Computer not working properly

Hello, I recently had my computer start acting up after I downloaded an infected file.
Quite a few programs won't open at all and for example I get a message whenever I try to open anything from microsoft office...
"not enough memory to run microsoft excel."

Can you please help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:56 PM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Additional Programs\power iso\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Additional Programs\Itunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
D:\Additional Programs\Itunes\iPod\bin\iPodService.exe
D:\Additional Programs\Firefox\firefox.exe
C:\Documents and Settings\mike\Desktop\virus stuff\hijack this\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Additional Programs\power iso\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Additional Programs\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Additional Programs\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242672418750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242672552562
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Additional Programs\Itunes\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7400 bytes

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.36
Database version: 2159
Windows 5.1.2600 Service Pack 3

11/16/2009 11:35:50 PM
mbam-log-2009-11-16 (23-35-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 317076
Time elapsed: 1 hour(s), 50 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=df78d0d281c5484b89ea1cfb2754583a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-17 08:05:21
# local_time=2009-11-17 12:05:21 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 100 0 34767161 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=df78d0d281c5484b89ea1cfb2754583a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-17 08:07:48
# local_time=2009-11-17 12:07:48 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 100 0 34767308 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

ComboFix 09-11-18.04 - mike 11/17/2009 21:26.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1415 [GMT -8:00]
Running from: c:\documents and settings\mike\Desktop\commy.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\101athrez959955.ocx
c:\windows\10554spamzot6989.cpl
c:\windows\10753no9-a-viruz7d.dll
c:\windows\109235pz39.exe
c:\windows\10addz59e33.ocx
c:\windows\10z035irus379.dll
c:\windows\11253t5oj39z.cpl
c:\windows\11352not-a-z5rus796.bin
c:\windows\11465spz549.cpl
c:\windows\1176659rm5z8.exe
c:\windows\11965virus7zb.bin
c:\windows\119etzi9f5253.dll
c:\windows\120z9sp5mbot9b4.cpl
c:\windows\12373zacktool4395.dll
c:\windows\123z0worm495.cpl
c:\windows\130zadd5are9581.cpl
c:\windows\13325zroj957.dll
c:\windows\134z0sp9m5ot25d.ocx
c:\windows\13528ha5ktzol2b29.bin
c:\windows\13z95ackdoor49.cpl
c:\windows\14236h9cktzo56f.bin
c:\windows\14255szy92f.exe
c:\windows\14304trz91735.cpl
c:\windows\14688z95m1ff.dll
c:\windows\14996s9y5cz5.bin
c:\windows\1538woz958e.ocx
c:\windows\15475zr9j5c2.dll
c:\windows\15589ownl5adzr1752.cpl
c:\windows\15591spy486z.cpl
c:\windows\159285roj2z1.cpl
c:\windows\15z89worm72c.cpl
c:\windows\1600z9rus585.ocx
c:\windows\16080hacktz5l9a3.dll
c:\windows\1629zvi5us5699.dll
c:\windows\164285oz-a-virus918.cpl
c:\windows\16900z5oj2fa.cpl
c:\windows\16903wo5m695z.exe
c:\windows\169395irus6z2.ocx
c:\windows\16z50wo9m3bc.bin
c:\windows\170269otza-vir5s3ae.ocx
c:\windows\179z3worm5d8.ocx
c:\windows\17c9ad9wa5e207z.bin
c:\windows\17z9spyware695.bin
c:\windows\18154spamb9t5z.ocx
c:\windows\1837ztroj5b39.exe
c:\windows\184z6not-a-59rus13c.cpl
c:\windows\185229orm33ez.bin
c:\windows\190969z5us547.ocx
c:\windows\19404virusz9d5.ocx
c:\windows\19585n9t-a-virusz24.exe
c:\windows\19586hackt5o967z.bin
c:\windows\196969zru5481.bin
c:\windows\19zworm3465.dll
c:\windows\1b8dth5ef24z99.exe
c:\windows\1bd7dow9loa5zr1743.cpl
c:\windows\1d05d5wnloadez5499.ocx
c:\windows\1d55steal5z069.dll
c:\windows\1d9espars5901z.bin
c:\windows\1de5th9zat11963.bin
c:\windows\1e885ddwa9e1z.ocx
c:\windows\1z296spa5bot212.exe
c:\windows\2060t9reaz25231.cpl
c:\windows\2099thzeat25415.dll
c:\windows\209c5i9579z.exe
c:\windows\211z9w59m32.dll
c:\windows\2170hzc5tool7d29.cpl
c:\windows\21976hackzool305.ocx
c:\windows\219csparsez575.dll
c:\windows\219z2tro95eb.dll
c:\windows\2259zackdoor5523.ocx
c:\windows\22714sp9225z.exe
c:\windows\22755notza-vir9s42b.dll
c:\windows\2281s9yz415.cpl
c:\windows\23114h5c9tooz42.bin
c:\windows\24409not-azvirus6f5.bin
c:\windows\24594no9-azvirus399.exe
c:\windows\24709szy45a.cpl
c:\windows\24898wor9zd5.exe
c:\windows\24898z5rm47b.cpl
c:\windows\2499threat418z5.cpl
c:\windows\24b85ackdzor1059.bin
c:\windows\24z29worm7475.cpl
c:\windows\2500spazbot395.ocx
c:\windows\25628hazktool491.exe
c:\windows\25885no9-z-virus50f5.bin
c:\windows\25986spamb9t656z.bin
c:\windows\2599spyware1231z.cpl
c:\windows\25a4spyware2z129.ocx
c:\windows\25b7downloade93179z.dll
c:\windows\25f99teaz1684.bin
c:\windows\25z38worm395.bin
c:\windows\25z59ddware88.ocx
c:\windows\2600a5dware29z0.dll
c:\windows\261fztea54459.exe
c:\windows\26705orm7z49.cpl
c:\windows\267335ot9a-virzs9.cpl
c:\windows\26950nz9-a-virus6.cpl
c:\windows\27015tr5z7a89.exe
c:\windows\27126haczt5o94f0.exe
c:\windows\271599pz5d.ocx
c:\windows\2749virz775.dll
c:\windows\275bst9zl1907.bin
c:\windows\279615orm2c7z.dll
c:\windows\27991zot-a-viru559.dll
c:\windows\279baczdoor5624.bin
c:\windows\279zv9rus4935.ocx
c:\windows\28065not-a-9izus105.bin
c:\windows\2818zhacktool952.ocx
c:\windows\28575v9rusz3c.ocx
c:\windows\2938sp5rsez096.bin
c:\windows\29473szy7945.bin
c:\windows\2961zs9ambot65b.dll
c:\windows\29652s9yz5.cpl
c:\windows\29729hzcktool3515.ocx
c:\windows\29949tzoj5d.bin
c:\windows\2a69z5ckdoor260.exe
c:\windows\2b81s9y5are122z.exe
c:\windows\2be1backdoz93225.ocx
c:\windows\2d55tz5eat246439.dll
c:\windows\2d9z5ownloader1847.exe
c:\windows\2f1dsp9za5e1054.dll
c:\windows\2f69addzare20935.cpl
c:\windows\30090v5rzs6f3.exe
c:\windows\305z5viru9265.cpl
c:\windows\308295py487z.bin
c:\windows\30e4t59ef29z4.cpl
c:\windows\30z59viru5267.bin
c:\windows\31055hacztool903.cpl
c:\windows\3115hackt5ol469z.exe
c:\windows\3141v5zus669.cpl
c:\windows\31d1spyware9575z.cpl
c:\windows\32030zackt5ol499.ocx
c:\windows\32150virz9225.dll
c:\windows\32599ddwarez919.bin
c:\windows\3285downlozder1669.bin
c:\windows\333bb5ckdozr1951.bin
c:\windows\3465s9y659z.bin
c:\windows\3555virzs9be.bin
c:\windows\3585addwarez9.exe
c:\windows\35919zroj359.bin
c:\windows\35fd9pyware32z3.ocx
c:\windows\3895vizus3b5.cpl
c:\windows\39575orm4cz.dll
c:\windows\3984azdwar5567.cpl
c:\windows\3991hackto5lzc9.cpl
c:\windows\399spywarez7995.ocx
c:\windows\39a5szarse1852.dll
c:\windows\3a635ir931z.exe
c:\windows\3a68ad5zare27529.ocx
c:\windows\3b35adzwa9e384.exe
c:\windows\3b97steaz2595.exe
c:\windows\3b99sp5zar92982.exe
c:\windows\3d85addw9rez505.dll
c:\windows\3ec9t5iez2640.cpl
c:\windows\3z8485py97.dll
c:\windows\4009hzckto9l7265.dll
c:\windows\40a5spywa5917z8.dll
c:\windows\412zpa95e2013.bin
c:\windows\4295vir96z.exe
c:\windows\43705ir24z9.cpl
c:\windows\442fth59f233z.ocx
c:\windows\44dzt9reat261325.dll
c:\windows\458dtzief2909.ocx
c:\windows\4594adzware1975.exe
c:\windows\459estezl355.exe
c:\windows\45z5sparse959.exe
c:\windows\45zteal5079.ocx
c:\windows\46195py540z.dll
c:\windows\4690addw9ze6645.ocx
c:\windows\47829zckdoo5915.cpl
c:\windows\47ec95ief299z.cpl
c:\windows\47z25ddwa9e2682.exe
c:\windows\4865doznl9ader968.dll
c:\windows\48fbspa5se2964z.exe
c:\windows\490steal9z35.dll
c:\windows\4958backdzor596.bin
c:\windows\4cebad5ware95z5.ocx
c:\windows\4cf7thrzat25159.dll
c:\windows\4cz2spa9se1652.bin
c:\windows\4e5z5tea933.ocx
c:\windows\4f38back9oo51z84.exe
c:\windows\4fd05h9ef321z.ocx
c:\windows\50319no9-a-zirus669.ocx
c:\windows\504dadd9are3z88.cpl
c:\windows\512zvir5097.bin
c:\windows\5189spy95z.dll
c:\windows\51czba9kdoor5236.cpl
c:\windows\52z2not-a-v9rus25b.ocx
c:\windows\5326troj9z4.bin
c:\windows\5352ztro9360.dll
c:\windows\537zsp9rse71.cpl
c:\windows\539esteal247z.exe
c:\windows\53ezsp5rse14049.cpl
c:\windows\55283haz9tool3b0.cpl
c:\windows\552zp9470.dll
c:\windows\555thizf691.cpl
c:\windows\5566thief9232z.cpl
c:\windows\5580dzwnlo5d9r987.dll
c:\windows\5584zs9y75f.ocx
c:\windows\559zvir28539.exe
c:\windows\55c5backdooz1942.ocx
c:\windows\55zt9ief1658.cpl
c:\windows\56489zoj4f2.ocx
c:\windows\56cvirz799.dll
c:\windows\56ebspywarz1029.bin
c:\windows\57995hacktool2z79.bin
c:\windows\579tzief13569.ocx
c:\windows\5805bac9z5or681.dll
c:\windows\58398trzj417.dll
c:\windows\584backdzor2992.ocx
c:\windows\589bvi51031z.ocx
c:\windows\59255dzware1315.ocx
c:\windows\5925viz1570.bin
c:\windows\59380spamboz2d7.ocx
c:\windows\594stzal1996.cpl
c:\windows\5959zir2959.dll
c:\windows\597dbackdo5r2z0.exe
c:\windows\5989hazktoole5.cpl
c:\windows\59b8spyware5z71.exe
c:\windows\59e0bzck9o5r610.cpl
c:\windows\5a259irz030.ocx
c:\windows\5a5v59z615.dll
c:\windows\5b53downloade92496z.cpl
c:\windows\5cz6spywar92933.exe
c:\windows\5d4bdow5l9azer2293.bin
c:\windows\5d9cs5ywaze1469.exe
c:\windows\5df0downlozder2189.dll
c:\windows\5ef5bac59oor1123z.ocx
c:\windows\5f59addwar5z890.ocx
c:\windows\5f96down9oader25z9.dll
c:\windows\5z121virus429.dll
c:\windows\5z395worm28.cpl
c:\windows\5z6fbackd5or2549.bin
c:\windows\5z8d5ackdo9r3238.bin
c:\windows\5zb5spar9e5606.exe
c:\windows\5zb7spywa9e844.ocx
c:\windows\5zb9threat8308.ocx
c:\windows\627zbackdoor9595.exe
c:\windows\639st5al1997z.ocx
c:\windows\6459spywar5498z.ocx
c:\windows\64b5czdoo92278.bin
c:\windows\6525n9t-a-viruz526.bin
c:\windows\65349irz596.dll
c:\windows\6587vizu569a9.ocx
c:\windows\6589wo9m5e5z.dll
c:\windows\66a7thr5a9993z.cpl
c:\windows\66b99zwnloader6955.exe
c:\windows\66cbb5ck9oor207z.ocx
c:\windows\679fzir563.exe
c:\windows\6860s95zbota6.exe
c:\windows\689d5zeal708.ocx
c:\windows\68b85parze19089.bin
c:\windows\68z65ot-a-viru92fa.bin
c:\windows\6914addwzre9295.bin
c:\windows\69a0spy5arz229.bin
c:\windows\69c9spyware5z50.ocx
c:\windows\69d5ackdoor1052z.bin
c:\windows\6ca5stealz799.bin
c:\windows\6cc3zh9eat5542.exe
c:\windows\6effthz591321.ocx
c:\windows\6ezsteal20965.ocx
c:\windows\6f58zir759.exe
c:\windows\6fdath5eaz99612.bin
c:\windows\6z53spyware2009.dll
c:\windows\6zb5ba5kdoo91098.ocx
c:\windows\70359ot-z-virus353.ocx
c:\windows\703e5irz179.ocx
c:\windows\725a9hiez1861.ocx
c:\windows\7282spyza5e1159.exe
c:\windows\733f5hreat38z9.dll
c:\windows\743ath5eat25729z.ocx
c:\windows\74529roj18fz.cpl
c:\windows\74z1hacktoo59f.ocx
c:\windows\755btzief379.exe
c:\windows\75a6sze9l494.cpl
c:\windows\75d9addwarz1198.cpl
c:\windows\75f4vir3z559.exe
c:\windows\7679spar5z9247.cpl
c:\windows\7707vzr9539.exe
c:\windows\7765thizf2559.exe
c:\windows\7842w5r9zb1.exe
c:\windows\78d9addwar520z2.ocx
c:\windows\79aste5l24z6.cpl
c:\windows\79f79hrezt1225.exe
c:\windows\7c54zteal955.cpl
c:\windows\7c95downlzader7405.exe
c:\windows\7cac5zd9are406.bin
c:\windows\7d59spar9e4z7.ocx
c:\windows\7f64z5wn9oader449.ocx
c:\windows\7fzcbac5door2399.bin
c:\windows\7z92a5dware1928.ocx
c:\windows\806hac5to9lza.dll
c:\windows\81z45acktoo919d.cpl
c:\windows\8219zot-a-v9rus7a5.exe
c:\windows\8448tzoj95b5.bin
c:\windows\859wozm55d.dll
c:\windows\8673not-a-5irus9b9z.exe
c:\windows\88339irusz885.dll
c:\windows\9084zspy1695.cpl
c:\windows\90898spazbot6615.cpl
c:\windows\918dsp5ware234z.bin
c:\windows\91viz5094.exe
c:\windows\9208z5iruse2.dll
c:\windows\9209zack5ool5d5.bin
c:\windows\9235wzrmec.ocx
c:\windows\92423za5ktool292.cpl
c:\windows\92z25spy29c.cpl
c:\windows\933z9spambot5fd.exe
c:\windows\948z7troj5df.ocx
c:\windows\9506tr9j55z.cpl
c:\windows\95182trojz15.cpl
c:\windows\951sp9mzot5ec.ocx
c:\windows\9521h5cztool5b5.bin
c:\windows\956z3wo5m7e3.ocx
c:\windows\957cbackdoorz07.ocx
c:\windows\959zsteal1049.ocx
c:\windows\95a2thzef2491.cpl
c:\windows\9688spy5zb.cpl
c:\windows\96faspz5are291.ocx
c:\windows\9750vir9sz99.dll
c:\windows\9839threat1521z.ocx
c:\windows\995zvir5105.cpl
c:\windows\99d5v5r252z.cpl
c:\windows\9b76t5zef377.cpl
c:\windows\9bdz5ddware1437.dll
c:\windows\9d5ebaczdo5r530.bin
c:\windows\9z15v5r3109.dll
c:\windows\ca9dwarz1850.exe
c:\windows\ce3spa95e1519z.bin
c:\windows\d779par5ez481.cpl
c:\windows\e10vir193z5.bin
c:\windows\fz2spyw5re9858.exe
c:\windows\system32\10343n5t-a-zirus569.bin
c:\windows\system32\10348zor92a15.dll
c:\windows\system32\10355z9y357.bin
c:\windows\system32\107d9i5z233.bin
c:\windows\system32\10z24worm1b59.bin
c:\windows\system32\11258zacktool59d9.dll
c:\windows\system32\11787ha9ktozl255.dll
c:\windows\system32\11z39hackt59l63c.exe
c:\windows\system32\123zthr5at9293.exe
c:\windows\system32\125z5not-a-vir9s571.ocx
c:\windows\system32\12958sp59z.ocx
c:\windows\system32\1305trzj698.dll
c:\windows\system32\139z25irus97.ocx
c:\windows\system32\141d59arsz2148.ocx
c:\windows\system32\14290not-a-virus505z.bin
c:\windows\system32\1447spz9bot5b95.dll
c:\windows\system32\145z9virus50c.ocx
c:\windows\system32\14900not-9-5irus51z.dll
c:\windows\system32\14z8dow5loader978.ocx
c:\windows\system32\1510zworm6399.dll
c:\windows\system32\15145tro9z295.ocx
c:\windows\system32\151dz9reat16390.dll
c:\windows\system32\153249rojz16.cpl
c:\windows\system32\1589steal2z59.ocx
c:\windows\system32\1592zddware2481.ocx
c:\windows\system32\15963wzrm5f9.exe
c:\windows\system32\159zba5kdoor1150.cpl
c:\windows\system32\15d8viz499.dll
c:\windows\system32\1729baczd5or954.exe
c:\windows\system32\1735spywa5ez922.dll
c:\windows\system32\17551v9rzs3de.dll
c:\windows\system32\175dstzal95.ocx
c:\windows\system32\18219hrea527470z.bin
c:\windows\system32\18906vi9us4z95.bin
c:\windows\system32\1912do5nloader9909z.dll
c:\windows\system32\19359spzm5ot554.cpl
c:\windows\system32\19569spzmbot795.cpl
c:\windows\system32\197ez5wnloader2899.bin
c:\windows\system32\198spzm5ot101.exe
c:\windows\system32\1999zspy5e8.exe
c:\windows\system32\19a0thizf2595.dll
c:\windows\system32\19d5szyware4205.ocx
c:\windows\system32\1bc5backdoor2998z.dll
c:\windows\system32\1dc59dzwar53120.ocx
c:\windows\system32\1dc8t9reaz29507.cpl
c:\windows\system32\1e2bbackdo9r19z55.bin
c:\windows\system32\1e55vir29z5.exe
c:\windows\system32\1e55viz2598.bin
c:\windows\system32\1e5ethzeat93554.cpl
c:\windows\system32\1f5c9parsez44.ocx
c:\windows\system32\1z07v9r514.exe
c:\windows\system32\1z095troj768.exe
c:\windows\system32\1z194viru91235.bin
c:\windows\system32\1z520s5y19.ocx
c:\windows\system32\1z6viru59a3.cpl
c:\windows\system32\1z985worm2b7.bin
c:\windows\system32\2009downloaderz865.ocx
c:\windows\system32\21753sp9252z.bin
c:\windows\system32\21982vz9us151.ocx
c:\windows\system32\22496tzoj765.cpl
c:\windows\system32\225z9not5a-virus759.ocx
c:\windows\system32\22645zot-a-9iru56cc.exe
c:\windows\system32\22717not-5-vzrus4d19.ocx
c:\windows\system32\22849hacktzol985.cpl
c:\windows\system32\230z4h5cktool299.dll
c:\windows\system32\23145spy49z.bin
c:\windows\system32\23232spambz95d.dll
c:\windows\system32\234fv5r789z.ocx
c:\windows\system32\235115r9j6dz.exe
c:\windows\system32\2355bazkd95r551.cpl
c:\windows\system32\23820t5o977z.ocx
c:\windows\system32\23cfadzwa951183.exe
c:\windows\system32\23fzspars5194.cpl
c:\windows\system32\2451zvi5usc49.dll
c:\windows\system32\2462haz95ool45a.dll
c:\windows\system32\24963w5rm4zf.ocx
c:\windows\system32\2508viru95a9z.cpl
c:\windows\system32\2509z9dware1977.cpl
c:\windows\system32\25302vizus391.dll
c:\windows\system32\255069orm447z.exe
c:\windows\system32\2550spzrse22509.ocx
c:\windows\system32\255b9irz26.exe
c:\windows\system32\255c9hizf1354.dll
c:\windows\system32\2589stezl1679.bin
c:\windows\system32\25966troj39z5.bin
c:\windows\system32\25995worm689z.dll
c:\windows\system32\25cdth9eat7578z.ocx
c:\windows\system32\25zcbackdoor985.bin
c:\windows\system32\26053noz-a-virus79d.cpl
c:\windows\system32\267z69pambot5f8.dll
c:\windows\system32\26934not-a-5zrus33d.cpl
c:\windows\system32\26z9thi5f499.exe
c:\windows\system32\27205acktozl9b2.ocx
c:\windows\system32\27892hacktooz5f.exe
c:\windows\system32\27z22spambot659.cpl
c:\windows\system32\2815downloaze916925.bin
c:\windows\system32\2895stealz939.ocx
c:\windows\system32\28bd5par9z704.exe
c:\windows\system32\290325py129z.exe
c:\windows\system32\29559spazbot265.ocx
c:\windows\system32\29590spz507.bin
c:\windows\system32\2996znot-a-vi5us91.bin
c:\windows\system32\29z1spy6b85.cpl
c:\windows\system32\2b4et9iefz545.cpl
c:\windows\system32\2c33ba9kd5or7z3.bin
c:\windows\system32\2d72back5zo91028.dll
c:\windows\system32\2dfddowzl95der52.bin
c:\windows\system32\2ee8s5y9arz2358.cpl
c:\windows\system32\2z134wo9m259.dll
c:\windows\system32\2z3d5ownloader9594.bin
c:\windows\system32\2z650vi5us792.bin
c:\windows\system32\300z9dware1345.bin
c:\windows\system32\3079s5z427.exe
c:\windows\system32\30954zi9us51d.bin
c:\windows\system32\31001haczt5ol917.exe
c:\windows\system32\3145a9ktoolz41.ocx
c:\windows\system32\315viz959.dll
c:\windows\system32\31692sza9bo539c.cpl
c:\windows\system32\319z7ha9ktoo556b.ocx
c:\windows\system32\31b9spz5are16589.ocx
c:\windows\system32\3358addzare8579.cpl
c:\windows\system32\33695zoj1cf9.dll
c:\windows\system32\3475zddware559.dll
c:\windows\system32\35331n9t-a-virus2z3.bin
c:\windows\system32\359adownloader5z4.ocx
c:\windows\system32\35z3w9rm390.ocx
c:\windows\system32\35z4back9oor2731.exe
c:\windows\system32\3691spzware1053.dll
c:\windows\system32\3691t5reat799z.bin
c:\windows\system32\39175iz158.dll
c:\windows\system32\391bzdd5are2844.exe
c:\windows\system32\39222troj515z.ocx
c:\windows\system32\39595ownl9ader8z9.cpl
c:\windows\system32\3999ir215z.cpl
c:\windows\system32\39ev5z93.ocx
c:\windows\system32\39zfspa5se9139.dll
c:\windows\system32\3a8b9teal5125z.dll
c:\windows\system32\3c4bv5rz4959.ocx
c:\windows\system32\3ccdo5n9oader4z5.cpl
c:\windows\system32\3d4f5ownloader3z29.cpl
c:\windows\system32\3ddc9hi5f2625z.cpl
c:\windows\system32\3e5z9teal24275.bin
c:\windows\system32\3fback5oor95z.ocx
c:\windows\system32\3z1bac9door3153.cpl
c:\windows\system32\3z3edow95oader816.cpl
c:\windows\system32\3z7do9nloader2505.cpl
c:\windows\system32\3z95thief25129.exe
c:\windows\system32\3za5spyw5re2957.exe
c:\windows\system32\4051thre9t6z71.dll
c:\windows\system32\406et5r9at25z70.ocx
c:\windows\system32\427zw95m3ea.ocx
c:\windows\system32\428bs59alz831.cpl
c:\windows\system32\4356zpa9bot54c.bin
c:\windows\system32\4359pyz3f.ocx
c:\windows\system32\43f2s9yw5re2z35.dll
c:\windows\system32\4528addwzre419.exe
c:\windows\system32\4599rozc6.cpl
c:\windows\system32\45f5stea9176z.bin
c:\windows\system32\45fcadd9arz7545.cpl
c:\windows\system32\46edv9r5z36.dll
c:\windows\system32\4731t9oj5z7.bin
c:\windows\system32\4865h9cktozl144.bin
c:\windows\system32\48f89zr156.bin
c:\windows\system32\4926ste5l174z.ocx
c:\windows\system32\4951z5y134.dll
c:\windows\system32\4989thief17z5.dll
c:\windows\system32\4994spazbot357.exe
c:\windows\system32\4998tzief9645.bin
c:\windows\system32\4b26szyw9r595.dll
c:\windows\system32\4b569zief388.dll
c:\windows\system32\4c8dspyw9re5574z.cpl
c:\windows\system32\4d86downlo9der2535z.cpl
c:\windows\system32\4d9a9parse1z25.ocx
c:\windows\system32\50589zief3252.exe
c:\windows\system32\5090v9rus69z.ocx
c:\windows\system32\509sp97az.exe
c:\windows\system32\50c0back5oor10z79.dll
c:\windows\system32\52225tr9z192.ocx
c:\windows\system32\52498spamboz298.exe
c:\windows\system32\52c2spywarez5539.dll
c:\windows\system32\5351vi5z319.exe
c:\windows\system32\5375ba9kdoor121z.exe
c:\windows\system32\53z9t5ief2764.ocx
c:\windows\system32\5419t5oz6bc9.cpl
c:\windows\system32\54cztea92655.ocx
c:\windows\system32\550cviz1459.bin
c:\windows\system32\5520trzj2919.dll
c:\windows\system32\5550spaz59t705.exe
c:\windows\system32\5552thzef1195.ocx
c:\windows\system32\555ea9dzare1520.bin
c:\windows\system32\55f7spzware32239.dll
c:\windows\system32\5622spy5are91z4.dll
c:\windows\system32\56693spamboz775.cpl
c:\windows\system32\5682zpy692.dll
c:\windows\system32\5787bac5doo91911z.cpl
c:\windows\system32\579znot-a-virus4a9.ocx
c:\windows\system32\57b5thze9397.exe
c:\windows\system32\5809ste5l9z38.dll
c:\windows\system32\58185hack9ozl49f.dll
c:\windows\system32\588z3not-a-virus944.bin
c:\windows\system32\58f8zhreat94425.exe
c:\windows\system32\5913spambzt5a9.exe
c:\windows\system32\598d5tealz94.ocx
c:\windows\system32\59adaddwaze2599.cpl
c:\windows\system32\59f8st95lz689.dll
c:\windows\system32\5b15zpy5are9319.exe
c:\windows\system32\5b52dow5load9r247z.dll
c:\windows\system32\5b99viz1594.bin
c:\windows\system32\5c64s5e9lz357.cpl
c:\windows\system32\5ce9th5efz625.dll
c:\windows\system32\5d85s59rse49z.cpl
c:\windows\system32\5dc6thre9t79z5.exe
c:\windows\system32\5e9e5iz1969.cpl
c:\windows\system32\5ec3v9r2995z.dll
c:\windows\system32\5fa4addwar93z5.cpl
c:\windows\system32\61e8back95or1446z.exe
c:\windows\system32\631c9pywzre559.bin
c:\windows\system32\6530trzj49.cpl
c:\windows\system32\655threaz24955.exe
c:\windows\system32\6592downloader15z8.exe
c:\windows\system32\65a9addwa9e2003z.bin
c:\windows\system32\65dedownlo95ez299.ocx
c:\windows\system32\65f9ad9warz164.cpl
c:\windows\system32\6748spz9b5t2bc.exe
c:\windows\system32\685cvi91865z.cpl
c:\windows\system32\691eazdware5779.dll
c:\windows\system32\69z19roj58.bin
c:\windows\system32\6bc5parsez196.cpl
c:\windows\system32\6bfcbz9kdoor3605.dll
c:\windows\system32\6bzdthi5f1945.bin
c:\windows\system32\6d75pa9ze359.dll
c:\windows\system32\6ezasparse5789.bin
c:\windows\system32\6z9t5reat92594.bin
c:\windows\system32\7151nzt-a-virus359.cpl
c:\windows\system32\7152zot-a-5i9us40f.ocx
c:\windows\system32\7156troj18z9.ocx
c:\windows\system32\72b4t9reat155z9.bin
c:\windows\system32\730as5arz915.bin
c:\windows\system32\74905owzloade92173.ocx
c:\windows\system32\750dbackdoz91744.ocx
c:\windows\system32\75f49ackzoo543.cpl
c:\windows\system32\7675pambzt95.cpl
c:\windows\system32\76b5zh9eat25195.ocx
c:\windows\system32\7792szam9ot75.dll
c:\windows\system32\77a09zreat15839.ocx
c:\windows\system32\7859thrzat22993.dll
c:\windows\system32\78ad5ir419z.bin
c:\windows\system32\7935backdoor2896z.bin
c:\windows\system32\79895py931z.dll
c:\windows\system32\798worm50z5.exe
c:\windows\system32\7992vir5z3c6.dll
c:\windows\system32\79czb5ckdoor29.ocx
c:\windows\system32\7b89zhre5t5942.cpl
c:\windows\system32\7d56dzwn9oader938.ocx
c:\windows\system32\7dcca5dzare2091.exe
c:\windows\system32\8017haczt5ol9b6.exe
c:\windows\system32\83015p926z.exe
c:\windows\system32\8331sp9mboz325.exe
c:\windows\system32\8339s5ambo9z79.cpl
c:\windows\system32\8397not-a-vz59s526.exe
c:\windows\system32\8405ha9ztool315.bin
c:\windows\system32\8519zeal2623.bin
c:\windows\system32\8953hac9zool1dd.cpl
c:\windows\system32\90z09w5rm5ea.exe
c:\windows\system32\91615viruz788.exe
c:\windows\system32\9190zac95ool62b.exe
c:\windows\system32\92z9spambo55d.ocx
c:\windows\system32\93229t5oj7ze.bin
c:\windows\system32\9352spazse2932.exe
c:\windows\system32\9359ackdoo5107z.exe
c:\windows\system32\93z8tro5573.exe
c:\windows\system32\941z3wor578a.ocx
c:\windows\system32\95675szy786.bin
c:\windows\system32\958spyz5re1499.cpl
c:\windows\system32\95fadownloazer735.bin
c:\windows\system32\95z59worm5e7.cpl
c:\windows\system32\96z65hief3117.dll
c:\windows\system32\9740not-a-zi5us169.cpl
c:\windows\system32\97500zorm6bd.dll
c:\windows\system32\9891hack5ozl9d4.exe
c:\windows\system32\98956zpy25f.dll
c:\windows\system32\990s5a9bot1z8.bin
c:\windows\system32\9935s5yze1.bin
c:\windows\system32\9988dzwnlo5der1817.cpl
c:\windows\system32\9988spyz6f5.dll
c:\windows\system32\99zspywa5e823.cpl
c:\windows\system32\9ce0thiez2546.exe
c:\windows\system32\9d2evirz525.ocx
c:\windows\system32\9z1fvi51309.cpl
c:\windows\system32\9z297virus15e.bin
c:\windows\system32\9z71vi9us56.cpl
c:\windows\system32\9z788v5rus5f.bin
c:\windows\system32\9zaa95ware1144.cpl
c:\windows\system32\9zbac5door3172.dll
c:\windows\system32\a89backdoo5z314.dll
c:\windows\system32\ae5zhief9685.ocx
c:\windows\system32\b4cth5ez2954.bin
c:\windows\system32\b9dzpyware18645.cpl
c:\windows\system32\c65addw5r92880z.bin
c:\windows\system32\c79downzoad5r3156.cpl
c:\windows\system32\ce759wnlzader1243.dll
c:\windows\system32\fedtzre9515419.cpl
c:\windows\system32\fthiez9755.ocx
c:\windows\system32\fthr9at514z5.cpl
c:\windows\system32\msvcsv60.dll
c:\windows\system32\z146wo9m5895.dll
c:\windows\system32\z1779t5oj689.exe
c:\windows\system32\z1945v5rus10c.dll
c:\windows\system32\z2595teal2160.bin
c:\windows\system32\z365steal2958.dll
c:\windows\system32\z3abac9door254.cpl
c:\windows\system32\z49b9parse5053.dll
c:\windows\system32\z54viru9395.ocx
c:\windows\system32\z57985roj79d.ocx
c:\windows\system32\z587tro5609.cpl
c:\windows\system32\z638v5r9970.exe
c:\windows\system32\z6725worm590.ocx
c:\windows\system32\z7503troj9bf5.bin
c:\windows\system32\z7861sp5259.bin
c:\windows\system32\z81d5pywa9e1463.bin
c:\windows\system32\z934vir5142.bin
c:\windows\system32\z9459ir5829.exe
c:\windows\system32\z96astea52497.exe
c:\windows\system32\z980not-a-v5rus52c.ocx
c:\windows\system32\z9830troj5f9.dll
c:\windows\system32\z9c85hreat971.dll
c:\windows\system32\zb0cv951398.bin
c:\windows\system32\zb62threa9125155.bin
c:\windows\system32\ze01spars524589.ocx
c:\windows\z07bs9eal1555.bin
c:\windows\z09199roj5e7.ocx
c:\windows\z15509py2ac.ocx
c:\windows\z37es9arse4615.ocx
c:\windows\z499s9y6aa5.bin
c:\windows\z4c2t9r5at20684.bin
c:\windows\z5102troj499.ocx
c:\windows\z5515tro928a.cpl
c:\windows\z558thief2979.cpl
c:\windows\z5949virus905.bin
c:\windows\z59fsparse1754.exe
c:\windows\z6955worm735.cpl
c:\windows\z7156sp5950.bin
c:\windows\z7489sp551f.dll
c:\windows\z835vir32699.dll
c:\windows\z8e5s5eal9569.dll
c:\windows\z8ethi9f1655.dll
c:\windows\z98fspy5are2277.exe
c:\windows\z998stea56299.exe
c:\windows\z9c05py9are2867.dll
c:\windows\zb37s9ywar5994.dll
c:\windows\zd64spyware3059.bin
c:\windows\zd9thre5t17229.ocx
c:\windows\ze3cbac5doo91727.cpl
c:\windows\zf10sp5rse16579.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gxvxcserv.sys
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.

2009-11-18 05:22 . 2009-11-18 05:23 -------- d-----w- C:\commy
2009-11-18 05:17 . 2009-11-18 05:17 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\Xobni
2009-11-18 05:16 . 2009-11-18 05:17 -------- d-----w- c:\program files\Xobni
2009-11-18 05:15 . 2009-11-18 05:15 -------- d-----w- c:\program files\Vuze
2009-11-18 05:15 . 2009-11-18 05:15 -------- d-----w- c:\program files\AskBarDis
2009-11-17 08:03 . 2009-11-17 08:03 -------- d-----w- c:\program files\ESET
2009-11-17 05:07 . 2009-11-17 05:07 -------- d-----w- C:\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 05:46 . 2008-06-03 02:32 -------- d-----w- c:\documents and settings\mike\Application Data\Azureus
2009-11-14 16:16 . 2008-06-02 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-18 18:45 . 2008-06-02 21:15 69232 ----a-w- c:\documents and settings\mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-16 04:44 . 2008-09-05 04:38 64 ----a-w- c:\windows\msocreg32.dat
2009-09-26 23:44 . 2009-05-27 07:27 -------- d-----w- c:\program files\Google
2009-09-25 05:37 . 2001-08-23 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-06-02 21:11 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2001-08-23 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 20:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-27 185872]
"PWRISOVM.EXE"="d:\additional programs\power iso\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="d:\additional programs\quicktime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="d:\additional programs\Itunes\iTunesHelper.exe" [2009-07-13 292128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

c:\documents and settings\mike\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-11-16 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Additional Programs\\Itunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/20/2009 1:03 PM 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/17/2009 9:15 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/17/2009 9:15 PM 234888]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 8:33 AM 46824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 9:36 AM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]

2009-11-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 17:34]

2009-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:36]

2009-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\wbsonsmt.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - plugin: c:\documents and settings\mike\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\additional programs\Divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\additional programs\Divx\DivX Web Player\npdivx32.dll
FF - plugin: d:\additional programs\Itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin2.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin3.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin4.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin5.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin6.dll
FF - plugin: d:\additional programs\quicktime\Plugins\npqtplugin7.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
AddRemove-HijackThis - c:\documents and settings\mike\Desktop\HijackThis.exe
AddRemove-WebSnapshot 2.0 Demo - d:\progra~1\WEBSNA~1\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\additional programs\Divx\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:0a,8c,c7,7d,92,1c,23,2b,e9,78,f4,19,57,8f,51,cd,8b,bb,8c,79,ec,
02,0a,8f,32,42,1f,4a,9f,73,2d,1b,1f,58,11,7a,96,3c,66,1e,c9,a2,09,5b,52,13,\
"rkeysecu"=hex:bb,ef,ff,78,01,c0,e5,fd,0a,13,dd,82,78,16,2e,c1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1200)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
d:\additional programs\winrar\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\RUNDLL32.EXE
d:\additional programs\Itunes\iPod\bin\iPodService.exe
d:\additional programs\Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-11-17 21:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-18 05:49

Pre-Run: 35,038,982,144 bytes free
Post-Run: 42,084,044,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 1B320034E91572196D3BB926B221B96E

Phew, good thing ComboFix deleted all those files. Otherwise, I was going to ask you to. If you look under Other Deletions in the log above, those are all the files that needed deleted.
---------------------------------------------------------

c:\program files\AskBarDis

I noticed you are running Ask Toolbar.
The Ask Toolbar has been known to perform the following behavior:

• Promoting on sites targeted to kids. Details.
  
• Promoting through ads that appear to be part of other companies' sites. Details.
  
• Promoting through other companies' spyware. Details.
  
• Installing without any disclosure whatsoever and without any consent whatsoever. Details.
  
• Soliciting installations via "deceptive door openers" that do not
  accurately describe the offer; failing to affirmatively show a license
  agreement; linking to a EULA via an off-screen link. Details.
  
• Making confusing changes to users' browsers -- increasing Ask's
  revenues while taking users to pages they didn't intend to visit. Details.
  

I recommend the removal of Ask Toolbar. If you choose to do so, please follow the instructions below:

1. Close all open Web browsers
2. From the "Start" menu in Windows, select "Control Panel"
3. Select "Add or Remove Programs"
4. Select "AskBarDis"
5. Click "Change/Remove"

==

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /u

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Also, please tell me how your computer is running.

I still get a message "not enough memory to run windows excel" when trying to open any office program.


Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 14
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

I just updated my Java!

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thank you!
You have been a great help!

For Microsoft Office, make sure you have a product key handy or written down, then reinstall it. Those issues are dealt with easily.

Any more problems with office should be post in a new topic in the Software forum of GeekPolice.