stuck with annoying problem

i have win xp sp3 never had any kind of problem had norton 360 purchased software in past n now NIS 2009 untill 1 day while trying to lookup a song and all of a sudden next day when started computer started getting a msg from begaining of startup untill for every application got loaded saying " ___.exe - Bad image with a red x mark stating the application or DLL c:\WINDOWSsystem32\yoguyutu.dll is not a valid windows image. Please check this against your installation diskette". After this problem got in, my task manager stoped working which before 2 days from today i got back to working using task magaer fix but still not able to find a fix for disabled system restore it comes back with a error msg saying " cannot do system restore no changes have been made to your computer". It kind of worked once when i created new restore point but when tried to undo that new rstore point it did not work n now it seems like i cannot go back to select any past dates either. Did many scans with norton and spy doctor but no luck so finally here for help so please help for this annoying problem. Thank for your teams time and this great site hope to get fix

Welcome to GP

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.

Thank u so much for the help good news are, that annoyoing msg has stoped n so it feels much better to work on computer spending more time on real work rather than pressing OK everytime for that msg and i dont know i should say call it a bad new or no news but after completing stage 33-34 i guess combofix restarted my computer and i forgot what it started to do but than all of a sudden my computer went into safe mode shut off and so i restarted the computer and ran comdofix again than again computer got shut off and 2nd time i did ran it again so let me know if thats normal or should i re-do all over again and also just to let u know after i downloaded combofix per your instructions i tried to run it thru run command but it gave me bad name error so started it straight from where i saved it to, n i guess it worked ok n just went going as u described
Here is the copy paste of log got 2 different folder so from both of them
1st
ComboFix 09-10-28.08 - Amit 10/29/2009 20:28:38.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1043 [GMT -5:00]
Running from: C:\Documents and Settings\Amit\My Documents\commyFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
2nd
ComboFix 09-10-28.08 - Amit 10/29/2009 21:01:27.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1576 [GMT -5:00]
Running from: C:\Documents and Settings\Amit\My Documents\commyFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
I dont know wether i m doing it wrong or something is wrong but your instruction to dostart> run is not working so i dont know how else i can give u the list of programs even the combofix txt is something i had to go into the folder n copy paste

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop.
  
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked:
  
  
  • System Memory
    
  • Startup Objects
    
  • Disk Boot Sectors.
    
  • My Computer.
    
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left un-neutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Hello Sat morning tryin to follow your instructiins and again not able to get as you are tellin me to do, in safe mode i m not gettin any setup menu all i get is run win in recovery mode and run win in normal ep hm edition so after 2 attempts runing kaspersky in normal mode i dont know how good that will b or helpfull let me know what to do

Go ahead and run it regularly, without modifying any options. What happens?

did the run it took almost a day to finish n the result is it found 5 things and deleted it n so here is the report
deleted: Trojan program Exploit.Java.ByteVerify File: C:\Documents and Settings\Amit\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-4ab4e132
deleted: Trojan program Exploit.Java.ByteVerify File: C:\Documents and Settings\Amit\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-24f54402
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe//WiseSFXDropper//WISE0015.BIN
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0008652.exe//WiseSFXDropper//WISE0015.BIN
deleted: adware not-a-virus:AdWare.Win32.SearchIt.t File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0008652.exe//WiseSFXDropper
so i guess it is all taken care of n hopeing it is ok from u to turn this kaspersky off

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

just a Qs out of curiosity i know u know things better than me but y are we doing so many different scans i have spy doctor wouldnt that be same as malwarebytes ?

Not at all. Malwarebytes can find things that Spyware Doctor cannot necessarily find.

ComboFix is a very powerful removal tool, and so is Kaspersky AVP.

thanx for the i will do it n let u know the results

Ok. Post when ready.

Sorry for such a late reply got busy doing 2 jobs...... n so here is the scan report of malwarebytes as u asked for
Malwarebytes' Anti-Malware 1.41
Database version: 3109
Windows 5.1.2600 Service Pack 3

11/5/2009 9:26:48 PM
mbam-log-2009-11-05 (21-26-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 230772
Time elapsed: 2 hour(s), 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{1f5e0ea2-abea-44c3-95ec-2d1e721fe95e} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Amit\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC3B.tmp (Adware.Mirar) -> Quarantined and deleted successfully.
C:\I386\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Log\2007 Jul 25 - 09_13_27 PM_828.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amit\Application Data\RegistrySmart\Log\2007 Jul 25 - 09_13_40 PM_015.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\launch.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\page.html (Malware.Trace) -> Quarantined and deleted successfully.
let me know whats next i cant belive still i had 22 stinkers inside my computer so i have to go thru more different scans let me know

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.

sorry again got caught up with work but here is the new scan
Malwarebytes' Anti-Malware 1.41
Database version: 3143
Windows 5.1.2600 Service Pack 3

11/11/2009 4:51:15 AM
mbam-log-2009-11-11 (04-51-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 205307
Time elapsed: 2 hour(s), 33 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\commyFix\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\commyFix11601c\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0007465.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0012818.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys (Rootkit) -> Quarantined and deleted successfully.

Hi, a few potential false positives from the log. I need a little more info.

1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.

The first log, just above, has been reported to Malwarebytes. I just need the second log.

waiting for your reply ( DragonMaster Jay )

Were you able to do the MBAM developer mode?

sorry wasnt paying attention that we have got onto page 2 so kept lookin for your msg on page 1 and thought u never replied.... doing the scan now n will send u the log asap

I no longer need it.

Delete any previous copied of ComboFix.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I know u said no but there is the lon for the last scan pls look at it
Malwarebytes' Anti-Malware 1.41
Database version: 3143
Windows 5.1.2600 Service Pack 3

11/19/2009 5:00:08 AM
mbam-log-2009-11-19 (05-00-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 207621
Time elapsed: 2 hour(s), 45 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0014059.sys (Rootkit) -> Quarantined and deleted successfully. [4948455830518080857674850107070155385152424847302413016685668174158490840107070152535142474052302224232125130123212034223624252417242024172419242123372236232124192326242323222419242022362420242123392419231823242322223623262321232222362318242123182417232622362318242123182417232623382326242119382320]
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0014060.sys (Rootkit) -> Quarantined and deleted successfully. [4948455830518080857674850107070155385152424847302413016685668174158490840107070152535142474052302224232125130123212034223624252417242024172419242123372236232124192326242323222419242022362420242123392419231823242322223623262321232222362318242123182417232622362318242123182417232623382326242119382320]

Again combofix is not running thru run command just like the very first time so doing it thru where i saved it with new name

ComboFix 09-11-19.05 - Amit 11/19/2009 21:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1361 [GMT -6:00]
Running from: c:\documents and settings\Amit\My Documents\Combox.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 03:17 . 2009-11-20 03:19 -------- d-----w- C:\32788R22FWJFW
2009-11-20 02:45 . 2009-08-27 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091119.024\NAVENG.SYS
2009-11-20 02:45 . 2009-08-27 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091119.024\NAVENG32.DLL
2009-11-20 02:45 . 2009-08-27 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091119.024\NAVEX32A.DLL
2009-11-20 02:45 . 2009-08-27 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091119.024\NAVEX15.SYS
2009-11-20 02:45 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091119.024\ECMSVR32.DLL
2009-11-20 02:45 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091119.024\CCERASER.DLL
2009-11-20 02:45 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091119.024\EECTRL.SYS
2009-11-20 02:45 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091119.024\ERASER.SYS
2009-11-13 00:23 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-13 00:23 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-13 00:23 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-13 00:23 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-13 00:23 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-07 08:02 . 2009-11-07 08:06 -------- d-----w- c:\program files\Ares
2009-11-06 21:36 . 2009-11-06 21:36 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-11-06 19:20 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSvix86.sys
2009-11-06 19:20 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSXpx86.sys
2009-11-06 19:20 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\Scxpx86.dll
2009-11-06 19:20 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSxpx86.dll
2009-11-06 19:20 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSviA64.sys
2009-11-06 00:27 . 2009-11-06 00:27 -------- d-----w- c:\documents and settings\Amit\Application Data\Malwarebytes
2009-11-06 00:25 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 00:25 . 2009-11-06 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-06 00:25 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 00:25 . 2009-11-06 00:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 16:22 . 2009-11-01 16:54 45223968 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 01:59 . 2009-11-11 10:51 -------- d-----w- C:\commyFix11601c
2009-10-30 01:53 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore_2.sys
2009-10-30 01:21 . 2009-11-11 10:51 -------- d-----w- C:\commyFix
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-27 04:01 . 2009-10-08 18:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-27 04:01 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-27 04:01 . 2009-10-08 18:14 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-27 03:15 . 2009-10-27 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-10-27 03:15 . 2009-10-27 03:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-10-26 04:19 . 2009-10-26 04:19 -------- d-----w- c:\documents and settings\Amit\Local Settings\Application Data\Threat Expert
2009-10-26 03:58 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-26 03:58 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-26 03:58 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-26 03:58 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-26 03:58 . 2009-11-20 02:50 -------- d-----w- c:\program files\Spyware Doctor
2009-10-26 03:58 . 2009-10-27 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-26 03:58 . 2009-10-26 04:14 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-26 03:58 . 2009-10-26 03:58 -------- d-----w- c:\documents and settings\Amit\Application Data\PC Tools
2009-10-26 03:04 . 2009-10-26 03:04 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-24 14:42 . 2009-10-24 14:43 -------- d-----w- c:\program files\TuneUpMedia
2009-10-24 14:42 . 2009-11-07 19:57 -------- d-----w- c:\documents and settings\Amit\Application Data\TuneUpMedia
2009-10-24 14:42 . 2009-10-24 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-10-24 14:38 . 2009-11-14 02:12 -------- d-----w- c:\program files\AskBarDis
2009-10-24 14:38 . 2009-11-14 02:14 -------- d-----w- c:\program files\Vuze
2009-10-23 02:21 . 2009-09-10 20:10 342576 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSvix86.sys
2009-10-23 02:21 . 2009-09-10 20:10 329080 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSXpx86.sys
2009-10-23 02:21 . 2009-09-10 20:10 732536 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\Scxpx86.dll
2009-10-23 02:21 . 2009-09-10 20:10 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSxpx86.dll
2009-10-23 02:21 . 2009-09-10 20:10 466480 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 02:51 . 2006-12-25 04:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-20 02:36 . 2008-10-03 04:25 -------- d-----w- c:\program files\IDrive
2009-11-19 01:39 . 2006-04-08 21:19 -------- d-----w- c:\documents and settings\Amit\Application Data\Azureus
2009-11-02 03:10 . 2004-12-18 00:07 -------- d-----w- c:\documents and settings\Amit\Application Data\.BitTornado
2009-11-01 16:54 . 2009-10-31 16:22 531044 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-24 14:43 . 2009-07-28 14:33 -------- d-----w- c:\program files\iTunes
2009-10-23 02:16 . 2005-06-11 10:42 -------- d-----w- c:\documents and settings\Amit\Application Data\Apple Computer
2009-10-21 01:29 . 2009-10-21 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-21 01:28 . 2006-08-18 19:05 -------- d-----w- c:\program files\iPod
2009-10-21 01:28 . 2007-11-02 22:43 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 01:26 . 2009-10-21 01:26 -------- d-----w- c:\program files\Bonjour
2009-10-21 01:25 . 2009-04-14 16:08 -------- d-----w- c:\program files\QuickTime
2009-10-21 01:14 . 2009-10-21 01:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-18 17:19 . 2004-12-09 06:33 -------- d-----w- c:\program files\Dell
2009-10-18 15:55 . 2009-10-18 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-10-14 23:03 . 2004-12-09 06:32 -------- d-----w- c:\program files\Java
2009-10-14 23:01 . 2009-10-14 23:01 152576 ----a-w- c:\documents and settings\Amit\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-03 20:03 . 2009-10-03 19:21 -------- d-----w- c:\program files\CrossLoop
2009-10-03 15:30 . 2009-10-03 15:07 -------- d-----w- c:\documents and settings\Amit\Application Data\Sony
2009-10-03 15:03 . 2009-10-03 15:03 -------- d-----w- c:\program files\Vstplugins
2009-10-03 15:02 . 2009-10-03 15:02 -------- d-----w- c:\program files\Sony
2009-10-03 15:01 . 2009-10-03 15:01 -------- d-----w- c:\program files\Sony Setup
2009-10-03 03:26 . 2009-05-21 02:12 -------- d-----w- c:\program files\Symantec
2009-10-03 02:49 . 2009-10-03 02:49 -------- d-----w- c:\program files\Norton Support
2009-09-18 13:31 . 2009-09-18 13:31 10686001 ----a-w- c:\documents and settings\Amit\Application Data\Azureus\plugins\azump\mplayer.exe
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 20:17 . 2004-12-18 01:30 55192 -c--a-w- c:\documents and settings\Amit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 08:08 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-06-17 03:23 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-06-17 03:23 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2004-08-04 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-10-29 23:25 . 2008-10-29 23:25 13706 -c--a-w- c:\program files\Common Files\vasosicuv.scr
2007-03-09 14:37 . 2007-03-09 14:37 57792 -c--a-w- c:\program files\MC
2006-07-01 12:46 . 2006-07-01 12:46 73 -c--a-w- c:\program files\cdboot.phx
2006-07-01 12:46 . 2006-07-01 12:46 389 -c--a-w- c:\program files\proginfo.txt
2006-07-01 12:46 . 2006-07-01 12:46 167936 -c--a-w- c:\program files\diskinst.exe
2006-07-01 12:46 . 2006-07-01 12:46 113 -c--a-w- c:\program files\instruct.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 18:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Amit\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2008-10-2 184320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
802.11b+g USB Wireless LAN Utility.lnk - c:\program files\WLAN\802.11b+g USB WLAN\ZDWlan.exe [2008-2-13 430080]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-7-30 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-8-9 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-9 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IDrive\\IDriveEClassic.exe"=
"c:\\Program Files\\IDrive\\IDriveETray.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\WLAN\\802.11b+g USB WLAN\\ZDWlan.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14238:TCP"= 14238:TCP:darshmeet
"1755:TCP"= 1755:TCP:windows media player

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [10/25/2009 9:58 PM 207280]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\SymEFA.sys [9/8/2009 5:47 PM 310320]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [10/26/2009 10:01 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [10/26/2009 10:01 PM 59664]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\BHDrvx86.sys [9/8/2009 5:47 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\cchpx86.sys [9/8/2009 5:47 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/12/2009 6:23 PM 329592]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [10/25/2009 9:58 PM 229304]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/13/2009 8:12 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/13/2009 8:13 PM 234888]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [10/2/2008 10:25 PM 136656]
R2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDriveWebM.exe [10/2/2008 10:25 PM 58832]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/8/2009 5:47 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 2:00 AM 102448]
R3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [10/26/2009 10:01 PM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [10/25/2009 9:58 PM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/25/2009 9:58 PM 358600]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\SYSTEM32\DRIVERS\ZD1211U.sys [6/5/2005 5:18 PM 258560]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\system32\DRIVERS\zd1201u.sys --> c:\windows\system32\DRIVERS\zd1201u.sys [?]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\SYSTEM32\ZDBRGSYS.sys [6/5/2005 5:18 PM 19200]
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\DEFRAG.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://start.earthlink.net/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {6876C54C-08AF-4D30-8DB2-CA7CBADD2463} = 192.168.1.254,192.168.2.254
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Azureus - c:\documents and settings\Amit\My Documents\Azureus\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 21:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3018035710-715601661-13499995-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'lsass.exe'(1016)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(1256)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-19 22:10
ComboFix-quarantined-files.txt 2009-11-20 04:09

Pre-Run: 70,788,255,744 bytes free
Post-Run: 71,065,726,976 bytes free

- - End Of File - - AF452A1A2F876D4018F0ACF1AE7B2F19

Please download SpiderKill and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

Here is the log from spiderkill

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 3CEB-8482

Directory of C:\Windows\System32\Drivers

11/19/2009 09:44 PM .
11/19/2009 09:44 PM ..
12/09/2004 12:11 AM 4,788 1028_Dell_DIM_DIM4700.mrk
08/17/2001 01:52 PM 23,552 ABP480N5.SYS
04/13/2008 12:36 PM 187,776 acpi.sys
08/04/2004 05:00 AM 11,648 ACPIEC.SYS
08/17/2001 02:07 PM 101,888 adpu160m.sys
04/13/2008 06:11 PM 4,255 adv01nt5.dll
04/13/2008 06:11 PM 3,967 adv02nt5.dll
04/13/2008 06:11 PM 3,615 adv05nt5.dll
04/13/2008 06:11 PM 3,647 adv07nt5.dll
04/13/2008 06:11 PM 3,135 adv08nt5.dll
04/13/2008 06:11 PM 3,711 adv09nt5.dll
04/13/2008 06:11 PM 3,775 adv11nt5.dll
04/01/2002 01:15 PM 4,816 aeaudio.sys
04/13/2008 10:39 AM 142,592 aec.sys
08/14/2008 04:04 AM 138,496 afd.sys
04/13/2008 12:36 PM 42,368 agp440.sys
04/13/2008 12:36 PM 44,928 agpcpq.sys
08/17/2001 01:52 PM 12,800 aha154x.sys
08/17/2001 02:07 PM 55,168 aic78u2.sys
08/17/2001 02:07 PM 56,960 aic78xx.sys
08/17/2001 01:51 PM 5,248 ALIIDE.SYS
04/13/2008 12:36 PM 42,752 alim1541.sys
04/13/2008 12:36 PM 43,008 amdagp.sys
04/13/2008 12:31 PM 37,376 amdk6.sys
04/13/2008 12:31 PM 37,760 amdk7.sys
08/17/2001 01:52 PM 12,032 amsint.sys
04/13/2008 12:51 PM 60,800 arp1394.sys
08/17/2001 01:52 PM 26,496 asc.sys
08/17/2001 01:52 PM 22,400 asc3350p.sys
08/17/2001 01:51 PM 14,848 asc3550.sys
04/13/2008 12:57 PM 14,336 asyncmac.sys
04/13/2008 12:40 PM 96,512 atapi.sys
08/03/2004 09:29 PM 56,623 ati1btxx.sys
08/03/2004 09:29 PM 11,615 ati1mdxx.sys
08/03/2004 09:29 PM 12,047 ati1pdxx.sys
08/03/2004 09:29 PM 30,671 ati1raxx.sys
08/03/2004 09:29 PM 63,663 ati1rvxx.sys
08/03/2004 09:29 PM 26,367 ati1snxx.sys
08/03/2004 09:29 PM 21,343 ati1ttxx.sys
08/03/2004 09:29 PM 36,463 ati1tuxx.sys
08/03/2004 09:29 PM 29,455 ati1xbxx.sys
08/03/2004 09:29 PM 34,735 ati1xsxx.sys
08/03/2004 09:29 PM 327,040 ati2mtaa.sys
08/03/2004 09:29 PM 701,440 ati2mtag.sys
08/03/2004 09:29 PM 57,856 atinbtxx.sys
08/03/2004 09:29 PM 13,824 atinmdxx.sys
08/03/2004 09:29 PM 14,336 atinpdxx.sys
08/03/2004 09:29 PM 52,224 atinraxx.sys
08/03/2004 09:29 PM 104,960 atinrvxx.sys
08/03/2004 09:29 PM 28,672 atinsnxx.sys
08/03/2004 09:29 PM 13,824 atinttxx.sys
08/03/2004 09:29 PM 73,216 atintuxx.sys
08/03/2004 09:29 PM 31,744 atinxbxx.sys
08/03/2004 09:29 PM 63,488 atinxsxx.sys
07/17/2004 10:36 AM 64,352 ativmc20.cod
04/13/2008 12:51 PM 59,904 atmarpc.sys
08/04/2004 05:00 AM 31,360 ATMEPVC.SYS
04/13/2008 12:51 PM 55,808 atmlane.sys
08/04/2004 05:00 AM 352,256 ATMUNI.SYS
04/13/2008 06:11 PM 21,183 atv01nt5.dll
04/13/2008 06:11 PM 11,359 atv02nt5.dll
04/13/2008 06:11 PM 25,471 atv04nt5.dll
04/13/2008 06:11 PM 14,143 atv06nt5.dll
04/13/2008 06:11 PM 17,279 atv10nt5.dll
05/31/2006 05:53 PM 25,160 atwpkt2.sys
05/31/2006 05:53 PM 32,328 atwpkt264.sys
08/17/2001 01:59 PM 3,072 AUDSTUB.SYS
08/04/2004 05:00 AM 4,224 BEEP.SYS
04/13/2008 12:53 PM 71,552 bridge.sys
04/13/2008 12:46 PM 17,024 bthenum.sys
04/13/2008 12:46 PM 37,888 bthmodem.sys
04/13/2008 12:51 PM 101,120 bthpan.sys
06/13/2008 05:05 AM 272,128 bthport.sys
04/13/2008 12:46 PM 36,480 bthprint.sys
04/13/2008 12:46 PM 18,944 bthusb.sys
08/17/2001 01:52 PM 13,952 cbidf2k.sys
08/17/2001 01:52 PM 7,680 cd20xrnt.sys
08/04/2004 05:00 AM 18,688 CDAUDIO.SYS
04/13/2008 01:14 PM 63,744 cdfs.sys
03/07/2007 05:51 PM 9,336 cdr4_xp.sys
03/07/2007 05:51 PM 9,464 cdralw2k.sys
03/27/2009 08:44 AM 33,408 CDRBSDRV.SYS
04/13/2008 12:40 PM 62,976 cdrom.sys
04/13/2008 06:11 PM 15,423 ch7xxnt5.dll
08/04/2004 05:00 AM 262,528 CINEMST2.SYS
04/13/2008 01:16 PM 49,536 classpnp.sys
08/17/2001 01:51 PM 6,656 CMDIDE.SYS
08/17/2001 01:52 PM 14,976 cpqarray.sys
08/04/2004 05:00 AM 11,776 CPQDAP01.SYS
04/13/2008 12:31 PM 36,736 crusoe.sys
07/17/2004 09:55 PM 129,045 cxthsfs2.cty
08/17/2001 01:52 PM 179,584 dac2w2k.sys
08/17/2001 01:52 PM 14,720 dac960nt.sys
11/19/2003 02:15 AM 128,398 del200f.cty
12/09/2004 12:09 AM DISDN
04/13/2008 12:40 PM 36,352 disk.sys
04/13/2008 12:40 PM 14,208 diskdump.sys
04/13/2008 12:44 PM 799,744 dmboot.sys
04/13/2008 12:44 PM 153,344 dmio.sys
08/04/2004 05:00 AM 5,888 DMLOAD.SYS
04/13/2008 12:45 PM 52,864 dmusic.sys
08/17/2001 02:07 PM 20,192 dpti2o.sys
04/13/2008 12:45 PM 60,160 drmk.sys
04/13/2008 12:45 PM 2,944 drmkaud.sys
08/04/2004 05:00 AM 10,496 DXAPI.SYS
04/13/2008 12:38 PM 71,168 dxg.sys
08/04/2004 05:00 AM 3,328 DXGTHK.SYS
02/10/2004 03:49 PM 154,112 e100b325.sys
10/29/2009 07:52 PM ETC
04/13/2008 01:14 PM 143,744 fastfat.sys
04/13/2008 12:40 PM 27,392 fdc.sys
04/13/2008 12:33 PM 44,544 fips.sys
04/13/2008 12:40 PM 20,480 flpydisk.sys
04/13/2008 12:32 PM 129,792 fltmgr.sys
08/04/2004 05:00 AM 12,160 FSVGA.SYS
08/04/2004 05:00 AM 7,936 FS_REC.SYS
08/17/2001 01:52 PM 125,056 FTDISK.SYS
04/13/2008 12:36 PM 46,464 gagp30kx.sys
05/18/2009 01:17 PM 26,600 GEARAspiWDM.sys
08/04/2004 05:00 AM 3,440,660 GM.DLS
08/04/2004 05:00 AM 646 GMREADME.TXT
03/08/2007 09:18 PM 18,432 grmngen.sys
03/08/2007 09:18 PM 8,320 grmnusb.sys
04/13/2008 10:36 AM 144,384 hdaudbus.sys
04/13/2008 12:46 PM 25,600 hidbth.sys
04/13/2008 12:45 PM 36,864 hidclass.sys
04/13/2008 12:45 PM 19,200 hidir.sys
04/13/2008 12:45 PM 24,960 hidparse.sys
04/13/2008 12:45 PM 10,368 hidusb.sys
08/17/2001 02:07 PM 25,952 hpn.sys
08/03/2004 09:41 PM 220,032 hsfbs2s2.sys
08/03/2004 09:41 PM 685,056 hsfcxts2.sys
08/03/2004 09:41 PM 1,041,536 hsfdpsp2.sys
11/17/2003 03:59 PM 212,224 HSFHWBS2.sys
11/17/2003 03:58 PM 680,704 HSF_CNXT.sys
11/17/2003 03:56 PM 1,042,432 HSF_DP.sys
04/13/2008 12:53 PM 264,832 http.sys
04/13/2008 12:41 PM 8,576 i2omgmt.sys
04/13/2008 12:41 PM 18,560 i2omp.sys
04/13/2008 01:18 PM 52,480 i8042prt.sys
10/14/2005 01:15 PM 1,302,812 ialmnt5.sys
04/13/2008 12:40 PM 42,112 imapi.sys
08/17/2001 01:52 PM 16,000 ini910u.sys
04/13/2008 12:40 PM 5,504 intelide.sys
04/13/2008 12:31 PM 36,352 intelppm.sys
04/13/2008 12:53 PM 36,608 ip6fw.sys
08/04/2004 05:00 AM 32,896 IPFLTDRV.SYS
04/13/2008 12:57 PM 20,864 ipinip.sys
04/13/2008 12:57 PM 152,832 ipnat.sys
04/13/2008 01:19 PM 75,264 ipsec.sys
02/11/2004 02:27 PM 19,456 iqvw32.sys
04/13/2008 12:54 PM 11,264 irenum.sys
04/13/2008 12:36 PM 37,248 isapnp.sys
04/13/2008 12:39 PM 24,576 kbdclass.sys
04/13/2008 12:45 PM 172,416 kmixer.sys
04/13/2008 01:16 PM 141,056 ks.sys
06/24/2009 05:18 AM 92,928 ksecdd.sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
08/04/2004 05:00 AM 7,680 MCD.SYS
04/09/2003 01:48 PM 11,043 mdmxsdk.sys
04/13/2008 12:36 PM 63,744 mf.sys
08/04/2004 05:00 AM 4,224 MNMDD.SYS
04/13/2008 01:00 PM 30,080 modem.sys
08/17/2001 01:57 PM 16,128 MODEMCSA.sys
04/13/2008 12:39 PM 23,040 mouclass.sys
08/17/2001 12:48 PM 12,160 mouhid.sys
04/13/2008 12:39 PM 42,368 mountmgr.sys
08/09/2004 12:30 PM 83,325 MpFirewall.sys
08/17/2001 01:52 PM 17,280 mraid35x.sys
04/13/2008 12:32 PM 180,608 mrxdav.sys
10/24/2008 05:21 AM 455,296 mrxsmb.sys
04/13/2008 12:32 PM 19,072 msfs.sys
04/13/2008 12:56 PM 35,072 msgpc.sys
04/13/2008 12:39 PM 7,552 mskssrv.sys
04/13/2008 12:39 PM 5,376 mspclock.sys
04/13/2008 12:39 PM 4,992 mspqm.sys
04/13/2008 12:36 PM 15,488 mssmbios.sys
08/03/2004 09:41 PM 126,686 mtlmnt5.sys
08/03/2004 09:41 PM 1,309,184 mtlstrm.sys
08/03/2004 09:29 PM 452,736 mtxparhm.sys
04/13/2008 01:17 PM 105,344 mup.sys
04/13/2008 12:43 PM 12,672 mutohpen.sys
05/03/2007 12:37 PM 22,152 mxopswd.sys
04/13/2008 01:20 PM 182,656 ndis.sys
04/13/2008 12:57 PM 10,112 ndistapi.sys
04/13/2008 12:55 PM 14,592 ndisuio.sys
04/13/2008 01:20 PM 91,520 ndiswan.sys
04/13/2008 12:57 PM 40,576 ndproxy.sys
04/13/2008 12:56 PM 34,688 netbios.sys
04/13/2008 01:21 PM 162,816 netbt.sys
07/17/2004 10:35 AM 67,866 netwlan5.img
04/13/2008 12:51 PM 61,824 nic1394.sys
08/04/2004 05:00 AM 12,032 NIKEDRV.SYS
09/11/2009 07:56 PM NIS
04/13/2008 12:53 PM 40,320 nmnt.sys
04/13/2008 12:32 PM 30,848 npfs.sys
04/13/2008 01:15 PM 574,976 ntfs.sys
08/03/2004 09:41 PM 180,360 ntmtlfax.sys
08/04/2004 05:00 AM 2,944 NULL.SYS
08/03/2004 10:29 PM 1,897,408 NV4_MINI.SYS
08/04/2004 05:00 AM 12,416 NWLNKFLT.SYS
08/04/2004 05:00 AM 32,512 NWLNKFWD.SYS
04/13/2008 12:56 PM 88,320 nwlnkipx.sys
08/04/2004 05:00 AM 63,232 NWLNKNB.SYS
08/04/2004 05:00 AM 55,936 NWLNKSPX.SYS
03/14/2007 12:17 AM 37,768 OLD7.tmp
11/08/2002 01:45 PM 17,217 omci.sys
08/04/2004 05:00 AM 3,456 OPRGHDLR.SYS
04/13/2008 12:31 PM 42,752 p3.sys
04/13/2008 12:40 PM 80,128 parport.sys
04/13/2008 12:40 PM 19,712 partmgr.sys
08/04/2004 05:00 AM 6,784 PARVDM.SYS
04/13/2008 12:36 PM 68,224 pci.sys
08/17/2001 01:51 PM 3,328 pciide.sys
04/13/2008 12:40 PM 24,960 pciidex.sys
04/13/2008 12:36 PM 120,192 pcmcia.sys
03/02/2009 10:08 PM 47,360 pcouffin.sys
09/15/2009 01:12 AM 7,412 PCTAppEvent.cat
10/06/2009 03:31 PM 87,784 PCTAppEvent.sys
09/16/2009 02:20 AM 7,383 pctcore.cat
09/23/2009 03:10 PM 207,280 PCTCore.sys
09/23/2009 03:10 PM 207,280 PCTCore_2.sys
09/15/2009 12:01 AM 7,387 pctgntdi.cat
09/24/2009 07:55 AM 229,304 pctgntdi.sys
09/15/2009 05:20 AM 7,383 pctplsg.cat
09/03/2009 08:45 AM 70,408 pctplsg.sys
08/17/2001 02:07 PM 27,296 perc2.sys
08/17/2001 02:07 PM 5,504 perc2hib.sys
04/13/2008 01:19 PM 146,048 portcls.sys
04/13/2008 12:31 PM 35,840 processr.sys
04/13/2008 12:56 PM 69,120 psched.sys
08/04/2004 05:00 AM 17,792 PTILINK.SYS
03/07/2007 05:51 PM 43,528 pxhelp20.sys
08/17/2001 01:52 PM 40,320 ql1080.sys
08/17/2001 01:52 PM 33,152 ql10wnt.sys
08/17/2001 01:52 PM 45,312 ql12160.sys
08/17/2001 01:52 PM 40,448 ql1240.sys
08/17/2001 01:52 PM 49,024 ql1280.sys
08/04/2004 05:00 AM 8,832 RASACD.SYS
04/13/2008 01:19 PM 51,328 rasl2tp.sys
04/13/2008 12:57 PM 41,472 raspppoe.sys
04/13/2008 01:19 PM 48,384 raspptp.sys
08/04/2004 05:00 AM 16,512 RASPTI.SYS
08/04/2004 05:00 AM 34,432 RAWWAN.SYS
04/13/2008 01:28 PM 175,744 rdbss.sys
08/04/2004 05:00 AM 4,224 RDPCDD.SYS
04/13/2008 12:32 PM 196,224 rdpdr.sys
04/13/2008 06:13 PM 139,656 rdpwd.sys
08/03/2004 09:41 PM 13,776 recagent.sys
04/13/2008 12:40 PM 57,600 redbook.sys
04/13/2008 12:46 PM 59,136 rfcomm.sys
08/04/2004 05:00 AM 12,032 RIO8DRV.SYS
08/04/2004 05:00 AM 12,032 RIODRV.SYS
05/08/2008 08:02 AM 203,136 rmcast.sys
04/13/2008 12:56 PM 30,592 rndismp.sys
04/13/2008 12:56 PM 30,592 rndismpx.sys
08/04/2004 05:00 AM 5,888 ROOTMDM.SYS
08/03/2004 09:29 PM 166,912 s3gnbm.sys
11/30/2008 05:57 PM Samsung
04/13/2008 12:40 PM 96,384 scsiport.sys
04/13/2008 12:36 PM 79,232 sdbus.sys
11/13/2007 04:25 AM 20,480 secdrv.sys
04/13/2008 12:40 PM 15,744 serenum.sys
04/13/2008 01:15 PM 64,512 serial.sys
04/13/2008 12:40 PM 11,904 sffdisk.sys
04/13/2008 12:40 PM 10,240 sffp_mmc.sys
04/13/2008 12:40 PM 11,008 sffp_sd.sys
04/13/2008 12:40 PM 11,392 sfloppy.sys
04/13/2008 06:12 PM 3,901 siint5.dll
04/13/2008 12:36 PM 40,960 sisagp.sys
08/03/2004 09:41 PM 129,535 slnt7554.sys
08/03/2004 09:41 PM 404,990 slntamr.sys
08/03/2004 09:41 PM 95,424 slnthal.sys
08/03/2004 09:41 PM 13,240 slwdmsup.sys
04/13/2008 12:36 PM 5,888 smbali.sys
08/04/2004 05:00 AM 14,592 SMCLIB.SYS
04/08/2003 10:30 AM 3,744 smsens.sys
04/09/2004 12:41 PM 612,352 smwdm.sys
04/13/2008 12:46 PM 25,344 sonydcam.sys
08/17/2001 12:56 PM 7,552 SONYPVU1.SYS
08/17/2001 02:07 PM 19,072 sparrow.sys
04/13/2008 12:45 PM 6,272 splitter.sys
04/13/2008 12:36 PM 73,472 sr.sys
12/11/2008 04:57 AM 333,952 srv.sys
12/18/2004 07:32 PM 38,229 StMp3Rec.sys
04/13/2008 12:45 PM 49,408 stream.sys
04/13/2008 12:39 PM 4,352 swenum.sys
04/13/2008 12:45 PM 56,576 swmidi.sys
08/17/2001 02:07 PM 16,256 symc810.sys
08/17/2001 02:07 PM 32,640 symc8xx.sys
08/21/2009 06:55 AM 7,456 SYMEVENT.CAT
08/21/2009 06:55 AM 806 SYMEVENT.INF
08/21/2009 06:55 AM 124,976 SYMEVENT.SYS
08/18/2009 01:11 PM 36,400 SymIM.sys
08/17/2001 02:07 PM 28,384 sym_hi.sys
08/17/2001 02:07 PM 30,688 sym_u3.sys
04/13/2008 01:15 PM 60,800 sysaudio.sys
04/13/2008 12:40 PM 14,976 tape.sys
03/10/2008 06:23 PM 0 TBM20.tmp
03/10/2008 06:23 PM 0 TBM22.tmp
06/20/2008 05:51 AM 361,600 tcpip.sys
06/20/2008 05:08 AM 225,856 tcpip6.sys
04/13/2008 01:00 PM 19,072 tdi.sys
04/13/2008 06:13 PM 12,040 tdpipe.sys
04/13/2008 06:13 PM 21,896 tdtcp.sys
04/13/2008 06:13 PM 40,840 termdd.sys
08/04/2004 05:00 AM 51,712 TOSDVD.SYS
08/17/2001 01:51 PM 4,992 TOSIDE.SYS
08/04/2004 05:00 AM 21,376 TSBVCAP.SYS
04/13/2008 12:56 PM 12,288 tunmp.sys
04/13/2008 12:36 PM 44,672 uagp35.sys
04/13/2008 12:32 PM 66,048 udfs.sys
08/17/2001 01:52 PM 36,736 ultra.sys
10/02/2009 10:22 PM UMDF
04/13/2008 12:39 PM 384,768 update.sys
04/13/2008 12:56 PM 12,800 usb8023.sys
04/13/2008 12:56 PM 12,800 usb8023x.sys
08/28/2009 06:42 PM 40,448 usbaapl.sys
04/13/2008 12:45 PM 25,600 usbcamd.sys
04/13/2008 12:45 PM 25,728 usbcamd2.sys
08/04/2004 05:00 AM 4,736 USBD.SYS
04/13/2008 12:45 PM 30,208 usbehci.sys
04/13/2008 12:45 PM 59,520 usbhub.sys
04/13/2008 12:45 PM 15,872 usbintel.sys
04/13/2008 12:45 PM 143,872 usbport.sys
04/13/2008 12:47 PM 25,856 usbprint.sys
04/13/2008 12:45 PM 15,104 usbscan.sys
04/13/2008 12:45 PM 26,368 usbstor.sys
04/13/2008 12:45 PM 20,608 usbuhci.sys
04/13/2008 12:46 PM 121,984 usbvideo.sys
04/13/2008 06:12 PM 11,325 vchnt5.dll
08/04/2004 05:00 AM 58,112 VDMINDVD.SYS
04/13/2008 12:44 PM 20,992 vga.sys
04/13/2008 12:36 PM 42,240 viaagp.sys
04/13/2008 12:40 PM 5,376 viaide.sys
04/13/2008 12:44 PM 81,664 videoprt.sys
04/13/2008 12:41 PM 52,352 volsnap.sys
04/13/2008 12:43 PM 14,208 wacompen.sys
08/03/2004 09:29 PM 11,807 wadv07nt.sys
08/03/2004 09:29 PM 11,295 wadv08nt.sys
08/03/2004 09:29 PM 11,871 wadv09nt.sys
08/03/2004 09:29 PM 11,935 wadv11nt.sys
04/13/2008 12:57 PM 34,560 wanarp.sys
01/10/2003 03:13 PM 33,588 wanatw4.sys
08/03/2004 09:29 PM 22,271 watv06nt.sys
08/03/2004 09:29 PM 25,471 watv10nt.sys
04/13/2008 12:45 PM 31,744 wceusbsh.sys
04/13/2008 01:17 PM 83,072 wdmaud.sys
08/04/2004 05:00 AM 4,352 WMILIB.SYS
10/18/2006 07:00 PM 38,528 wpdusb.sys
08/04/2004 05:00 AM 12,032 WS2IFSL.SYS
09/28/2006 05:55 PM 77,568 WudfPf.sys
09/28/2006 06:00 PM 82,944 WudfRd.sys
11/29/2004 02:53 AM 258,560 ZD1211U.sys
350 File(s) 33,066,124 bytes

Directory of C:\Windows\System32\Drivers\DISDN

12/09/2004 12:09 AM .
12/09/2004 12:09 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\ETC

10/29/2009 07:52 PM .
10/29/2009 07:52 PM ..
10/29/2009 07:52 PM 27 hosts
03/13/2007 12:30 PM 813 hosts.bak
03/13/2007 12:30 PM 813 hosts.msn
08/04/2004 05:00 AM 3,683 LMHOSTS.SAM
08/04/2004 05:00 AM 407 NETWORKS
08/04/2004 05:00 AM 799 PROTOCOL
08/04/2004 05:00 AM 7,116 SERVICES
7 File(s) 13,658 bytes

Directory of C:\Windows\System32\Drivers\NIS

09/11/2009 07:56 PM .
09/11/2009 07:56 PM ..
09/10/2009 04:18 PM 1007020.00B
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\NIS\1007020.00B

09/10/2009 04:18 PM .
09/10/2009 04:18 PM ..
08/22/2009 01:28 AM 7,400 bhdrvx86.cat
08/22/2009 01:28 AM 640 BHDrvx86.inf
08/22/2009 01:28 AM 259,632 BHDrvx86.sys
11/10/2009 07:04 PM 685,160 Cat.DB
08/22/2009 01:28 AM 7,383 ccHPx86.cat
08/22/2009 01:28 AM 1,752 ccHPx86.inf
09/08/2009 05:47 PM 482,432 cchpx86.sys
09/08/2009 05:47 PM 172 isolate.ini
08/22/2009 01:28 AM 7,425 srtsp.cat
08/22/2009 01:28 AM 1,382 srtsp.inf
08/22/2009 01:28 AM 308,272 srtsp.sys
08/22/2009 01:28 AM 7,429 srtspx.cat
08/22/2009 01:28 AM 1,388 srtspx.inf
08/22/2009 01:28 AM 43,696 srtspx.sys
08/22/2009 01:28 AM 7,431 SymEFA.cat
08/22/2009 01:28 AM 3,373 SymEFA.inf
08/22/2009 01:28 AM 310,320 SymEFA.sys
08/22/2009 01:28 AM 89,904 symfw.sys
08/22/2009 01:28 AM 33,072 symids.sys
08/22/2009 01:28 AM 36,400 symndis.sys
08/22/2009 01:28 AM 48,688 symndisv.sys
08/22/2009 01:28 AM 9,402 SymNet.cat
08/22/2009 01:28 AM 1,561 SymNet.inf
08/22/2009 01:28 AM 9,412 symnetv.cat
08/22/2009 01:28 AM 1,562 SymNetV.inf
08/22/2009 01:28 AM 217,136 symtdi.sys
26 File(s) 2,582,424 bytes

Directory of C:\Windows\System32\Drivers\Samsung

11/30/2008 05:57 PM .
11/30/2008 05:57 PM ..
11/30/2008 05:57 PM Samsung CLP-310 Series
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\Samsung\Samsung CLP-310 Series

11/30/2008 05:57 PM .
11/30/2008 05:57 PM ..
09/17/2008 06:40 PM 49,885 cl31c.cat
09/07/2008 07:21 PM 9,939 cl31c.inf
08/13/2007 03:39 AM 22,723 cl31cl3.dll
08/13/2007 03:39 AM 361 cl31cl3.smt
09/07/2008 07:21 PM 616 cl31cpp.ver
09/05/2008 04:28 AM 1,486,059 cl31csc.cts
09/07/2008 07:21 PM 6,908 cl31cu.ini
08/13/2007 03:39 AM 65,536 coinst.dll
08/13/2007 03:39 AM 151,552 coinst.exe
09/07/2008 07:21 PM 990,720 itdrv.dll
05/05/2008 07:03 PM 33,485 itdrvab.chm
01/14/2008 11:53 PM 73,515 itdrvab.dat
05/05/2008 07:04 PM 33,689 itdrvbp.chm
01/14/2008 11:53 PM 82,080 itdrvbp.dat
08/13/2007 03:39 AM 812,486 itdrvcm.ctd
08/13/2007 03:39 AM 204,800 itdrvcm.dll
05/05/2008 07:04 PM 32,359 itdrvcp.chm
01/14/2008 11:53 PM 64,657 itdrvcp.dat
05/05/2008 07:04 PM 32,283 itdrvct.chm
01/14/2008 11:53 PM 64,478 itdrvct.dat
05/05/2008 07:04 PM 34,711 itdrvcz.chm
01/14/2008 11:53 PM 77,909 itdrvcz.dat
05/05/2008 07:04 PM 33,619 itdrvdn.chm
01/14/2008 11:53 PM 78,052 itdrvdn.dat
05/05/2008 07:04 PM 34,257 itdrvdt.chm
01/14/2008 11:53 PM 81,186 itdrvdt.dat
09/07/2008 07:21 PM 404,480 itdrvdu.dll
05/05/2008 07:04 PM 36,019 itdrvel.chm
01/14/2008 11:53 PM 84,300 itdrvel.dat
05/05/2008 07:04 PM 32,357 itdrven.chm
01/14/2008 11:53 PM 75,047 itdrven.dat
08/13/2007 03:39 AM 53,248 itdrvex.exe
05/05/2008 07:04 PM 33,501 itdrvfi.chm
01/14/2008 11:53 PM 78,950 itdrvfi.dat
05/05/2008 07:04 PM 34,519 itdrvfn.chm
01/14/2008 11:53 PM 87,345 itdrvfn.dat
05/05/2008 07:04 PM 34,977 itdrvgr.chm
01/14/2008 11:53 PM 83,875 itdrvgr.dat
05/05/2008 07:04 PM 32,387 itdrvhb.chm
01/14/2008 11:53 PM 71,430 itdrvhb.dat
05/05/2008 07:04 PM 35,363 itdrvhu.chm
01/14/2008 11:53 PM 81,003 itdrvhu.dat
10/09/2007 06:57 PM 32,768 itdrvio.dll
05/05/2008 07:04 PM 33,931 itdrvit.chm
01/14/2008 11:53 PM 82,235 itdrvit.dat
05/05/2008 07:04 PM 33,271 itdrvkr.chm
03/16/2008 10:06 PM 71,658 itdrvkr.dat
08/13/2007 03:40 AM 69,632 itdrvlf.dll
08/13/2007 03:40 AM 311,296 itdrvm.dll
08/13/2007 03:40 AM 29,624 itdrvm1.bmp
08/13/2007 03:40 AM 29,624 itdrvm2.bmp
08/13/2007 03:40 AM 29,624 itdrvm3.bmp
07/15/2008 02:43 AM 196,608 itdrvn.dll
05/05/2008 07:04 PM 32,913 itdrvnr.chm
01/14/2008 11:53 PM 77,102 itdrvnr.dat
08/13/2007 03:40 AM 217,088 itdrvo.dll
08/13/2007 03:40 AM 19,968 itdrvpc.dll
05/05/2008 07:04 PM 35,305 itdrvpo.chm
01/14/2008 11:53 PM 79,817 itdrvpo.dat
08/13/2007 03:40 AM 15,318 itdrvpp.dll
05/05/2008 07:04 PM 34,215 itdrvpt.chm
01/14/2008 11:53 PM 83,160 itdrvpt.dat
05/05/2008 07:04 PM 34,907 itdrvru.chm
02/18/2008 07:15 PM 80,656 itdrvru.dat
08/08/2008 03:16 AM 503,808 itdrvsc.dll
09/05/2008 04:28 AM 475,136 itdrvsf.dll
05/05/2008 07:04 PM 34,201 itdrvsp.chm
01/14/2008 11:53 PM 83,164 itdrvsp.dat
05/05/2008 07:04 PM 33,573 itdrvsw.chm
01/14/2008 11:53 PM 77,113 itdrvsw.dat
05/05/2008 07:04 PM 33,699 itdrvtk.chm
01/14/2008 11:53 PM 77,765 itdrvtk.dat
09/07/2008 07:22 PM 925,696 itdrvu.dll
08/13/2007 03:40 AM 835,584 itdrvu2.dll
08/13/2007 03:40 AM 626,874 itdrvua.bmp
08/13/2007 03:40 AM 206,278 itdrvub.bmp
08/13/2007 03:40 AM 71,336 itdrvuc.bmp
08/13/2007 03:40 AM 58,736 itdrvuca.bmp
08/13/2007 03:40 AM 58,736 itdrvucb.bmp
08/13/2007 03:40 AM 58,736 itdrvucc.bmp
08/13/2007 03:40 AM 58,736 itdrvucd.bmp
08/13/2007 03:40 AM 58,736 itdrvuce.bmp
08/13/2007 03:40 AM 58,736 itdrvuco.bmp
08/13/2007 03:40 AM 58,736 itdrvucp.bmp
08/13/2007 03:40 AM 58,736 itdrvucr.bmp
08/13/2007 03:40 AM 58,736 itdrvucs.bmp
08/13/2007 03:40 AM 58,736 itdrvucv.bmp
08/13/2007 03:40 AM 24,840 itdrvug.bmp
08/13/2007 03:41 AM 4,072 itdrvul.bmp
08/08/2008 03:17 AM 1,032,192 itdrvum.dll
07/15/2008 02:43 AM 20,537 itdrvum.xml
91 File(s) 13,100,614 bytes

Directory of C:\Windows\System32\Drivers\UMDF

10/02/2009 10:22 PM .
10/02/2009 10:22 PM ..
10/18/2006 08:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
475 File(s) 49,434,052 bytes
23 Dir(s) 71,098,474,496 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 3CEB-8482

Directory of C:\Windows\System32\Drivers

11/01/2009 10:54 AM 45,223,968 fidbox.dat
11/01/2009 10:54 AM 531,044 fidbox.idx
2 File(s) 45,755,012 bytes
0 Dir(s) 71,098,478,592 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 904 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 944 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 968 High C:\WINDOWS\system32\winlogon.exe
services.exe 1020 Normal C:\WINDOWS\system32\services.exe
lsass.exe 1032 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1196 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1296 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1412 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1492 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1564 Normal C:\WINDOWS\system32\svchost.exe
LEXBCES.EXE 1788 Normal C:\WINDOWS\system32\LEXBCES.EXE
spoolsv.exe 1812 Normal C:\WINDOWS\system32\spoolsv.exe
LEXPPS.EXE 1844 Normal C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe 440 Normal C:\WINDOWS\system32\svchost.exe
AppleMobileDeviceService.exe 472 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
AskService.exe 500 Normal C:\Program Files\AskBarDis\bar\bin\AskService.exe
ASKUpgrade.exe 532 Normal C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
ALUSchedulerSvc.exe 552 Normal C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
mDNSResponder.exe 596 Normal C:\Program Files\Bonjour\mDNSResponder.exe
IDriveE Service.exe 652 Normal C:\Program Files\IDrive\IDriveE Service.exe
IDriveWebM.exe 816 Normal C:\Program Files\IDrive\IDriveWebM.exe
jqs.exe 512 Idle C:\Program Files\Java\jre6\bin\jqs.exe
KService.exe 864 Normal C:\Program Files\KService\KService.exe
PIFSvc.exe 892 Normal C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
ccSvcHst.exe 984 Normal C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
pctsAuxs.exe 1344 Normal C:\Program Files\Spyware Doctor\pctsAuxs.exe
pctsSvc.exe 1360 Normal C:\Program Files\Spyware Doctor\pctsSvc.exe
svchost.exe 2028 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 136 Normal C:\WINDOWS\system32\svchost.exe
TFService.exe 3564 Normal C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
alg.exe 3808 Normal C:\WINDOWS\System32\alg.exe
ccSvcHst.exe 1160 Normal C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
Explorer.EXE 2816 Normal C:\WINDOWS\Explorer.EXE
pctsTray.exe 2020 Normal C:\Program Files\Spyware Doctor\pctsTray.exe
DMXLauncher.exe 3388 Normal C:\Program Files\Dell\Media Experience\DMXLauncher.exe
hkcmd.exe 3744 Normal C:\WINDOWS\system32\hkcmd.exe
igfxpers.exe 3592 Normal C:\WINDOWS\system32\igfxpers.exe
realsched.exe 2100 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PIFSvc.exe 2148 Normal C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
Acrotray.exe 2708 Normal C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
jusched.exe 2732 Normal C:\Program Files\Java\jre6\bin\jusched.exe
iTunesHelper.exe 3300 Normal C:\Program Files\iTunes\iTunesHelper.exe
ZDWlan.exe 3704 Normal C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
DLG.exe 1536 Normal C:\Program Files\Digital Line Detect\DLG.exe
IDriveEBackground.exe 4040 Normal C:\Program Files\IDrive\IDriveEBackground.exe
iPodService.exe 524 Normal C:\Program Files\iPod\bin\iPodService.exe
iexplore.exe 3392 Normal C:\Program Files\internet explorer\iexplore.exe
iexplore.exe 2964 Normal C:\Program Files\internet explorer\iexplore.exe
ctfmon.exe 3200 Normal C:\WINDOWS\system32\ctfmon.exe
cmd.exe 268 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 3532 Normal C:\Documents and Settings\Amit\Desktop\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(2816)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
pctgmhk.dll b70000 176128 C:\Program Files\Spyware Doctor\pctgmhk.dll 7.0.0.13
TfWah.dll 10000000 466944 C:\Program Files\Spyware Doctor\TFEngine\TfWah.dll 4.9.10.8 PC Tools ThreatFire
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
TFNI.dll 1a50000 57344 C:\Program Files\Spyware Doctor\TFEngine\TFNI.dll 4.9.10.8 PC Tools ThreatFire Non-Interactive Process
MSVCP80.dll 7c420000 552960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll 8.00.50727.4053 Microsoft C++ Runtime Library
MSVCR80.dll 1b80000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll 8.00.50727.4053 Microsoft C Runtime Library
TFMon.dll 1c30000 57344 C:\Program Files\Spyware Doctor\TFEngine\TFMon.dll 4.9.10.8 ThreatFire Monitor Interface
TFRK.dll 1c50000 135168 C:\Program Files\Spyware Doctor\TFEngine\TFRK.dll 4.9.10.8 PC Tools ThreatFire Detector
ATL80.DLL 7c630000 110592 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL 8.00.50727.4053 ATL Module for Windows (Unicode)
xpsp2res.dll 1ce0000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
ieframe.dll 3e1c0000 11087872 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Explorer
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
webcheck.dll 2fc0000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
ASOEHOOK.DLL 6e610000 438272 C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON INTERNET SECURITY\ENGINE\16.7.2.11\ASOEHOOK.DLL 4.5.0.46 AntiSpam OE Hook
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
fxsst.dll 68df0000 577536 C:\WINDOWS\system32\fxsst.dll 5.2.2600.5512 (xpsp.080413-0852) Fax Service
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
FXSAPI.dll 5a980000 466944 C:\WINDOWS\system32\FXSAPI.dll 5.2.2600.5512 (xpsp.080413-0852) Microsoft Fax API Support DLL
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
rarext.dll 1650000 180224 C:\Program Files\WinRAR\rarext.dll
IDRIVE~3.DLL 1690000 57344 C:\PROGRA~1\IDrive\IDRIVE~3.DLL 2, 2, 0, 0 IDriveEContextMenuExt Module
ContextMenu.dll 4480000 585728 C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll 7.0.7.2006011200\0 Adobe Acrobat Context Menu
MFC71.DLL 7c140000 1060864 C:\WINDOWS\system32\MFC71.DLL 7.10.3077.0 MFCDLL Shared Library - Retail Version
MSVCR71.dll 7c340000 352256 C:\WINDOWS\system32\MSVCR71.dll 7.10.3052.4 Microsoft C Runtime Library
MSVCP71.dll 7c3a0000 503808 C:\WINDOWS\system32\MSVCP71.dll 7.10.3077.0 Microsoft C++ Runtime Library
MFC71ENU.DLL 5d360000 57344 C:\WINDOWS\system32\MFC71ENU.DLL 7.10.3077.0 MFC Language Specific Resources
NavShExt.dll 677b0000 278528 C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\NavShExt.dll 16.7.2.11 Symantec Shared Component Shell Extension Module
ccVrTrst.dll 6b050000 94208 C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccVrTrst.dll 108.1.1.10 Symantec Trust Validation Engine
ccL80U.dll 6ae10000 532480 C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccL80U.dll 108.1.1.10 Symantec Library
EFACli.dll 69380000 49152 C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\EFACli.dll 1.1.0.4 Symantec Extended File Attributes
ccSet.dll 6afb0000 262144 C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSet.dll 108.1.1.10 Symantec Settings Manager Engine
SDContextExt32.dll 3900000 57344 C:\Program Files\Spyware Doctor\SDContextExt32.dll 7.0.0.4 Spyware Doctor Component
MSVCP90.dll 78480000 581632 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll 9.00.30729.1 Microsoft C++ Runtime Library
MSVCR90.dll 78520000 667648 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll 9.00.30729.1 Microsoft C Runtime Library
mbamext.dll 4560000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 2, 0, 0 Malwarebytes' Anti-Malware
syncui.dll 74650000 200704 C:\WINDOWS\system32\syncui.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Briefcase
browselc.dll 46a0000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
NeroDigitalExt.dll 4b30000 1523712 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll 1.1.1.1 Nero Digital Shell Extension
PDFShell.dll 4ab0000 114688 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 7.0.0.0 PDF Shell Extension



******************************************
EOF

I found the infection hiding. Thank goodness for my tool SpiderKill.

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   killall::
   File::
   C:\Windows\System32\Driver\fidbox.dat
   C:\Windows\System32\Drivers\fidbox.idx
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Here is the log for new scan
ComboFix 09-11-25.03 - Amit 11/25/2009 21:24.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1350 [GMT -6:00]
Running from: c:\documents and settings\Amit\My Documents\ComboFx.exe
Command switches used :: c:\documents and settings\Amit\My Documents\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point

FILE ::
"c:\windows\System32\Driver\fidbox.dat"
"c:\windows\System32\Drivers\fidbox.idx"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Drivers\fidbox.idx

.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 02:52 . 2009-08-27 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\NAVENG.SYS
2009-11-26 02:52 . 2009-08-27 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\NAVENG32.DLL
2009-11-26 02:52 . 2009-08-27 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\NAVEX32A.DLL
2009-11-26 02:52 . 2009-08-27 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\NAVEX15.SYS
2009-11-26 02:52 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\ECMSVR32.DLL
2009-11-26 02:52 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\CCERASER.DLL
2009-11-26 02:52 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\EECTRL.SYS
2009-11-26 02:52 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\ERASER.SYS
2009-11-13 00:23 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-13 00:23 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-13 00:23 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-13 00:23 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-13 00:23 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-07 08:02 . 2009-11-07 08:06 -------- d-----w- c:\program files\Ares
2009-11-06 21:36 . 2009-11-06 21:36 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-11-06 19:20 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSvix86.sys
2009-11-06 19:20 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSXpx86.sys
2009-11-06 19:20 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\Scxpx86.dll
2009-11-06 19:20 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSxpx86.dll
2009-11-06 19:20 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSviA64.sys
2009-11-06 00:27 . 2009-11-06 00:27 -------- d-----w- c:\documents and settings\Amit\Application Data\Malwarebytes
2009-11-06 00:25 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 00:25 . 2009-11-06 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-06 00:25 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 00:25 . 2009-11-06 00:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 16:22 . 2009-11-01 16:54 45223968 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 01:59 . 2009-11-11 10:51 -------- d-----w- C:\commyFix11601c
2009-10-30 01:53 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore_2.sys
2009-10-30 01:21 . 2009-11-11 10:51 -------- d-----w- C:\commyFix
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 04:39 . 2008-10-03 04:25 -------- d-----w- c:\program files\IDrive
2009-11-26 03:20 . 2006-12-25 04:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-26 03:20 . 2009-10-26 03:58 -------- d-----w- c:\program files\Spyware Doctor
2009-11-22 05:44 . 2006-04-08 21:19 -------- d-----w- c:\documents and settings\Amit\Application Data\Azureus
2009-11-22 04:45 . 2004-12-18 00:07 -------- d-----w- c:\documents and settings\Amit\Application Data\.BitTornado
2009-11-22 04:17 . 2009-10-24 14:38 -------- d-----w- c:\program files\Vuze
2009-11-14 02:12 . 2009-10-24 14:38 -------- d-----w- c:\program files\AskBarDis
2009-11-07 19:57 . 2009-10-24 14:42 -------- d-----w- c:\documents and settings\Amit\Application Data\TuneUpMedia
2009-10-27 04:01 . 2009-10-26 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-26 04:14 . 2009-10-26 03:58 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-26 03:58 . 2009-10-26 03:58 -------- d-----w- c:\documents and settings\Amit\Application Data\PC Tools
2009-10-24 14:43 . 2009-10-24 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-10-24 14:43 . 2009-07-28 14:33 -------- d-----w- c:\program files\iTunes
2009-10-24 14:43 . 2009-10-24 14:42 -------- d-----w- c:\program files\TuneUpMedia
2009-10-23 02:16 . 2005-06-11 10:42 -------- d-----w- c:\documents and settings\Amit\Application Data\Apple Computer
2009-10-21 01:29 . 2009-10-21 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-21 01:28 . 2006-08-18 19:05 -------- d-----w- c:\program files\iPod
2009-10-21 01:28 . 2007-11-02 22:43 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 01:26 . 2009-10-21 01:26 -------- d-----w- c:\program files\Bonjour
2009-10-21 01:25 . 2009-04-14 16:08 -------- d-----w- c:\program files\QuickTime
2009-10-21 01:14 . 2009-10-21 01:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-18 17:19 . 2004-12-09 06:33 -------- d-----w- c:\program files\Dell
2009-10-18 15:55 . 2009-10-18 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-10-14 23:03 . 2004-12-09 06:32 -------- d-----w- c:\program files\Java
2009-10-14 23:01 . 2009-10-14 23:01 152576 ----a-w- c:\documents and settings\Amit\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-08 18:14 . 2009-10-27 04:01 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-08 18:14 . 2009-10-27 04:01 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-08 18:14 . 2009-10-27 04:01 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-06 21:31 . 2009-10-26 03:58 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-03 20:03 . 2009-10-03 19:21 -------- d-----w- c:\program files\CrossLoop
2009-10-03 15:30 . 2009-10-03 15:07 -------- d-----w- c:\documents and settings\Amit\Application Data\Sony
2009-10-03 15:03 . 2009-10-03 15:03 -------- d-----w- c:\program files\Vstplugins
2009-10-03 15:02 . 2009-10-03 15:02 -------- d-----w- c:\program files\Sony
2009-10-03 15:01 . 2009-10-03 15:01 -------- d-----w- c:\program files\Sony Setup
2009-10-03 03:26 . 2009-05-21 02:12 -------- d-----w- c:\program files\Symantec
2009-10-03 02:49 . 2009-10-03 02:49 -------- d-----w- c:\program files\Norton Support
2009-09-24 13:55 . 2009-10-26 03:58 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 21:10 . 2009-10-26 03:58 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-18 13:31 . 2009-09-18 13:31 10686001 ----a-w- c:\documents and settings\Amit\Application Data\Azureus\plugins\azump\mplayer.exe
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:10 . 2009-10-23 02:21 342576 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSvix86.sys
2009-09-10 20:10 . 2009-10-23 02:21 329080 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSXpx86.sys
2009-09-10 20:10 . 2009-10-23 02:21 732536 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\Scxpx86.dll
2009-09-10 20:10 . 2009-10-23 02:21 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSxpx86.dll
2009-09-10 20:10 . 2009-10-23 02:21 466480 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSviA64.sys
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:45 . 2009-10-26 03:58 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-29 20:17 . 2004-12-18 01:30 55192 -c--a-w- c:\documents and settings\Amit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 08:08 . 2004-08-04 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-06-17 03:23 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-06-17 03:23 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-10-29 23:25 . 2008-10-29 23:25 13706 -c--a-w- c:\program files\Common Files\vasosicuv.scr
2007-03-09 14:37 . 2007-03-09 14:37 57792 -c--a-w- c:\program files\MC
2006-07-01 12:46 . 2006-07-01 12:46 73 -c--a-w- c:\program files\cdboot.phx
2006-07-01 12:46 . 2006-07-01 12:46 389 -c--a-w- c:\program files\proginfo.txt
2006-07-01 12:46 . 2006-07-01 12:46 167936 -c--a-w- c:\program files\diskinst.exe
2006-07-01 12:46 . 2006-07-01 12:46 113 -c--a-w- c:\program files\instruct.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-11-20_03.59.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-26 03:40 . 2009-11-26 03:40 16384 c:\windows\Temp\Perflib_Perfdata_580.dat
+ 2009-11-26 03:39 . 2009-11-26 03:39 16384 c:\windows\Temp\Perflib_Perfdata_42c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 18:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Amit\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2008-10-2 184320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
802.11b+g USB Wireless LAN Utility.lnk - c:\program files\WLAN\802.11b+g USB WLAN\ZDWlan.exe [2008-2-13 430080]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-7-30 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-8-9 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-9 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IDrive\\IDriveEClassic.exe"=
"c:\\Program Files\\IDrive\\IDriveETray.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\WLAN\\802.11b+g USB WLAN\\ZDWlan.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14238:TCP"= 14238:TCP:darshmeet
"1755:TCP"= 1755:TCP:windows media player

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [10/25/2009 9:58 PM 207280]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\SymEFA.sys [9/8/2009 5:47 PM 310320]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [10/26/2009 10:01 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [10/26/2009 10:01 PM 59664]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\BHDrvx86.sys [9/8/2009 5:47 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\cchpx86.sys [9/8/2009 5:47 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/12/2009 6:23 PM 329592]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/13/2009 8:12 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/13/2009 8:13 PM 234888]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [10/2/2008 10:25 PM 136656]
R2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDriveWebM.exe [10/2/2008 10:25 PM 58832]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/8/2009 5:47 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 2:00 AM 102448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/25/2009 9:58 PM 358600]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [10/26/2009 10:01 PM 33552]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\SYSTEM32\DRIVERS\ZD1211U.sys [6/5/2005 5:18 PM 258560]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\system32\DRIVERS\zd1201u.sys --> c:\windows\system32\DRIVERS\zd1201u.sys [?]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\SYSTEM32\ZDBRGSYS.sys [6/5/2005 5:18 PM 19200]
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]
S4 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [10/25/2009 9:58 PM 229304]
S4 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [10/25/2009 9:58 PM 70408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\DEFRAG.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://start.earthlink.net/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {6876C54C-08AF-4D30-8DB2-CA7CBADD2463} = 192.168.1.254,192.168.2.254
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 22:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3018035710-715601661-13499995-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\KService\KService.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\IDrive\IDriveEBackground.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-25 22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-26 04:46
ComboFix2.txt 2009-11-20 04:10

Pre-Run: 70,290,571,264 bytes free
Post-Run: 70,561,730,560 bytes free

- - End Of File - - 07159377C53AEBE6BAAC353E71BEA777

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.41
Database version: 3283
Windows 5.1.2600 Service Pack 3

12/2/2009 8:10:54 PM
mbam-log-2009-12-02 (20-10-54).txt

Scan type: Quick Scan
Objects scanned: 128507
Time elapsed: 34 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

This r again too many scans isnt there any shortcut ?

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton Internet Security
``````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Doctor 7.0
TuneUp Companion 1.5.11
Java(TM) 6 Update 15
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

If we r done with my computer than i got my friends laptop with i m guessing very big problem i even dont know where to start from so if u say yes we r done with mine than i can tell u friend's story

Hello again I did some reading here n found out things about my friend's laptop n it seems like he got infected by security tools malware n also by personal security malware so please help me as i have his laptop his wife was browsing thru facebook n it came in thru msg from known friends name in which she had a link n without reading it properly she cliked on it n got infected n either she ended up sending that link to others or it just picked up contacts n sent it itself so help more detail next time as u need it

Please start a new topic for that, and explain the issue.

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

So does this mean my computer is officially free of bad stuff n no more scanning is needed.......i mean it seems like that from your msg but i m making sure n is it ok if i remove malwarebytes spiderkill combofix n them from my system

You may remove SpiderKill and ComboFix. Malwarebytes can normally be kept as a scanner only, but you can Uninstall it if you like.