ComboFix 09-09-27.05 - Nidhi 28/09/2009 22:08.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.2.1033.18.1014.290 [GMT -4:00]
Running from: c:\users\Nidhi\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2934146092-3137938891-3697879613-500
c:\windows\10419h5cktzol4df.exe
c:\windows\109aspyzare1659.bin
c:\windows\109z5sp9295.exe
c:\windows\10z53v59us53.bin
c:\windows\11120spambo52z09.exe
c:\windows\11149spzmbo5349.dll
c:\windows\1144s5z9d3.bin
c:\windows\115cbac9door773z.cpl
c:\windows\116dth5zf9539.ocx
c:\windows\11e3t9re5t11z82.bin
c:\windows\12549zpy598.exe
c:\windows\1257not-az9irus1f.exe
c:\windows\12767zir5s29.bin
c:\windows\128625zy4699.exe
c:\windows\12929not-a-viru52z0.exe
c:\windows\12e9zownloader3215.dll
c:\windows\12z8addwa95551.dll
c:\windows\132z1troj5995.cpl
c:\windows\14643h95ktozl416.dll
c:\windows\1525addware990z.bin
c:\windows\15295spz1dc9.cpl
c:\windows\155z9ir749.bin
c:\windows\1563szarse13599.ocx
c:\windows\1575threa9147z7.dll
c:\windows\15859spambotz74.exe
c:\windows\1590zwor5295.dll
c:\windows\1596s5ealz937.exe
c:\windows\15ezp9rse755.bin
c:\windows\16508spambo94z5.cpl
c:\windows\16744wozm1a95.cpl
c:\windows\16bzvi95429.ocx
c:\windows\16z369roj355.dll
c:\windows\18104not-5-viruz189.exe
c:\windows\18637spazb59b4.bin
c:\windows\197355pazbot5f99.exe
c:\windows\1979spyzare22955.exe
c:\windows\19873not-a-vi5zs6b9.bin
c:\windows\19943spa5boz35d.bin
c:\windows\19992wzrm6ec5.cpl
c:\windows\1ca9spzrse1175.cpl
c:\windows\1d6ba9kd5or4z.exe
c:\windows\1d90addwzre215.bin
c:\windows\1df1steal2935z.ocx
c:\windows\1z110wor514a9.ocx
c:\windows\1z299hacktool655.dll
c:\windows\1z39spyware1325.dll
c:\windows\1z51viru9452.exe
c:\windows\1z90spyware3569.bin
c:\windows\1zec5pyware2906.dll
c:\windows\20201hackt5o96z0.bin
c:\windows\2055hacktool1c9z.exe
c:\windows\20946spam59t499z.exe
c:\windows\20z9sp5699.ocx
c:\windows\21066szamb9t650.exe
c:\windows\21592hazkt5ol2c0.bin
c:\windows\217z6no9-a-vir5s398.exe
c:\windows\21825notza-virus5549.ocx
c:\windows\21859wozm159.dll
c:\windows\21z965py2a7.bin
c:\windows\22079zpy505.dll
c:\windows\2220sz9rse2995.dll
c:\windows\2252tzreat220949.ocx
c:\windows\2289spyza5e1595.exe
c:\windows\23028hzcktoo59db.dll
c:\windows\23513troj57z9.dll
c:\windows\238669azktool295.bin
c:\windows\2390znot-a-5irus67c9.cpl
c:\windows\23954t5oj7dz.bin
c:\windows\24799o5nlozder552.cpl
c:\windows\2485vir9z02.exe
c:\windows\25002vz9us59.exe
c:\windows\250z3tr9j4675.bin
c:\windows\25421tr9j3z7.ocx
c:\windows\25552virus3bz9.exe
c:\windows\2559steaz2607.cpl
c:\windows\25606zpy7935.exe
c:\windows\2574spazse691.dll
c:\windows\25855no9-a-viru55z0.dll
c:\windows\25922wzr964e.cpl
c:\windows\26515w9rm3z5.cpl
c:\windows\26618not-a-vizus495.cpl
c:\windows\2699zha5ktool5a89.cpl
c:\windows\27145viruz956.cpl
c:\windows\27535hacktooz9bb.dll
c:\windows\27576t5o9z2c.ocx
c:\windows\2772zhackt59l20d.ocx
c:\windows\27857hac9tzol754.exe
c:\windows\27935i9us9ez.cpl
c:\windows\2813hac9to5l53fz.bin
c:\windows\2859stea5299z.ocx
c:\windows\288499izus6515.exe
c:\windows\29208tz5j125.exe
c:\windows\295ztroj944.bin
c:\windows\29795tro51z6.bin
c:\windows\29796hack5ool4z1.cpl
c:\windows\29810virus56cz.exe
c:\windows\29857zpy4c9.cpl
c:\windows\29956wzrm4c6.ocx
c:\windows\29e5v9r21z0.ocx
c:\windows\29f7downloader3z5.dll
c:\windows\2a23s95wzre2352.ocx
c:\windows\2a5zpars59715.dll
c:\windows\2a6zs5arse1490.exe
c:\windows\2a9daddwarz1654.dll
c:\windows\2bs5azse419.exe
c:\windows\2c5ethief30z95.cpl
c:\windows\2z273not-a-viru9553.exe
c:\windows\2z399hacktool259.bin
c:\windows\2z501s9y70.ocx
c:\windows\2z5astea9632.bin
c:\windows\2zf5spyware2596.ocx
c:\windows\30072spam5ot3z9.ocx
c:\windows\30529spambot5z6.ocx
c:\windows\30687spaz95t533.dll
c:\windows\30695trzj745.exe
c:\windows\31315t59j1z7.bin
c:\windows\31999z5t-a-9irus8a.dll
c:\windows\3225hack9oo5z90.dll
c:\windows\325bzhrea931915.cpl
c:\windows\325fzpy5are2391.exe
c:\windows\327e59zal2303.dll
c:\windows\32e5ba5kzoor9059.ocx
c:\windows\3391downlzad5r213.exe
c:\windows\3393backdoor192z5.bin
c:\windows\35023not-a-v9rus66z.cpl
c:\windows\353bzhreat96214.cpl
c:\windows\355dz9wnloader2365.exe
c:\windows\356zvir9s177.ocx
c:\windows\357zbackdoor5917.dll
c:\windows\3594thzef1590.ocx
c:\windows\36a0s95alz211.exe
c:\windows\37afdownlzader98365.ocx
c:\windows\3902viruszb95.cpl
c:\windows\3915steaz29219.dll
c:\windows\3949s5yware1z80.exe
c:\windows\39dad5wnloader2z46.exe
c:\windows\39z5thief1397.dll
c:\windows\3bzddownloade51940.cpl
c:\windows\3dds95rze1931.cpl
c:\windows\3ezcsp5war9129.exe
c:\windows\3f0cbackd5orz93.bin
c:\windows\3z0w9rm3e5.cpl
c:\windows\3z8049orm21c5.ocx
c:\windows\4032vi5uz1ef9.bin
c:\windows\408v5r9sz52.cpl
c:\windows\414zt9oj457.ocx
c:\windows\41dddownlo9d5r1890z.dll
c:\windows\428ca9dzare2385.bin
c:\windows\42ecbackzoor91855.exe
c:\windows\43ecsze9l1258.exe
c:\windows\4451wo9z1b5.dll
c:\windows\446eadd9zr51482.cpl
c:\windows\451dowzloader9634.exe
c:\windows\4578spzmbot93.dll
c:\windows\4593tzreat22705.bin
c:\windows\4599roj5dz.bin
c:\windows\46c7szyware8459.dll
c:\windows\46zfst5al27989.ocx
c:\windows\475z9orm52.cpl
c:\windows\47d5z5r9930.ocx
c:\windows\4916vi5z948.ocx
c:\windows\49365pyware1z48.cpl
c:\windows\4948vzrus5fa.exe
c:\windows\4955sparze799.bin
c:\windows\49f2st5al201z.bin
c:\windows\4a89s5eal304z.cpl
c:\windows\4b08downlozde928945.bin
c:\windows\4b39spywarez0995.exe
c:\windows\4b59baczdoo9755.cpl
c:\windows\4d80zdd9are565.exe
c:\windows\4d9e59wnloadez1550.dll
c:\windows\4e57thzea5259139.dll
c:\windows\4e5zb5ckdoo92530.cpl
c:\windows\4e9stza5727.exe
c:\windows\4eesparze11589.cpl
c:\windows\4fc8thz5a919771.exe
c:\windows\4z72thief5649.dll
c:\windows\5070add9ar5z57.cpl
c:\windows\50890spamb9z505.dll
c:\windows\5091zpywa5e1027.dll
c:\windows\509z5troj19b.ocx
c:\windows\510fth9eatz30725.exe
c:\windows\5150n9t5a-virzs164.dll
c:\windows\5189spambot193z.bin
c:\windows\51b0ste9591z.exe
c:\windows\523z59py58.cpl
c:\windows\52d5t9reat105z5.dll
c:\windows\52zcthreat908645.exe
c:\windows\536289iruz84.exe
c:\windows\53z96spambot6d39.dll
c:\windows\5435zpars92175.cpl
c:\windows\5439zddwa9e1230.ocx
c:\windows\54449acktool558z.exe
c:\windows\5515t9reaz12590.ocx
c:\windows\5560baczdoor3089.cpl
c:\windows\5576spamb9t1z05.dll
c:\windows\5579zi9us593.bin
c:\windows\55908hzcktool1d8.dll
c:\windows\56150zorm49e.cpl
c:\windows\5636zi51379.cpl
c:\windows\56e9t9reat1z079.dll
c:\windows\5744thzeat79.dll
c:\windows\587dspzrse9124.cpl
c:\windows\59173spy4fz.exe
c:\windows\59215rojz99.cpl
c:\windows\5955spzrse1418.bin
c:\windows\5965zhief3122.bin
c:\windows\59880spy4z9.dll
c:\windows\59b1vir55z.bin
c:\windows\5a4b5hreaz9536.cpl
c:\windows\5a9dthi5f612z.bin
c:\windows\5aaddo59lzader3148.exe
c:\windows\5b28stea91z23.exe
c:\windows\5b3zs9y5are2451.dll
c:\windows\5b83sparse3z759.ocx
c:\windows\5b9zir1928.bin
c:\windows\5c5virz985.ocx
c:\windows\5c5zdownload9r132.dll
c:\windows\5cdf9irz9.dll
c:\windows\5f2as9eaz1105.exe
c:\windows\5fz59hief1796.dll
c:\windows\5z85thief962.cpl
c:\windows\5z95ir23009.dll
c:\windows\5z99sparse1990.exe
c:\windows\5zadvi53997.bin
c:\windows\5zb9sparse1052.dll
c:\windows\5zedspywar919405.exe
c:\windows\6132v9z5107.ocx
c:\windows\614dow95oazer214.cpl
c:\windows\6265stealz390.cpl
c:\windows\64z9d5wnloader1506.dll
c:\windows\6509sp9mboz5df5.cpl
c:\windows\658fd9wnloader389z.bin
c:\windows\6773s9y57z.bin
c:\windows\67e5zt9al2457.exe
c:\windows\67fdb5ckdoor947z.bin
c:\windows\690vzr35819.exe
c:\windows\698spazs5622.exe
c:\windows\69995pambot12z.exe
c:\windows\69e9zir5535.dll
c:\windows\6c9fadzwar5546.exe
c:\windows\6cec9hzea53659.cpl
c:\windows\6ea2dow5loader202z9.cpl
c:\windows\6eeaaddwaze1594.dll
c:\windows\6f075parse191z.ocx
c:\windows\6zd6ad9ware595.bin
c:\windows\715fzddwar924985.dll
c:\windows\7200n9t-a-virus5z9.bin
c:\windows\750spzw9r51941.bin
c:\windows\75169ir6z1.ocx
c:\windows\752dbz5kdoor1089.bin
c:\windows\7546zparse993.dll
c:\windows\7559zparse1697.exe
c:\windows\755zdd9are3034.dll
c:\windows\75759tezl653.dll
c:\windows\7575thre5z94481.ocx
c:\windows\7586downlo95ez595.exe
c:\windows\7595troj3z09.ocx
c:\windows\75f2steal1299z.cpl
c:\windows\7855dow9lzader4165.exe
c:\windows\7859t9zeat962.dll
c:\windows\7918no59a-virus450z.dll
c:\windows\794ebzck5oor659.bin
c:\windows\79z5thief2914.dll
c:\windows\7b5ezack9oor1253.cpl
c:\windows\7e17downzoade59995.cpl
c:\windows\7e9zthie53180.exe
c:\windows\7ea3ad5ware24z89.dll
c:\windows\7f5avir32z69.cpl
c:\windows\7z1dthr9at259095.dll
c:\windows\81315acktool94ez.exe
c:\windows\84z4w5rma9.ocx
c:\windows\8762haczto9l71b5.dll
c:\windows\8884sza5bo9732.dll
c:\windows\8z99worm905.dll
c:\windows\9059troj6z6.bin
c:\windows\90cbba5kzoor1245.bin
c:\windows\91zspyware5749.bin
c:\windows\9250zir9s71c.exe
c:\windows\9290threat5580z.dll
c:\windows\9305vizus7ab5.cpl
c:\windows\9309add5arez977.exe
c:\windows\9355noz-a-vi9us556.bin
c:\windows\9476zwo5m6e8.cpl
c:\windows\95275ot-9-zirus1a0.exe
c:\windows\95782not-a-virz558c.bin
c:\windows\9583vzr379.ocx
c:\windows\9603not-z-viru548e.cpl
c:\windows\96ccst5al23z3.dll
c:\windows\96sz57799.cpl
c:\windows\9725hackz9ol210.cpl
c:\windows\98268v5rus317z.bin
c:\windows\9835wormzd.bin
c:\windows\98861troz1885.bin
c:\windows\98c3spzrs52266.ocx
c:\windows\991downloa9er2z895.exe
c:\windows\99688worm255z.cpl
c:\windows\99dzv5r112.dll
c:\windows\99zfv5r890.exe
c:\windows\9a01addware1541z.bin
c:\windows\9d84download5r20z3.exe
c:\windows\9e26stzal594.bin
c:\windows\9z1945py2a3.dll
c:\windows\9z24virus958.bin
c:\windows\9z413s5y5ba.bin
c:\windows\9z599worm555.exe
c:\windows\adbspywa5e298z.ocx
c:\windows\c10s9z5se969.ocx
c:\windows\c2dszyw9r537.cpl
c:\windows\e25spy9ar5z134.ocx
c:\windows\e75ackzoo91303.cpl
c:\windows\ee9zh5ef2511.bin
c:\windows\f97zi52752.ocx
c:\windows\f9fad9ware15z7.ocx
c:\windows\system32\10189virus59z5.bin
c:\windows\system32\102b5hrz9t4404.cpl
c:\windows\system32\10571noz-a-v5rus790.exe
c:\windows\system32\109825ac9toole8z.dll
c:\windows\system32\11509zpy1ac.dll
c:\windows\system32\11658zp550c9.bin
c:\windows\system32\11709spazbot1975.cpl
c:\windows\system32\11790v5r9sz99.bin
c:\windows\system32\11932wozm2db5.cpl
c:\windows\system32\11z61s9ambot20d5.exe
c:\windows\system32\12543hacz9ool573.cpl
c:\windows\system32\131545zoj4bf9.bin
c:\windows\system32\1335thie92z51.dll
c:\windows\system32\1336baczdoo59123.ocx
c:\windows\system32\13555zirus79.exe
c:\windows\system32\136695ackz9ol6f3.cpl
c:\windows\system32\13933not-azvirus4175.bin
c:\windows\system32\145cvirz0519.bin
c:\windows\system32\145z8not-a-virus759.bin
c:\windows\system32\14779zor5359.bin
c:\windows\system32\15058worm948z.ocx
c:\windows\system32\15259hreat151z1.bin
c:\windows\system32\15943not-z-vi9us56d.ocx
c:\windows\system32\15967hackto5z70d.cpl
c:\windows\system32\159z8virus9d5.ocx
c:\windows\system32\15a9s5ezl1941.ocx
c:\windows\system32\15e5downloader3z91.ocx
c:\windows\system32\15z12sp576d9.bin
c:\windows\system32\1652ztroj91b.bin
c:\windows\system32\1653bzck9oor2158.cpl
c:\windows\system32\16559ddwarz956.ocx
c:\windows\system32\16642tr9jz25.ocx
c:\windows\system32\16805spambz91cd.ocx
c:\windows\system32\17117wozm9175.ocx
c:\windows\system32\17159zrse3219.dll
c:\windows\system32\171z1spy959.exe
c:\windows\system32\17397ha5kt9ol7zc.exe
c:\windows\system32\17809ack5ool16z.cpl
c:\windows\system32\1795steal50z.cpl
c:\windows\system32\18204t9oj5zc5.cpl
c:\windows\system32\1829hiz52014.cpl
c:\windows\system32\18422hack5zol11a9.cpl
c:\windows\system32\18c69azkd5or1425.exe
c:\windows\system32\18dd9zief1750.exe
c:\windows\system32\19089zroj650.dll
c:\windows\system32\19141wo9z563.bin
c:\windows\system32\1922wormz55.ocx
c:\windows\system32\19298tr5jzc4.exe
c:\windows\system32\1945teal2z8.dll
c:\windows\system32\19609troj50z5.exe
c:\windows\system32\19669sp5zbot557.ocx
c:\windows\system32\1967vir9s5z1.cpl
c:\windows\system32\19b1z5dw9re2261.ocx
c:\windows\system32\19d9steal1955z.dll
c:\windows\system32\19z085py7799.ocx
c:\windows\system32\19zathie52154.cpl
c:\windows\system32\1ac5t9ief7z5.exe
c:\windows\system32\1be6t9izf556.dll
c:\windows\system32\1d0dbaczd5or659.exe
c:\windows\system32\1d23backdoor5z9.dll
c:\windows\system32\1d9zsteal2509.bin
c:\windows\system32\1e50th5e9t1501z.cpl
c:\windows\system32\1e779tezl3175.bin
c:\windows\system32\1f5as5zware953.cpl
c:\windows\system32\1f9av5z2444.bin
c:\windows\system32\1z946spam5ot449.exe
c:\windows\system32\1z9ct5reat7388.ocx
c:\windows\system32\206cz5eal1199.dll
c:\windows\system32\2109s9yware1z05.dll
c:\windows\system32\2128n9t5azvirus6b6.bin
c:\windows\system32\21295zroj512.cpl
c:\windows\system32\2197zwo5m76e.exe
c:\windows\system32\22050vzr9s6c1.exe
c:\windows\system32\22194virus48z5.exe
c:\windows\system32\22267zp9mbot21d5.cpl
c:\windows\system32\22275not-azvirus5e59.cpl
c:\windows\system32\22597virzs124.dll
c:\windows\system32\228995pyz89.bin
c:\windows\system32\23zspar5e2389.dll
c:\windows\system32\24015h5cktool7z9.exe
c:\windows\system32\24364not-azvi59s511.cpl
c:\windows\system32\24590hazktool22a.bin
c:\windows\system32\24665z5y59c.dll
c:\windows\system32\24888hackz9ol5e7.cpl
c:\windows\system32\24bczownloader935.cpl
c:\windows\system32\25061viru579z.bin
c:\windows\system32\25476viru5289z.ocx
c:\windows\system32\256549pyz94.cpl
c:\windows\system32\2565zhrea930763.dll
c:\windows\system32\2569spa5ze180.dll
c:\windows\system32\2597zir813.dll
c:\windows\system32\25fsp5wa9ez80.ocx
c:\windows\system32\263z8s5ambot39e.dll
c:\windows\system32\26660troj55z9.dll
c:\windows\system32\271aad9wa5e3178z.dll
c:\windows\system32\272349zrm6035.dll
c:\windows\system32\27565virus9z5.exe
c:\windows\system32\277889pambot537z.ocx
c:\windows\system32\287725ot-azv9rus166.dll
c:\windows\system32\2921do5nloazer335.dll
c:\windows\system32\29763hack59oz76d.bin
c:\windows\system32\29953not-z-virus13e5.ocx
c:\windows\system32\29955zacktool4f9.dll
c:\windows\system32\29bzsp5rse317.exe
c:\windows\system32\29z9vir14095.exe
c:\windows\system32\2aa59z5rse2365.bin
c:\windows\system32\2c1zth9ef1546.ocx
c:\windows\system32\2ce9st9al219z5.bin
c:\windows\system32\2cz5spars9720.dll
c:\windows\system32\2d94thi5f5z6.bin
c:\windows\system32\2e56t5ief729z.ocx
c:\windows\system32\2f16s9yware1z85.dll
c:\windows\system32\2z151virus29.dll
c:\windows\system32\2z251troj659.bin
c:\windows\system32\2z527troj695.bin
c:\windows\system32\2z596wor9e45.ocx
c:\windows\system32\30167notza-v9rus11f5.bin
c:\windows\system32\30404z5ambot459.cpl
c:\windows\system32\30469vizus1925.dll
c:\windows\system32\3055hazktool392.bin
c:\windows\system32\30656trzj795.exe
c:\windows\system32\307dszeal99325.ocx
c:\windows\system32\31093no59a-virus1z9.exe
c:\windows\system32\31245vi95z442.ocx
c:\windows\system32\31446zr9j53.bin
c:\windows\system32\3149spywarez9575.exe
c:\windows\system32\31812wor9za65.bin
c:\windows\system32\31872vi9usz565.exe
c:\windows\system32\320815ro948bz.exe
c:\windows\system32\321dbzc9doo52303.exe
c:\windows\system32\32496spambzt55.cpl
c:\windows\system32\325375ot-a-virus92z.exe
c:\windows\system32\3258worz69c.dll
c:\windows\system32\32976trojz265.bin
c:\windows\system32\3345thiz9892.cpl
c:\windows\system32\3421n9t5a-virus63z.ocx
c:\windows\system32\3476steaz9594.dll
c:\windows\system32\35695spa9botz8d.bin
c:\windows\system32\3577t9reatz8857.ocx
c:\windows\system32\362cdownloa5er9313z.ocx
c:\windows\system32\3660ha5kt9zl6d.dll
c:\windows\system32\37195py67z.dll
c:\windows\system32\374z5a9kdoor2790.exe
c:\windows\system32\377vz525989.bin
c:\windows\system32\3795thiefz670.dll
c:\windows\system32\3935t5ief1z76.exe
c:\windows\system32\393cspz5se3057.exe
c:\windows\system32\3b2zsp59are1244.cpl
c:\windows\system32\3c85thz5at15968.bin
c:\windows\system32\3e0cth9ezt17953.exe
c:\windows\system32\3z50addware2975.cpl
c:\windows\system32\3z58addware919.bin
c:\windows\system32\3z8dadd9are2533.bin
c:\windows\system32\3z958not-a-virus2c9.bin
c:\windows\system32\3z9f9tea54.bin
c:\windows\system32\4043s5z695.ocx
c:\windows\system32\4051ad9w5re2934z.bin
c:\windows\system32\40549ir18z7.bin
c:\windows\system32\405fthiz92401.cpl
c:\windows\system32\406zvir97225.dll
c:\windows\system32\409ath5zf1932.bin
c:\windows\system32\40cbbazkdoor55079.dll
c:\windows\system32\40z5spambo92f95.dll
c:\windows\system32\4157zir9s451.dll
c:\windows\system32\4171spywa5e9496z.cpl
c:\windows\system32\42595zt-a-virus74e.ocx
c:\windows\system32\426n5t-9-vzrus2a8.dll
c:\windows\system32\44015ackzoor1159.bin
c:\windows\system32\4495spzware850.exe
c:\windows\system32\44azspar9e5625.exe
c:\windows\system32\451athreatz7896.ocx
c:\windows\system32\459fa5dwarz503.cpl
c:\windows\system32\459zvir495.bin
c:\windows\system32\4654zir2749.ocx
c:\windows\system32\48245hr9zt5556.ocx
c:\windows\system32\48459azktool650.exe
c:\windows\system32\496trzj64d5.bin
c:\windows\system32\49b0addw9re2295z.bin
c:\windows\system32\4b1z9ddware353.dll
c:\windows\system32\4c8fdz5nloader3195.dll
c:\windows\system32\4df5add9are5z55.exe
c:\windows\system32\4f22zackd5or2690.dll
c:\windows\system32\4z90s5yware1798.bin
c:\windows\system32\4zd59ief1069.exe
c:\windows\system32\50417sz91e6.bin
c:\windows\system32\50759hacktooz76f.bin
c:\windows\system32\50b7viz2954.exe
c:\windows\system32\5159szambot2cb.bin
c:\windows\system32\517zspy5ar93130.exe
c:\windows\system32\5221bazkdo9r1692.cpl
c:\windows\system32\5281vzr7789.cpl
c:\windows\system32\528e59ealz045.cpl
c:\windows\system32\5294virz299.bin
c:\windows\system32\5304wor96fz.exe
c:\windows\system32\535zsteal995.dll
c:\windows\system32\5392v5r438z.bin
c:\windows\system32\53959worm28z.exe
c:\windows\system32\53caadz59re2032.cpl
c:\windows\system32\541dspyza5e4629.exe
c:\windows\system32\5475vir908z.bin
c:\windows\system32\5497threa5z1355.dll
c:\windows\system32\549cbackdoo923z.dll
c:\windows\system32\54z58wor957f.exe
c:\windows\system32\5508zir5599.cpl
c:\windows\system32\55194zpambo956e.ocx
c:\windows\system32\551eb9c5door14z0.dll
c:\windows\system32\554azhief9791.exe
c:\windows\system32\55z40s9ambot1be.ocx
c:\windows\system32\561bvirz099.ocx
c:\windows\system32\5645vir570z9.cpl
c:\windows\system32\564bdownl9azer7545.dll
c:\windows\system32\569ds9yware79z5.dll
c:\windows\system32\5791virz058.cpl
c:\windows\system32\582ad9wzre2554.dll
c:\windows\system32\5883trz93ff.cpl
c:\windows\system32\58b0do5nl9ader180z.dll
c:\windows\system32\58d1thre59z7478.ocx
c:\windows\system32\58d5threatz87159.exe
c:\windows\system32\58z58not-a9virus29e.cpl
c:\windows\system32\5913t5ojz79.bin
c:\windows\system32\5955sparse999z.ocx
c:\windows\system32\5993zhacktool4b2.ocx
c:\windows\system32\59d5tz9ef5359.bin
c:\windows\system32\59e9addwarez5695.dll
c:\windows\system32\59z9s5y788.bin
c:\windows\system32\5a07zhreat1229.cpl
c:\windows\system32\5a6dviz9725.dll
c:\windows\system32\5aazpyware31009.ocx
c:\windows\system32\5af6st59z1972.cpl
c:\windows\system32\5af7threzt54967.dll
c:\windows\system32\5b5aspyw59z1447.bin
c:\windows\system32\5c339ddza5e167.ocx
c:\windows\system32\5c5aspazs92595.ocx
c:\windows\system32\5c8dt9zeat25806.bin
c:\windows\system32\5cz0dow9load5r778.cpl
c:\windows\system32\5d59steal9z27.dll
c:\windows\system32\5d91threaz25103.exe
c:\windows\system32\5d96vir3z31.ocx
c:\windows\system32\5d9sparse2410z.cpl
c:\windows\system32\5dccbackdoor69z.cpl
c:\windows\system32\5de9spyware25z2.ocx
c:\windows\system32\5e4bdoznload9r1580.ocx
c:\windows\system32\5e92tzi5f2316.dll
c:\windows\system32\5e95szar9e1476.exe
c:\windows\system32\5f83spyzar53296.dll
c:\windows\system32\5f945dzware5689.ocx
c:\windows\system32\5fbzthreat509839.cpl
c:\windows\system32\5fc89ackdooz2764.dll
c:\windows\system32\5z21vir549.dll
c:\windows\system32\5z25spyware23469.cpl
c:\windows\system32\5z3caddwa5e691.dll
c:\windows\system32\5za7t5ief2092.cpl
c:\windows\system32\6150steal169z.dll
c:\windows\system32\629sp5ecz.ocx
c:\windows\system32\6371add9aze2955.ocx
c:\windows\system32\64965zeal1596.exe
c:\windows\system32\655hackz9olf2.ocx
c:\windows\system32\655tzief5139.ocx
c:\windows\system32\6638sp9mbo55z7.cpl
c:\windows\system32\6706z9ckd5or3231.bin
c:\windows\system32\6969thizf2574.exe
c:\windows\system32\69b7bac5zoor1782.dll
c:\windows\system32\6a4b9zywar51120.bin
c:\windows\system32\6a69thi9529z5.exe
c:\windows\system32\6a85t9ief301z.cpl
c:\windows\system32\6ab4addw9rz2552.exe
c:\windows\system32\6bcadownl9ad5r8z9.bin
c:\windows\system32\6d5bs9z5are507.dll
c:\windows\system32\6d9ezddwar516619.ocx
c:\windows\system32\6d9zvir2459.dll
c:\windows\system32\6f30vzr13095.bin
c:\windows\system32\6f47z5ar9e483.exe
c:\windows\system32\7050spzware14739.ocx
c:\windows\system32\71dzste5l3985.exe
c:\windows\system32\738z9roj3645.dll
c:\windows\system32\745backdo9rz216.bin
c:\windows\system32\7539vir1963z.bin
c:\windows\system32\7667noz-a9vir5s589.ocx
c:\windows\system32\7695stea5z146.cpl
c:\windows\system32\779ezte5l90.ocx
c:\windows\system32\78349ackdoo52370z.ocx
c:\windows\system32\78785par9ez393.exe
c:\windows\system32\7969not-a-zirus155.exe
c:\windows\system32\7979z5ief1747.ocx
c:\windows\system32\79a3backdoor5344z.cpl
c:\windows\system32\79bespyw5re2251z.cpl
c:\windows\system32\79e9spar5e280z.cpl
c:\windows\system32\7a45sp5rsz5569.ocx
c:\windows\system32\7bzcthi9f555.bin
c:\windows\system32\7c549zckdoor780.dll
c:\windows\system32\7e56virz89.bin
c:\windows\system32\7ffastea92z35.ocx
c:\windows\system32\7z98spy5are2277.bin
c:\windows\system32\7za5addware9488.cpl
c:\windows\system32\8155t9zj15a.ocx
c:\windows\system32\8254hacktoo93bz.dll
c:\windows\system32\8551noz9a-virus342.ocx
c:\windows\system32\87fa5dwarez999.ocx
c:\windows\system32\894stezl5569.cpl
c:\windows\system32\8974zorm5d1.bin
c:\windows\system32\8z6thi9f58.bin
c:\windows\system32\9045zr9jdf.dll
c:\windows\system32\90578virus2ffz.cpl
c:\windows\system32\9182noz-a-vir5s923.dll
c:\windows\system32\9193tzo527d.cpl
c:\windows\system32\919975zy2a0.dll
c:\windows\system32\91cthrzat14055.cpl
c:\windows\system32\91f2do5zloader1009.exe
c:\windows\system32\91f5stezl142.dll
c:\windows\system32\91z32vi5us409.bin
c:\windows\system32\9238zpambo95fc5.cpl
c:\windows\system32\92645szambot591.cpl
c:\windows\system32\9289wormz95.cpl
c:\windows\system32\9303not-a-virus55z.bin
c:\windows\system32\93225not-a5virus8dz.cpl
c:\windows\system32\94476wozm4bd5.bin
c:\windows\system32\9498s5y9z2.cpl
c:\windows\system32\95136s5z63a.bin
c:\windows\system32\9545zirus756.cpl
c:\windows\system32\9553bzckdoor3120.dll
c:\windows\system32\9594troz5b8.ocx
c:\windows\system32\9658t9oz5a8.dll
c:\windows\system32\9735wormz695.cpl
c:\windows\system32\9825a9ktool1b8z.dll
c:\windows\system32\98752woz53d2.exe
c:\windows\system32\9912tro9z765.cpl
c:\windows\system32\9951downlozder1597.ocx
c:\windows\system32\99653virzse5.exe
c:\windows\system32\99709worm235z.exe
c:\windows\system32\9992sp5z1.dll
c:\windows\system32\9fe5azdware799.bin
c:\windows\system32\9z62v5rus531.exe
c:\windows\system32\9z75not-a9virus4815.exe
c:\windows\system32\a89spzware2054.bin
c:\windows\system32\b5sparze2559.cpl
c:\windows\system32\b8ev5r19z9.bin
c:\windows\system32\c92th9zat28975.dll
c:\windows\system32\ca6szar5e2953.dll
c:\windows\system32\cc6t5ief9z90.exe
c:\windows\system32\dc9addware2z95.bin
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\faedownl5aderz94.bin
c:\windows\system32\z1596hac5toold8.ocx
c:\windows\system32\z189spambot485.dll
c:\windows\system32\z1997w9rm145.cpl
c:\windows\system32\z284v5r1953.exe
c:\windows\system32\z3054hac9t5ol56a.exe
c:\windows\system32\z3105w9rm365.bin
c:\windows\system32\z3830sp9mbot1705.cpl
c:\windows\system32\z40bbackdo951152.cpl
c:\windows\system32\z4198worm235.dll
c:\windows\system32\z56415roj5959.dll
c:\windows\system32\z5989ot-a-virus5.ocx
c:\windows\system32\z68ddown9oade51857.cpl
c:\windows\system32\z818spa5bo959c.ocx
c:\windows\system32\z9054s5y507.dll
c:\windows\system32\z95189roj6e6.ocx
c:\windows\system32\z975spyware9255.exe
c:\windows\system32\za5e9ddw5re1229.cpl
c:\windows\system32\zac5downloader2953.exe
c:\windows\system32\zc71sparse9455.exe
c:\windows\system32\zd6backdo593179.bin
c:\windows\system32\ze53dow9loader1294.cpl
c:\windows\system32\ze8thr9at173795.dll
c:\windows\z00909ot-a-vir5s57d.bin
c:\windows\z0889tr9j454.bin
c:\windows\z08bdo5nl9ader1590.exe
c:\windows\z1790s5y90d.cpl
c:\windows\z259spyware2747.dll
c:\windows\z2725h5c9tool222.cpl
c:\windows\z2952virus315.dll
c:\windows\z2fc5hreat31983.cpl
c:\windows\z407ba5kdo9r2584.exe
c:\windows\z5053spy3c39.dll
c:\windows\z510downloade5459.exe
c:\windows\z52v9r2246.exe
c:\windows\z5854not-a-virus6319.cpl
c:\windows\z5952worm2b15.dll
c:\windows\z595threat19038.bin
c:\windows\z5979worm49d.bin
c:\windows\z6b5hief939.exe
c:\windows\z6ca9dwar5380.ocx
c:\windows\z7c3ste592320.bin
c:\windows\z89f5hief2362.dll
c:\windows\z9568spambot59.exe
c:\windows\z9d0spyware5200.bin
c:\windows\z9f3th5eat5896.ocx
c:\windows\za0as9a5se1076.cpl
c:\windows\za9db5ck9oor1180.bin
c:\windows\za9fsteal155.bin
c:\windows\zac9bac5d9or2010.ocx
c:\windows\zc16addwa5e9784.dll

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected 
Restored copy from - c:\windows\system32\eventlog.dll 

-- Previous Run --

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected 
Restored copy from - c:\windows\system32\eventlog.dll 

--------

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


(((((((((((((((((((((((((   Files Created from 2009-08-28 to 2009-09-29  )))))))))))))))))))))))))))))))
.

2009-09-24 19:51 . 2009-09-28 22:42	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-09-24 19:51 . 2009-09-24 20:01	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-09-23 22:38 . 2009-09-26 18:06	--------	d-----w-	C:\$AVG8.VAULT$
2009-09-23 22:33 . 2009-09-23 22:33	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-09-23 22:33 . 2009-09-23 22:33	108552	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-09-23 22:33 . 2009-09-23 22:33	335240	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-09-23 22:33 . 2009-09-23 22:33	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-09-23 22:29 . 2009-09-28 22:50	--------	d-----w-	c:\windows\system32\drivers\Avg
2009-09-23 22:29 . 2009-09-23 22:29	--------	d-----w-	c:\programdata\AVG Security Toolbar
2009-09-23 22:28 . 2009-09-23 22:28	--------	d-----w-	c:\program files\AVG
2009-09-23 22:28 . 2009-09-23 22:52	--------	d-----w-	c:\programdata\avg8
2009-09-23 21:55 . 2009-09-23 21:55	--------	d-----w-	c:\users\Nidhi\AppData\Roaming\AVG8
2009-09-21 01:52 . 2009-09-21 01:52	--------	d-----w-	c:\users\Nidhi\AppData\Roaming\Malwarebytes
2009-09-21 01:52 . 2009-09-21 01:52	--------	d-----w-	c:\programdata\Malwarebytes
2009-09-20 15:28 . 2009-09-20 22:38	--------	d-----w-	C:\HijackThis
2009-09-20 15:07 . 2009-09-20 15:07	--------	d-----w-	c:\program files\Trend Micro
2009-09-19 02:14 . 2009-09-19 02:14	--------	d-----w-	c:\program files\SaveDefender Software
2009-09-19 02:14 . 2009-09-19 02:13	467456	----a-w-	c:\windows\system32\h2w9iwbc.exe
2009-09-19 02:07 . 2009-09-29 01:41	0	----a-r-	c:\windows\win32k.sys
2009-09-10 11:34 . 2009-07-11 19:26	123904	----a-w-	c:\windows\system32\L2SecHC.dll
2009-09-10 11:34 . 2009-07-11 19:32	297984	----a-w-	c:\windows\system32\wlansec.dll
2009-09-10 11:34 . 2009-07-11 19:32	290816	----a-w-	c:\windows\system32\wlanmsm.dll
2009-09-10 11:34 . 2009-07-11 19:32	502272	----a-w-	c:\windows\system32\wlansvc.dll
2009-09-10 11:34 . 2009-07-11 19:32	67584	----a-w-	c:\windows\system32\wlanhlp.dll
2009-09-10 11:34 . 2009-07-11 19:32	47104	----a-w-	c:\windows\system32\wlanapi.dll
2009-09-10 11:28 . 2009-06-10 12:07	2855424	----a-w-	c:\windows\system32\mf.dll
2009-09-10 11:28 . 2009-06-10 12:07	98816	----a-w-	c:\windows\system32\mfps.dll
2009-09-10 11:28 . 2009-06-10 10:15	24576	----a-w-	c:\windows\system32\mfpmp.exe
2009-09-10 11:28 . 2009-06-10 10:14	52736	----a-w-	c:\windows\system32\rrinstaller.exe
2009-09-10 11:28 . 2009-06-10 08:50	2048	----a-w-	c:\windows\system32\mferror.dll
2009-09-02 18:42 . 2009-08-29 03:41	1686528	----a-w-	c:\windows\system32\gameux.dll
2009-09-02 18:42 . 2009-08-29 03:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2009-09-02 18:42 . 2009-08-28 23:31	4247552	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 23:15 . 2007-08-23 21:45	--------	d-----w-	c:\program files\Norton Internet Security
2009-09-21 22:44 . 2007-08-23 21:43	--------	d-----w-	c:\programdata\Symantec
2009-09-21 22:44 . 2007-08-23 21:43	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2009-09-20 22:14 . 2009-08-25 19:02	--------	d-----w-	c:\programdata\Yahoo! Companion
2009-09-20 22:14 . 2008-08-04 20:27	--------	d-----w-	c:\programdata\Microsoft Help
2009-09-20 22:14 . 2007-08-23 21:54	--------	d-----w-	c:\program files\Microsoft Works
2009-09-20 22:14 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-09-20 22:14 . 2008-07-25 00:18	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-20 22:14 . 2007-08-23 21:54	--------	d-----w-	c:\program files\Google
2009-09-19 02:12 . 2008-11-08 03:46	680	----a-w-	c:\users\Nidhi\AppData\Local\d3d9caps.dat
2009-08-25 19:02 . 2009-08-25 18:58	--------	d-----w-	c:\programdata\Yahoo!
2009-08-25 19:02 . 2009-08-25 18:58	--------	d-----w-	c:\program files\Yahoo!
2009-08-25 19:02 . 2009-08-25 19:02	--------	d-----w-	c:\users\Nidhi\AppData\Roaming\Yahoo!
2009-08-22 02:51 . 2009-08-22 02:51	--------	d-----w-	c:\users\Nidhi\AppData\Roaming\dvdcss
2009-08-18 10:36 . 2007-08-23 21:43	--------	d-----w-	c:\program files\Symantec
2009-08-18 10:36 . 2007-08-23 21:44	806	----a-w-	c:\windows\system32\drivers\SYMEVENT.INF
2009-08-18 10:36 . 2007-08-23 21:44	124464	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 10:36 . 2007-08-23 21:44	10635	----a-w-	c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-14 17:16 . 2009-09-10 11:33	213592	----a-w-	c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-09-10 11:33	167424	----a-w-	c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-09-10 11:33	103936	----a-w-	c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-10 11:33	15360	----a-w-	c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-09-10 11:33	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-10 11:33	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-10 11:33	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-10 11:33	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-10 11:33	19968	----a-w-	c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-10 11:33	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-10 11:33	10240	----a-w-	c:\windows\system32\finger.exe
2009-08-14 14:24 . 2009-09-10 11:33	813568	----a-w-	c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-09-10 11:33	22016	----a-w-	c:\windows\system32\netiougc.exe
2009-08-03 23:07 . 2009-08-03 23:07	9892	----a-w-	c:\windows\system32\drivers\SymRedir.cat
2009-08-03 23:07 . 2009-08-03 23:07	1356	----a-w-	c:\windows\system32\drivers\SymRedir.inf
2009-08-03 23:07 . 2009-08-03 23:07	38448	----a-w-	c:\windows\system32\drivers\symndisv.sys
2009-08-03 23:07 . 2009-08-03 23:07	39856	----a-w-	c:\windows\system32\drivers\symids.sys
2009-08-03 23:07 . 2009-08-03 23:07	26416	----a-w-	c:\windows\system32\drivers\symredrv.sys
2009-08-03 23:07 . 2009-08-03 23:07	188080	----a-w-	c:\windows\system32\drivers\symtdi.sys
2009-08-03 23:07 . 2009-08-03 23:07	145968	----a-w-	c:\windows\system32\drivers\symfw.sys
2009-08-03 23:07 . 2009-08-03 23:07	12720	----a-w-	c:\windows\system32\drivers\symdns.sys
2009-07-18 12:17 . 2009-07-29 10:42	827392	----a-w-	c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-07-29 10:42	56320	----a-w-	c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-07-29 10:42	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-07-29 10:42	72704	----a-w-	c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-07-29 10:42	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-07-29 10:42	48128	----a-w-	c:\windows\system32\mshtmler.dll
2009-07-17 14:52 . 2009-08-13 02:31	71680	----a-w-	c:\windows\system32\atl.dll
2009-07-14 13:02 . 2009-08-13 02:20	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-14 13:01 . 2009-08-13 02:20	4096	----a-w-	c:\windows\system32\dxmasf.dll
2009-07-14 13:00 . 2009-08-13 02:20	7680	----a-w-	c:\windows\system32\spwmp.dll
2009-07-14 11:11 . 2009-08-13 02:20	8147968	----a-w-	c:\windows\system32\wmploc.DLL
2008-08-02 16:24 . 2008-08-02 16:24	122880	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-08-24 05:19 . 2007-08-24 05:15	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55	1090816	----a-w-	c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"googletalk"="c:\users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-24 1006264]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-25 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 133912]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-12-03 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-12-03 22696]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-02 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2006-06-05 749568]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-23 2007832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-23 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-23 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FB692E2E-494B-4A4D-AC02-4FFB2957EEB9}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{6C3A5978-C1A6-4A3B-ABE8-350D0AF131E0}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{AE8362A1-D7AF-4430-8BAC-735A66C4392A}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{57F97EAA-4160-421E-96CC-4B78A7DD2769}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{5C4DBBFF-23CB-43CB-B661-4858AC25641E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F6F4FC87-F96C-4C68-864A-CC4D7F64B36C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{883F24EA-72AC-483E-9A05-2B97276A7C1D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2F4D1598-755E-4844-B4E9-80BD88DCCB58}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3233C955-9635-4F55-B05A-0E802C768CB0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3F4A57F9-8D8B-4AF3-941E-A19514F4B2B9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4EF094EF-2152-49DC-A29B-35FE29C268CE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{774256F3-920A-4BD7-82B8-A3F8FD88775F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{DF028690-1B0B-466E-99E6-AFF671AC7283}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3DB36004-6F51-47D7-BC67-9F382781C443}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DE2D2D2-C7E3-4DC9-AC9F-6B7695432AA9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{7869C9C8-1F07-4FE4-B964-801E65F88D21}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\System32\drivers\sonyhcb.sys [02/05/2009 3:49 PM 6097]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/09/2009 6:33 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/09/2009 6:33 PM 108552]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071011.001\IDSvix86.sys [12/10/2007 3:25 PM 180272]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/03/2009 10:46 AM 55280]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [03/08/2009 7:07 PM 38448]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23/04/2007 1:54 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23/04/2007 1:54 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23/04/2007 1:54 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23/04/2007 1:54 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23/04/2007 1:54 PM 98568]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\System32\drivers\sonyhcs.sys [02/05/2009 3:49 PM 299923]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job
- c:\users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 01:48]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job
- c:\users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 01:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070824
uInternet Settings,ProxyOverride = *.local
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
AddRemove-iPod Copy Expert_is1 - c:\program files\iPod Copy Expert\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 22:28
Windows 6.0.6000  NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\windows\TEMP\TMP00000003F8F79CE5C5229B26 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4332)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\lpremove.exe
c:\windows\System32\lpksetup.exe
.
**************************************************************************
.
Completion time: 2009-09-29 22:47 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-29 02:47

Pre-Run: 52,867,706,880 bytes free
Post-Run: 52,750,512,128 bytes free

1012	--- E O F ---	2009-09-11 07:18