa5e1639.cpl
c:\windows\system32\15535spa9boz515.ocx
c:\windows\system32\15598tr9z5a05.exe
c:\windows\system32\157aazdwa9e2721.ocx
c:\windows\system32\157z5hacktoo5599.bin
c:\windows\system32\16343notza5vir9s152.exe
c:\windows\system32\16550tz9j13.cpl
c:\windows\system32\16553ha9ktool3z4.exe
c:\windows\system32\16f5ad9ware2145z.ocx
c:\windows\system32\17009sz9mbo55a5.exe
c:\windows\system32\17256notza-v5rus2af9.exe
c:\windows\system32\17525virus5z95.ocx
c:\windows\system32\179145ot-a-vizu935c.cpl
c:\windows\system32\17988hazktoo9592.bin
c:\windows\system32\1856tzief32699.cpl
c:\windows\system32\18z15dd9are1144.exe
c:\windows\system32\18z88tr9j253.cpl
c:\windows\system32\19150noz-a-virus168.ocx
c:\windows\system32\1932thzeat5232.dll
c:\windows\system32\19482hackzoo5520.dll
c:\windows\system32\19545tr9z5e9.dll
c:\windows\system32\19581hackt9ol635z.ocx
c:\windows\system32\19582zp9315.exe
c:\windows\system32\19847s9zmb5t242.dll
c:\windows\system32\1995virzs3e9.cpl
c:\windows\system32\19c6thre5z6715.cpl
c:\windows\system32\19z0hac5tool741.bin
c:\windows\system32\1a37down5oadzr9.ocx
c:\windows\system32\1bczadd9are5320.exe
c:\windows\system32\1c05spzware9588.ocx
c:\windows\system32\1ccethiez2959.bin
c:\windows\system32\1d96backd5or2197z.cpl
c:\windows\system32\1f33thre5tz2931.bin
c:\windows\system32\1f9dvi5z76.ocx
c:\windows\system32\1z066sp9m5ot511.cpl
c:\windows\system32\1z11a9dw5re3243.bin
c:\windows\system32\1z45st9al1995.exe
c:\windows\system32\1z52stea93125.exe
c:\windows\system32\1z596not-a-virus59b.exe
c:\windows\system32\1z77759ambot733.cpl
c:\windows\system32\1z879s5y99.cpl
c:\windows\system32\1z95s9ambot66e.exe
c:\windows\system32\20468vir5977z.exe
c:\windows\system32\20z569roj82.dll
c:\windows\system32\21115no9-a-ziru560d.dll
c:\windows\system32\21541ha95tool756z.exe
c:\windows\system32\22477n9t-a-virz53ed.cpl
c:\windows\system32\2251zviru510b9.dll
c:\windows\system32\2262zsp5699.dll
c:\windows\system32\22f09ownloadzr5815.dll
c:\windows\system32\23092zor59d4.dll
c:\windows\system32\23137wzr956a.exe
c:\windows\system32\23504wor9zad.bin
c:\windows\system32\23552zpy1269.dll
c:\windows\system32\23704virzs951.ocx
c:\windows\system32\23942worz452.exe
c:\windows\system32\23951h9c5toolz06.bin
c:\windows\system32\23959tezl3183.exe
c:\windows\system32\23z5troj5d9.ocx
c:\windows\system32\2456not-a5virus39z.ocx
c:\windows\system32\24894zacktool159.cpl
c:\windows\system32\24905roj79z.exe
c:\windows\system32\24962zorm5.bin
c:\windows\system32\250319acztool4e4.cpl
c:\windows\system32\25270zroj6395.bin
c:\windows\system32\25305v5r9z216.dll
c:\windows\system32\2550859amboz77b.exe
c:\windows\system32\25699hacktooz69b.bin
c:\windows\system32\256z0v9ru567e.ocx
c:\windows\system32\25790w5rm29cz.dll
c:\windows\system32\2597zworm483.ocx
c:\windows\system32\259zirus265.bin
c:\windows\system32\25e6ba9kdozr3130.cpl
c:\windows\system32\25e9doznloader5282.cpl
c:\windows\system32\25z58spambot696.bin
c:\windows\system32\26795hzckto9l56c.dll
c:\windows\system32\269d95dware89z.bin
c:\windows\system32\278459roj5ebz.bin
c:\windows\system32\27900zacktoo9995.cpl
c:\windows\system32\2798th5ef15z2.cpl
c:\windows\system32\2799z5pambot99.ocx
c:\windows\system32\279z3tr5j49d.exe
c:\windows\system32\2885zwo5m179.ocx
c:\windows\system32\289backzoor9665.bin
c:\windows\system32\29198spambot595z.exe
c:\windows\system32\29229z9y3a5.cpl
c:\windows\system32\292559roz4bf.bin
c:\windows\system32\29290hackzoo5742.bin
c:\windows\system32\294worm4z85.dll
c:\windows\system32\29505tz9j28b.bin
c:\windows\system32\29584v5rzs717.ocx
c:\windows\system32\29653zot-a-virus195.bin
c:\windows\system32\29z6spyware17055.ocx
c:\windows\system32\29z9backdoor2925.bin
c:\windows\system32\2b82a9dwarz855.cpl
c:\windows\system32\2f5zback9oor1132.ocx
c:\windows\system32\2z418s5yfe9.exe
c:\windows\system32\2z52thief2669.cpl
c:\windows\system32\2z9bspa5se157.cpl
c:\windows\system32\30409nzt-a-virus590.exe
c:\windows\system32\309z1spam5ot215.bin
c:\windows\system32\30z9thief259.cpl
c:\windows\system32\311959yzare861.exe
c:\windows\system32\32477sp95bot4zc.bin
c:\windows\system32\32588virus19z.bin
c:\windows\system32\350zt95ef2045.bin
c:\windows\system32\352aazdware1449.exe
c:\windows\system32\3539zack9ool175.exe
c:\windows\system32\35987h9zktool67c.ocx
c:\windows\system32\35z91not-a-virus29c9.cpl
c:\windows\system32\3655sparz95665.cpl
c:\windows\system32\3770hac9tzo53e9.cpl
c:\windows\system32\39575azkdoor482.exe
c:\windows\system32\3969t5z9at13115.dll
c:\windows\system32\3969zi52571.cpl
c:\windows\system32\3a93baczdoor31855.cpl
c:\windows\system32\3czespy59re2030.dll
c:\windows\system32\3edc5teal914z.dll
c:\windows\system32\3f32t5r9zt10823.ocx
c:\windows\system32\3z419spa9b5t171.ocx
c:\windows\system32\3z497troj955.exe
c:\windows\system32\3z55addware195.bin
c:\windows\system32\3z5ath59f1211.ocx
c:\windows\system32\3z6c5ackd9or1911.dll
c:\windows\system32\4058dowzlo5der9560.ocx
c:\windows\system32\4090vi5us5a9z.ocx
c:\windows\system32\4213z59ktool56.dll
c:\windows\system32\437down9oaderz3545.exe
c:\windows\system32\43ea9teal15z1.ocx
c:\windows\system32\441cs5ars9z533.exe
c:\windows\system32\4459downlozder2856.cpl
c:\windows\system32\4492n95-z-virus232.ocx
c:\windows\system32\451asp9rse2z04.cpl
c:\windows\system32\4565downlzade9796.cpl
c:\windows\system32\45c19zeal2702.ocx
c:\windows\system32\462ct5zea96318.cpl
c:\windows\system32\473nzt5a-9irus3d2.bin
c:\windows\system32\4793addza5e998.dll
c:\windows\system32\48afthi5f1z91.bin
c:\windows\system32\48z95hief1644.bin
c:\windows\system32\495zback5oor1548.bin
c:\windows\system32\49c9dow5loaderz15.exe
c:\windows\system32\4b5c9pywa5e266z.dll
c:\windows\system32\4bbzspar59281.ocx
c:\windows\system32\4c91stezl2596.ocx
c:\windows\system32\4e38threa591z54.bin
c:\windows\system32\4e46ba9kd5or2z7.cpl
c:\windows\system32\4edft5reat89z6.dll
c:\windows\system32\4edzsteal9675.cpl
c:\windows\system32\4efaspyza9e5220.bin
c:\windows\system32\4f16a9dware5z5.dll
c:\windows\system32\4f649dzwar52878.exe
c:\windows\system32\4fdt9reat50z1.exe
c:\windows\system32\4fe1zo5n9oader162.cpl
c:\windows\system32\504bthrzat59760.exe
c:\windows\system32\50659zpy5c.cpl
c:\windows\system32\5093backdoorz05.cpl
c:\windows\system32\509sp5rse896z.bin
c:\windows\system32\513zv5rus6a9.bin
c:\windows\system32\5155vir23z89.exe
c:\windows\system32\5189not-a-vir5sz189.dll
c:\windows\system32\51b5vi91988z.cpl
c:\windows\system32\52279ormz05.dll
c:\windows\system32\52939spz41.exe
c:\windows\system32\53d5vir1901z.bin
c:\windows\system32\5409vizu579d.cpl
c:\windows\system32\54z5stea9825.cpl
c:\windows\system32\5511down9o5derz6.bin
c:\windows\system32\5525szambot9fb.dll
c:\windows\system32\5546th9ez2891.ocx
c:\windows\system32\554z9teal24575.ocx
c:\windows\system32\55547zacktool69b.dll
c:\windows\system32\555z9s9ambotc9.cpl
c:\windows\system32\5585d9wnl5zder2031.exe
c:\windows\system32\5589th9zf2804.bin
c:\windows\system32\5597zddwar91896.ocx
c:\windows\system32\55dzdownl9ader3046.cpl
c:\windows\system32\5601szyw9re2454.exe
c:\windows\system32\56530virus79z.exe
c:\windows\system32\5657ha9ktoolz75.bin
c:\windows\system32\5722zparse2096.ocx
c:\windows\system32\57575hreat19419z.cpl
c:\windows\system32\58330t9oj2z9.cpl
c:\windows\system32\5870noz-a-virus7029.bin
c:\windows\system32\58785pzmbo96b6.ocx
c:\windows\system32\5949zpyb8.dll
c:\windows\system32\5959steal5z1.dll
c:\windows\system32\597z4spy23e.exe
c:\windows\system32\59a5d9wnzoader1513.bin
c:\windows\system32\5a99spyware15z2.dll
c:\windows\system32\5at9reat26z63.dll
c:\windows\system32\5b5zteal949.exe
c:\windows\system32\5bzfdow9loader9285.exe
c:\windows\system32\5cc9add9aze5723.ocx
c:\windows\system32\5da49ddwa5e1z19.dll
c:\windows\system32\5dc1s9zware875.cpl
c:\windows\system32\5ecfspy5aze7149.cpl
c:\windows\system32\5z442troj69f.exe
c:\windows\system32\5z559hacktool299.bin
c:\windows\system32\5zbcth9eat25300.exe
c:\windows\system32\5zdedown5o9der2368.dll
c:\windows\system32\6069addwa95z316.exe
c:\windows\system32\6081downlo59er191z.cpl
c:\windows\system32\6089szarse14485.exe
c:\windows\system32\60f4d5wnloazer94.dll
c:\windows\system32\6168tro52zf9.dll
c:\windows\system32\618dspywz9e14275.exe
c:\windows\system32\6198v5r9z14.ocx
c:\windows\system32\6262z59eat1211.dll

c:\windows\system32\6288noz9a-virus75c5.cpl
c:\windows\system32\6295steal2584z.cpl
c:\windows\system32\62z5stea93084.ocx
c:\windows\system32\6316sp9wzre30785.exe
c:\windows\system32\635fth9zf32.cpl
c:\windows\system32\6390z5rus49e.exe
c:\windows\system32\64c9thrz599086.bin
c:\windows\system32\6511zpy59re496.dll
c:\windows\system32\6569szy9e95.cpl
c:\windows\system32\65e3th5ef995z.cpl
c:\windows\system32\65e6s9ywzre1102.cpl
c:\windows\system32\666ez5arse1905.cpl
c:\windows\system32\674h5cktoolz95.cpl
c:\windows\system32\6758spazse29159.dll
c:\windows\system32\67ebad9waze29295.exe
c:\windows\system32\6a45d9ware786z.ocx
c:\windows\system32\6b819hrzat54107.dll
c:\windows\system32\6b8zs5e9l2294.dll
c:\windows\system32\6b95t5rezt16570.cpl
c:\windows\system32\6c40szar9e2257.bin
c:\windows\system32\6c9btz59at29501.bin
c:\windows\system32\6d85back5oorz049.bin
c:\windows\system32\703a9pz5se1178.cpl
c:\windows\system32\7051s5ars9z75.dll
c:\windows\system32\7068sp5mb9zfe.dll
c:\windows\system32\71a9zhreat142975.dll
c:\windows\system32\71fespyware95z4.bin
c:\windows\system32\7225nzt9a-virus46e.bin
c:\windows\system32\7255spazse2991.dll
c:\windows\system32\72579py5fz.ocx
c:\windows\system32\7294vzr20115.ocx
c:\windows\system32\7319vir25z6.exe
c:\windows\system32\734zadd9are1650.bin
c:\windows\system32\7449hackzool597.ocx
c:\windows\system32\749dspar5e9954z.exe
c:\windows\system32\7502hacktzol9f5.cpl
c:\windows\system32\754dba5kdoor49z.bin
c:\windows\system32\7552addzare6329.dll
c:\windows\system32\75ddtz5e92945.ocx
c:\windows\system32\75edthrea9134z9.ocx
c:\windows\system32\76109tezl7245.exe
c:\windows\system32\7639bzck95or173.ocx
c:\windows\system32\76a4spars5z2649.exe
c:\windows\system32\770doznloade515449.dll
c:\windows\system32\77c5threa92120z.bin
c:\windows\system32\78f4ste9lz159.exe
c:\windows\system32\78z25acktool293.dll
c:\windows\system32\7915t9iez3241.ocx
c:\windows\system32\793edownl9ad5r4z2.bin
c:\windows\system32\7976zpam5ot2af.cpl
c:\windows\system32\7c69spywarez275.ocx
c:\windows\system32\7d3zdownloade99085.bin
c:\windows\system32\7e2z5dd9are421.exe
c:\windows\system32\7e525pywaze1779.ocx
c:\windows\system32\7zd5pars91396.ocx
c:\windows\system32\81419py5az.bin
c:\windows\system32\81z5h9ef2517.ocx
c:\windows\system32\8415vzr9s1eb.cpl
c:\windows\system32\8475wo9mz52.cpl
c:\windows\system32\84z35ac9tool2e2.dll
c:\windows\system32\8552spyz79.bin
c:\windows\system32\856ztro932b.exe
c:\windows\system32\85bs9eal717z.exe
c:\windows\system32\8805vizu975e.ocx
c:\windows\system32\8853trzj49e.dll
c:\windows\system32\89169a5ktool55z.dll
c:\windows\system32\8afaz9war5846.ocx
c:\windows\system32\90db5czdo9r1835.dll
c:\windows\system32\9118s9531ez.ocx
c:\windows\system32\91544s5z4de.exe
c:\windows\system32\917fs5ywarez679.dll
c:\windows\system32\91e5parze2543.bin
c:\windows\system32\91z57spambot59f5.ocx
c:\windows\system32\92949wozm658.exe
c:\windows\system32\93957wor53z9.cpl
c:\windows\system32\9407zpy509.dll
c:\windows\system32\94195spambotz55.cpl
c:\windows\system32\95514szy2df.bin
c:\windows\system32\9579h5zat9609.cpl
c:\windows\system32\959dowzlo9der1953.dll
c:\windows\system32\9637backdoor573z.bin
c:\windows\system32\97168tr5jz0.dll
c:\windows\system32\971z4tr5j45.ocx
c:\windows\system32\9754hacktool46az.bin
c:\windows\system32\9775trojza.bin
c:\windows\system32\979spazbo5995.bin
c:\windows\system32\98005virzs150.ocx
c:\windows\system32\9855zhief1778.bin
c:\windows\system32\9956trojz48.ocx
c:\windows\system32\9958sp958z.ocx
c:\windows\system32\99z90hacktool5365.ocx
c:\windows\system32\9a77backd5or20z9.ocx
c:\windows\system32\9b75sparse8z4.dll
c:\windows\system32\9d8sp5rse3z7.exe
c:\windows\system32\9destezl1054.dll
c:\windows\system32\9e5thzef1133.bin
c:\windows\system32\9eccspzware2755.dll
c:\windows\system32\9f05steal8z5.exe
c:\windows\system32\9z316wor55.ocx
c:\windows\system32\9z78s9y58d.ocx
c:\windows\system32\a52s9zal1589.cpl
c:\windows\system32\b8fth9e5293z.dll
c:\windows\system32\c6bac5d9or2z9.bin
c:\windows\system32\e28s9zrse5750.bin
c:\windows\system32\e2bza9kdoor14485.ocx
c:\windows\system32\e57sp9rze658.cpl
c:\windows\system32\e67backd9orz455.bin
c:\windows\system32\tmp51.tmp
c:\windows\system32\z0535py696.ocx
c:\windows\system32\z2c4down9oader1554.bin
c:\windows\system32\z30f9ir1456.bin
c:\windows\system32\z3259troj58e.cpl
c:\windows\system32\z4995tro56809.exe
c:\windows\system32\z54e9parse965.exe
c:\windows\system32\z5559ir635.bin
c:\windows\system32\z5652troj4995.dll
c:\windows\system32\z5698spy559.ocx
c:\windows\system32\z60835pambot559.ocx
c:\windows\system32\z62daddw5re25169.dll
c:\windows\system32\z680w5rm9a3.dll
c:\windows\system32\z71689i5us7a5.dll
c:\windows\system32\z7755tro9529.cpl
c:\windows\system32\z7dcs5e9l122.dll
c:\windows\system32\z9069not-a-5irus59e.cpl
c:\windows\system32\z9531wo9m22a.cpl
c:\windows\system32\z9561hackt5o93e0.ocx
c:\windows\system32\z9854hacktool7a95.exe
c:\windows\system32\z9a5sparse685.cpl
c:\windows\system32\za95sp9rs52139.ocx
c:\windows\system32\zbf3spywa5e10139.ocx
c:\windows\system32\zecdownlo95er2588.bin
c:\windows\z117s5ambo9583.dll
c:\windows\z127859ambot769.bin
c:\windows\z59eaddware3026.bin
c:\windows\z6900w5r970a.bin
c:\windows\z6b9thr5at24589.ocx
c:\windows\z79ba5kdoor983.bin
c:\windows\z918backdoor59479.ocx
c:\windows\z94s5yware2147.ocx
c:\windows\z995vir2706.bin
c:\windows\z9thief2259.dll
c:\windows\zd5vir5191.ocx
c:\windows\ze13spar9e2256.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-25 23:16 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-25 23:16 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-25 23:16 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-25 23:16 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-25 23:16 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-25 23:16 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-25 23:16 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-25 23:16 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-25 23:16 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w c:\program files\Alwil Software
2009-05-24 07:06 . 2009-05-24 07:06 -------- d-----w c:\documents and settings\Mattie Z\Application Data\Malwarebytes
2009-05-24 07:05 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 07:05 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 07:05 . 2009-05-24 07:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-24 07:05 . 2009-05-24 07:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-14 04:16 . 2009-05-14 04:16 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-14 04:14 . 2009-05-14 04:14 127877 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\uninstall.exe
2009-05-14 04:14 . 2009-05-14 04:14 1685856 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-13 03:08 . 2009-05-27 03:38 0 ----a-w c:\documents and settings\Mattie Z\Local Settings\Application Data\prvlcl.dat
2009-05-04 14:12 . 2009-05-04 14:12 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-03 23:10 . 2009-05-03 23:10 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 23:09 . 2009-05-26 23:25 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-05-01 06:30 . 2009-05-14 04:14 4183416 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\plugins\npqmp071500000347.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 21:24 . 2007-11-09 11:50 -------- d-----w c:\program files\Diablo II
2009-05-26 21:24 . 2007-12-09 20:21 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-05-26 05:59 . 2007-12-11 04:18 -------- d-----w c:\documents and settings\Mattie Z\Application Data\LimeWire
2009-05-20 00:32 . 2008-02-19 02:23 -------- d-----w c:\documents and settings\Mattie Z\Application Data\Move Networks
2009-05-14 04:16 . 2007-12-12 06:41 -------- d-----w c:\program files\Google
2009-04-02 04:40 . 2009-03-31 15:26 -------- d-----w c:\documents and settings\Mattie Z\Application Data\AVGTOOLBAR
2009-03-31 15:26 . 2009-03-31 15:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-31 15:26 . 2009-03-31 15:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-31 15:26 . 2009-03-31 15:26 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-31 15:26 . 2007-12-09 15:59 27656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-03-31 15:26 . 2009-03-31 15:26 -------- d-----w c:\program files\AVG
2009-03-31 15:26 . 2009-03-31 15:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-22 01:38 . 2009-01-25 18:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 01:29 . 2009-03-10 19:22 152576 ----a-w c:\documents and settings\Mattie Z\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-19 05:02 . 2007-08-13 16:23 39792 ----a-w c:\documents and settings\Mattie Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 20:36 . 2009-03-08 20:36 0 ----a-w c:\windows\PowerReg.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ares"="c:\program files\Ares\Ares.exe" [2007-11-23 962560]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-31 1932568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-07-03 10752]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

c:\documents and settings\Mattie Z\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-3-8 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-31 15:26 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Acrobat3\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/25/2009 6:16 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/31/2009 10:26 AM 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/31/2009 10:26 AM 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/25/2009 6:16 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/31/2009 10:26 AM 298264]
S2 gupdate1c9cc445acf6fda;Google Update Service (gupdate1c9cc445acf6fda);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 6:10 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-05-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-12 23:09]

2009-05-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 23:10]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-nvchost - c:\windows\winlogon.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.defaulthomepage.info
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 23:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-27 23:05
ComboFix-quarantined-files.txt 2009-05-27 04:04

Pre-Run: 349,608,136,704 bytes free
Post-Run: 350,341,488,640 bytes free

870 --- E O F --- 2009-01-26 05:06

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• Limewire 4.18.8
  

Now open a new notepad file.
Input this into the notepad file:

File::
c:\documents and settings\Mattie Z\Application Data\Move Networks\plugins\npqmp071500000347.dll
:\documents and settings\Mattie Z\Application Data\LimeWire

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-05-26.05 - Mattie Z 05/27/2009 23:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.415 [GMT -5:00]
Running from: c:\documents and settings\Mattie Z\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Mattie Z\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090527-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Mattie Z\Application Data\Move Networks\plugins\npqmp071500000347.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mattie Z\Application Data\Move Networks\plugins\npqmp071500000347.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-25 23:16 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-25 23:16 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-25 23:16 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-25 23:16 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-25 23:16 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-25 23:16 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-25 23:16 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-25 23:16 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-25 23:16 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w c:\program files\Alwil Software
2009-05-24 07:06 . 2009-05-24 07:06 -------- d-----w c:\documents and settings\Mattie Z\Application Data\Malwarebytes
2009-05-24 07:05 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 07:05 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 07:05 . 2009-05-24 07:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-24 07:05 . 2009-05-24 07:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-14 04:16 . 2009-05-14 04:16 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-14 04:14 . 2009-05-14 04:14 127877 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\uninstall.exe
2009-05-14 04:14 . 2009-05-14 04:14 1685856 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-13 03:08 . 2009-05-27 03:38 0 ----a-w c:\documents and settings\Mattie Z\Local Settings\Application Data\prvlcl.dat
2009-05-04 14:12 . 2009-05-04 14:12 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-03 23:10 . 2009-05-03 23:10 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 23:09 . 2009-05-28 00:26 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 21:24 . 2007-11-09 11:50 -------- d-----w c:\program files\Diablo II
2009-05-26 21:24 . 2007-12-09 20:21 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-05-26 05:59 . 2007-12-11 04:18 -------- d-----w c:\documents and settings\Mattie Z\Application Data\LimeWire
2009-05-20 00:32 . 2008-02-19 02:23 -------- d-----w c:\documents and settings\Mattie Z\Application Data\Move Networks
2009-05-14 04:16 . 2007-12-12 06:41 -------- d-----w c:\program files\Google
2009-04-02 04:40 . 2009-03-31 15:26 -------- d-----w c:\documents and settings\Mattie Z\Application Data\AVGTOOLBAR
2009-03-31 15:26 . 2009-03-31 15:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-31 15:26 . 2009-03-31 15:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-31 15:26 . 2009-03-31 15:26 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-31 15:26 . 2007-12-09 15:59 27656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-03-31 15:26 . 2009-03-31 15:26 -------- d-----w c:\program files\AVG
2009-03-31 15:26 . 2009-03-31 15:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-22 01:38 . 2009-01-25 18:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 01:29 . 2009-03-10 19:22 152576 ----a-w c:\documents and settings\Mattie Z\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-19 05:02 . 2007-08-13 16:23 39792 ----a-w c:\documents and settings\Mattie Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 20:36 . 2009-03-08 20:36 0 ----a-w c:\windows\PowerReg.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-05-27_04.03.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-27 14:55 . 2009-05-27 14:55 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2009-05-27 14:55 . 2009-05-27 14:55 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ares"="c:\program files\Ares\Ares.exe" [2007-11-23 962560]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB6461"="command" [X]
"SpybotDeletingD5076"="del" [X]
"SpybotDeletingB3796"="command" [X]
"SpybotDeletingD7336"="del" [X]
"SpybotDeletingB7696"="command" [X]
"SpybotDeletingD8336"="del" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-31 1932568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nvchost"="c:\windows\winlogon.exe" [BU]
"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-07-03 10752]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

c:\documents and settings\Mattie Z\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-3-8 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-31 15:26 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Acrobat3\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/25/2009 6:16 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/31/2009 10:26 AM 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/31/2009 10:26 AM 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/25/2009 6:16 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/31/2009 10:26 AM 298264]
S2 gupdate1c9cc445acf6fda;Google Update Service (gupdate1c9cc445acf6fda);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 6:10 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - APPMGMT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-12 23:09]

2009-05-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 23:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.defaulthomepage.info
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 23:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-28 23:49
ComboFix-quarantined-files.txt 2009-05-28 04:48
ComboFix2.txt 2009-05-27 04:05

Pre-Run: 327,730,483,200 bytes free
Post-Run: 327,750,193,152 bytes free

173 --- E O F --- 2009-01-26 05:06

Hello.
Origin is away, so I am stepping in.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• Ares
  
• Shareaza
  
• Vuze
  

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\program files\Ares
c:\Program Files\Shareaza
c:\Program Files\uTorrent
c:\documents and settings\Mattie Z\Application Data\LimeWire

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB6461"=-
"SpybotDeletingD5076"=-
"SpybotDeletingB3796"=-
"SpybotDeletingD7336"=-
"SpybotDeletingB7696"=-
"SpybotDeletingD8336"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ares\\Ares.exe"=-
"c:\\Program Files\\Shareaza\\Shareaza.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Hi, thank you so much for stepping in!

Neither ares nor vuze appear under my list of programs when i go to add/remove. I believe I tried to delete them awhile ago, though it's apparent they're still there... I also uninstalled uTorrent. Here's the resulting log:

ComboFix 09-05-28.07 - Mattie Z 05/29/2009 11:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.477 [GMT -5:00]
Running from: c:\documents and settings\Mattie Z\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Mattie Z\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090529-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mattie Z\Application Data\LimeWire
c:\documents and settings\Mattie Z\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Mattie Z\Application Data\LimeWire\active.mojito
c:\documents and settings\Mattie Z\Application Data\LimeWire\bugs.data
c:\documents and settings\Mattie Z\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Mattie Z\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Mattie Z\Application Data\LimeWire\downloads.dat
c:\documents and settings\Mattie Z\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Mattie Z\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Mattie Z\Application Data\LimeWire\filters.props
c:\documents and settings\Mattie Z\Application Data\LimeWire\gnutella.net
c:\documents and settings\Mattie Z\Application Data\LimeWire\installation.props
c:\documents and settings\Mattie Z\Application Data\LimeWire\library.dat
c:\documents and settings\Mattie Z\Application Data\LimeWire\limewire.props
c:\documents and settings\Mattie Z\Application Data\LimeWire\mojito.props
c:\documents and settings\Mattie Z\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Mattie Z\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Mattie Z\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Mattie Z\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Mattie Z\Application Data\LimeWire\questions.props
c:\documents and settings\Mattie Z\Application Data\LimeWire\responses.cache
c:\documents and settings\Mattie Z\Application Data\LimeWire\simpp.xml
c:\documents and settings\Mattie Z\Application Data\LimeWire\spam.dat
c:\documents and settings\Mattie Z\Application Data\LimeWire\tables.props
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Mattie Z\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\ttree.cache
c:\documents and settings\Mattie Z\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Mattie Z\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Mattie Z\Application Data\LimeWire\version.xml
c:\documents and settings\Mattie Z\Application Data\LimeWire\versions.props
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\data\image.sxml2
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Mattie Z\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\Ares
c:\program files\Ares\Ares.exe
c:\program files\Ares\AsyncEx.ax
c:\program files\Ares\libfaad2.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-25 23:16 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-25 23:16 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-25 23:16 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-25 23:16 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-25 23:16 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-25 23:16 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-25 23:16 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-25 23:16 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-25 23:16 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w c:\program files\Alwil Software
2009-05-24 07:06 . 2009-05-24 07:06 -------- d-----w c:\documents and settings\Mattie Z\Application Data\Malwarebytes
2009-05-24 07:05 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 07:05 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 07:05 . 2009-05-24 07:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-24 07:05 . 2009-05-24 07:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-14 04:16 . 2009-05-14 04:16 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-14 04:14 . 2009-05-14 04:14 127877 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\uninstall.exe
2009-05-14 04:14 . 2009-05-14 04:14 1685856 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-13 03:08 . 2009-05-27 03:38 0 ----a-w c:\documents and settings\Mattie Z\Local Settings\Application Data\prvlcl.dat
2009-05-04 14:12 . 2009-05-04 14:12 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-03 23:10 . 2009-05-03 23:10 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 23:09 . 2009-05-29 01:27 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 21:24 . 2007-11-09 11:50 -------- d-----w c:\program files\Diablo II
2009-05-26 21:24 . 2007-12-09 20:21 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-05-20 00:32 . 2008-02-19 02:23 -------- d-----w c:\documents and settings\Mattie Z\Application Data\Move Networks
2009-05-14 04:16 . 2007-12-12 06:41 -------- d-----w c:\program files\Google
2009-04-02 04:40 . 2009-03-31 15:26 -------- d-----w c:\documents and settings\Mattie Z\Application Data\AVGTOOLBAR
2009-03-31 15:26 . 2009-03-31 15:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-31 15:26 . 2009-03-31 15:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-31 15:26 . 2009-03-31 15:26 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-31 15:26 . 2007-12-09 15:59 27656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-03-31 15:26 . 2009-03-31 15:26 -------- d-----w c:\program files\AVG
2009-03-31 15:26 . 2009-03-31 15:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-22 01:38 . 2009-01-25 18:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 01:29 . 2009-03-10 19:22 152576 ----a-w c:\documents and settings\Mattie Z\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-19 05:02 . 2007-08-13 16:23 39792 ----a-w c:\documents and settings\Mattie Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 20:36 . 2009-03-08 20:36 0 ----a-w c:\windows\PowerReg.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-05-27_04.03.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-29 15:54 . 2009-05-29 15:54 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat
+ 2009-05-29 15:54 . 2009-05-29 15:54 16384 c:\windows\Temp\Perflib_Perfdata_574.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-31 1932568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nvchost"="c:\windows\winlogon.exe" [BU]
"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-07-03 10752]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

c:\documents and settings\Mattie Z\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-3-8 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-31 15:26 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Acrobat3\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/25/2009 6:16 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/31/2009 10:26 AM 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/31/2009 10:26 AM 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/25/2009 6:16 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/31/2009 10:26 AM 298264]
S2 gupdate1c9cc445acf6fda;Google Update Service (gupdate1c9cc445acf6fda);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 6:10 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-05-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-12 23:09]

2009-05-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 23:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.defaulthomepage.info
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 11:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-29 11:38
ComboFix-quarantined-files.txt 2009-05-29 16:38
ComboFix2.txt 2009-05-28 04:49
ComboFix3.txt 2009-05-27 04:05

Pre-Run: 327,459,233,792 bytes free
Post-Run: 327,635,259,392 bytes free

232 --- E O F --- 2009-01-26 05:06

Hello.
Some malware got back in, because some protection programs are messing with our removal.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "nvchost"=-
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Now lets get an uninstall list.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

32 Bit HP CIO Components Installer
Ableton Live v7.0.1
Acrobat.com
Acrobat.com
Ad-Aware 2007
Adobe Acrobat Reader 3.01
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe PhotoDeluxe Home Edition 3.0
Adobe Reader 9.1.1
AIM 6
AIM Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
avast! Antivirus
AVIVO Codecs
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Common Dll's
Creative Software AutoUpdate
Creative System Information
Delta Force - Black Hawk Down
Delta Force Black Hawk Down Team Sabre
Delta Force Task Force Dagger
Diablo II
DivX Content Uploader
DivX Web Player
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPSSupply
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 3.2.5 Standard
Lightsmark 2007
Magic DVD Ripper V5.3 build 7
MAGIX Media Manager silver
MAGIX music maker 2005 deLuxe
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Media Wizard
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
NETGEAR Wireless Adapter WG311T
NVIDIA Drivers
OpenOffice.org Installer 1.0
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sound Blaster X-Fi Xtreme Audio
Spybot - Search & Destroy
Text-To-Speech-Runtime
Unreal Tournament G.O.T.Y. Edition
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VideoLAN VLC media player 0.8.6i
Virtual DJ - Atomix Productions
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Download and install VLC Player 0.9.9
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Please download the AVG Remover. >> Click Here <<
Allow it to run and it should want to reboot before it's actions fully take effect on your machine.

After reboot, delete this folder in bold:
c:\Program Files\AVG

I downloaded the new VLC player and installed it, however the link to the AVG remover appears broken. it says: "Oops! This link appears to be broken."

I already manully removed AVG on the add/remove lists from the control panel, since it was not helping me in its un-updated state.

Try this link.
http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Sorry, I keep getting the same Oops message

I've uploaded it for you.

http://download519.mediafire.com/gqvzhjdm1xwg/znngtztemmy/avgremover.exe

I'm so sorry this is causing so much trouble! Thank you for uploading it, but it appears mediafire has removed it!

"Invalid File. This error has been forwarded to MediaFire's development team.
The key you provided for file download was invalid. This is usually caused because the file is no longer stored on Mediafire. This occurs when the file is removed by the originating user or Mediafire. "

-_- The file is still there.

http://www.mediafire.com/download.php?znngtztemmy

ahh this time it worked fine! AVG has been deleted

Thank god for that!, did you delete the AVG8 folder from Program Files?

All that is left now is to replace Java with the most updated version since we removed the older versions.

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  
• Select the first option where it says "This release is Windows 7 support-ready and includes support for Internet Explorer 8...".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe that you downloaded to install the newest version.
  

Yes, the folder is gone!

I did install the latest Java, however still neither spybot nor malwarebytes can update themselves

Hello.
Uninstall both of them.
Spybots removal methods aren't that great and MBAM has a new version out, so lets start from scratch with this.

First, uninstall MBAM/Spybot, then run this MBAM cleaner to remove any traces left of MBAM.
http://www.malwarebytes.org/mbam-clean.exe

Download the free version of 1.37 from here:
http://www.malwarebytes.org/mbam.php

Install it again and see if you can update it then.

I removed both programs, but those links are both broken for me. Same "Oops! This link appears to be broken" message. Not surprising, because my initial inability to access the malwarebytes site was definitely a red flag for me, leading me to believe my computer was infected. On a different note, thank you so much for your extemely quick replies!

Okay, lets get an upto date Combofix log.
Re-run Combofix for me please.

Here's the latest one. Is it normal for it to be considerably shorter than the first one?

ComboFix 09-05-29.01 - Mattie Z 05/30/2009 9:07.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.602 [GMT -5:00]
Running from: c:\documents and settings\Mattie Z\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090529-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-29 18:38 . 2009-05-29 18:38 -------- d-----w c:\documents and settings\Mattie Z\Application Data\vlc
2009-05-25 23:16 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-25 23:16 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-25 23:16 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-25 23:16 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-25 23:16 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-25 23:16 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-25 23:16 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-25 23:16 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-25 23:16 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-25 23:15 . 2009-05-25 23:15 -------- d-----w c:\program files\Alwil Software
2009-05-24 07:06 . 2009-05-24 07:06 -------- d-----w c:\documents and settings\Mattie Z\Application Data\Malwarebytes
2009-05-24 07:05 . 2009-05-24 07:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-14 04:16 . 2009-05-14 04:16 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-14 04:14 . 2009-05-14 04:14 127877 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\uninstall.exe
2009-05-14 04:14 . 2009-05-14 04:14 1685856 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-13 03:08 . 2009-05-27 03:38 0 ----a-w c:\documents and settings\Mattie Z\Local Settings\Application Data\prvlcl.dat
2009-05-04 14:12 . 2009-05-04 14:12 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-03 23:10 . 2009-05-03 23:10 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 23:09 . 2009-05-30 02:28 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w c:\documents and settings\Mattie Z\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 05:35 . 2008-11-20 19:45 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-30 05:35 . 2008-11-20 19:45 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-30 01:07 . 2008-07-11 17:34 -------- d-----w c:\program files\Sun
2009-05-30 01:07 . 2009-01-25 18:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-30 01:07 . 2007-12-11 04:17 -------- d-----w c:\program files\Java
2009-05-29 16:47 . 2009-03-31 15:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-26 21:24 . 2007-11-09 11:50 -------- d-----w c:\program files\Diablo II
2009-05-26 21:24 . 2007-12-09 20:21 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-05-20 00:32 . 2008-02-19 02:23 -------- d-----w c:\documents and settings\Mattie Z\Application Data\Move Networks
2009-05-14 04:16 . 2007-12-12 06:41 -------- d-----w c:\program files\Google
2009-03-22 01:39 . 2009-03-22 01:39 503808 ----a-w c:\documents and settings\Mattie Z\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1dbf8c95-n\msvcp71.dll
2009-03-22 01:39 . 2009-03-22 01:39 499712 ----a-w c:\documents and settings\Mattie Z\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1dbf8c95-n\jmc.dll
2009-03-22 01:39 . 2009-03-22 01:39 348160 ----a-w c:\documents and settings\Mattie Z\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1dbf8c95-n\msvcr71.dll
2009-03-19 05:02 . 2007-08-13 16:23 39792 ----a-w c:\documents and settings\Mattie Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 20:36 . 2009-03-08 20:36 0 ----a-w c:\windows\PowerReg.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-05-27_04.03.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-30 13:55 . 2009-05-30 13:55 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
+ 2009-05-30 13:55 . 2009-05-30 13:55 16384 c:\windows\Temp\Perflib_Perfdata_238.dat
+ 2009-05-30 01:07 . 2009-05-30 01:07 148888 c:\windows\system32\javaws.exe
- 2009-01-25 18:06 . 2009-03-22 01:38 148888 c:\windows\system32\javaws.exe
+ 2009-05-30 01:07 . 2009-05-30 01:07 144792 c:\windows\system32\javaw.exe
- 2009-01-25 18:06 . 2009-03-22 01:38 144792 c:\windows\system32\javaw.exe
+ 2009-05-30 01:07 . 2009-05-30 01:07 144792 c:\windows\system32\java.exe
- 2009-01-25 18:06 . 2009-03-22 01:38 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-30 148888]
"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-07-03 10752]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

c:\documents and settings\Mattie Z\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-3-8 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Acrobat3\\Reader\\AcroRd32.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/25/2009 6:16 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/25/2009 6:16 PM 20560]
S2 gupdate1c9cc445acf6fda;Google Update Service (gupdate1c9cc445acf6fda);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 6:10 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-12 23:09]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 23:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.defaulthomepage.info
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 09:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-30 9:13
ComboFix-quarantined-files.txt 2009-05-30 14:13
ComboFix2.txt 2009-05-29 16:38
ComboFix3.txt 2009-05-28 04:49
ComboFix4.txt 2009-05-27 04:05

Pre-Run: 327,178,457,088 bytes free
Post-Run: 327,408,279,552 bytes free

148 --- E O F --- 2009-01-26 05:06

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\documents and settings\Mattie Z\Start Menu\Programs\Startup\PowerReg Scheduler.exe
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "P17Helper"=-
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\documents and settings\Mattie Z\Start Menu\Programs\Startup\PowerReg Scheduler.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\P17Helper deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05302009_135642

Hello.
One more script to remove a leftover AVG folder.

• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\documents and settings\All Users\Application Data\avg8
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\documents and settings\All Users\Application Data\avg8\update\prepare moved successfully.
c:\documents and settings\All Users\Application Data\avg8\update\backup moved successfully.
c:\documents and settings\All Users\Application Data\avg8\update moved successfully.
c:\documents and settings\All Users\Application Data\avg8\Temp moved successfully.
c:\documents and settings\All Users\Application Data\avg8\scanlogs moved successfully.
c:\documents and settings\All Users\Application Data\avg8\Log moved successfully.
c:\documents and settings\All Users\Application Data\avg8\emc moved successfully.
c:\documents and settings\All Users\Application Data\avg8\Dumps moved successfully.
c:\documents and settings\All Users\Application Data\avg8\CfgAll moved successfully.
c:\documents and settings\All Users\Application Data\avg8\Cfg moved successfully.
c:\documents and settings\All Users\Application Data\avg8\AvgApi moved successfully.
c:\documents and settings\All Users\Application Data\avg8\AvgAm moved successfully.
c:\documents and settings\All Users\Application Data\avg8\admincli moved successfully.
c:\documents and settings\All Users\Application Data\avg8 moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05312009_032947

We can remove OTMoveIt now.

• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?

The machine is running fine, except for my inability to go to malwarebytes' website, so I can not download from the link you gave me. I re-installed v.1.37, and it still could not update itself. If I didn't delete spybot and avg, they still woudln't be able to update themselves either... It appears something is blocking the ability of these programs to update themselves. I'm going to be away from my computer for a week, but I'll bump this when I come back. Thank you very much for your time, and quick responses I look forward to continuing this in a week, thanks again!