Just do the fix I posted...

I wasn't sure if I was supposed to post it or not, but here are the results:


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Tue 10/27/2009
The current time is: 18:11:05.65


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 03:56 AM 15,360 ctfmon.exe
03/11/2004 12:26 AM 406,016 PSDrvCheck.exe
2 File(s) 421,376 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 Apr 13 2008 "C:\WINDOWS\system32\ctfmon.exe"
15360 Apr 13 2008 "C:\WINDOWS\ERDNT\cache\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
406016 Mar 11 2004 "C:\WINDOWS\system32\bak\PSDrvCheck.exe"


end of report

Ok.More cleaning....

You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

ComboFix 09-10-24.01 - Raj 10/27/2009 19:02.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.39 [GMT -4:00]
Running from: c:\documents and settings\Raj\Desktop\ComFx.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-27 21:37 . 2009-10-27 21:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-10-27 21:21 . 2009-10-27 21:21 -------- d-----w- c:\documents and settings\Raj\Application Data\Stardock
2009-10-27 21:11 . 2009-10-27 21:11 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\PackageAware
2009-10-27 18:51 . 2009-10-27 18:51 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\Stardock
2009-10-27 18:51 . 2009-10-27 21:37 -------- d-----w- c:\program files\Stardock
2009-10-27 18:51 . 2009-10-27 18:51 -------- d-----w- c:\program files\Common Files\Stardock
2009-10-25 17:41 . 2009-10-25 17:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-25 14:22 . 2009-10-27 18:50 -------- d-----w- c:\program files\RocketDock
2009-10-25 02:26 . 2009-10-25 02:56 -------- dc----w- C:\ComFx9764C
2009-10-25 02:16 . 2009-10-25 02:20 -------- dc----w- C:\ComFx
2009-10-24 22:06 . 2009-10-24 22:09 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\Tific
2009-10-24 22:06 . 2009-10-24 22:06 -------- d-----w- c:\documents and settings\Raj\Application Data\Tific
2009-10-24 21:28 . 2009-10-24 21:28 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 21:28 . 2009-10-25 02:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-24 21:28 . 2009-10-25 02:24 -------- dc----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-24 20:34 . 2009-10-24 20:35 23724034 -c--a-w- C:\SYM_REGISTRY_BACKUP.reg
2009-10-24 17:57 . 2009-10-25 23:10 -------- d-----w- c:\documents and settings\Raj\.housecall6.6
2009-10-24 17:22 . 2009-10-24 17:22 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-10-24 17:22 . 2009-10-24 17:22 32480 ----a-w- c:\windows\system32\Partizan.exe
2009-10-24 16:03 . 2009-10-24 22:46 0 ----a-r- c:\windows\win32k.sys
2009-10-17 19:31 . 2009-10-17 19:31 -------- d-----w- C:\found.001
2009-09-28 22:20 . 2009-09-28 22:26 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\AIM
2009-09-28 22:20 . 2009-09-28 22:20 -------- dc----w- c:\documents and settings\All Users\Application Data\AIM
2009-09-28 22:19 . 2009-09-28 22:20 -------- d-----w- c:\program files\AIM7
2009-09-28 22:18 . 2009-09-28 22:18 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-27 22:11 . 2003-05-06 07:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-27 22:11 . 2007-10-03 18:58 -------- d-----w- c:\program files\iTunes
2009-10-27 22:11 . 2007-08-09 13:15 -------- d-----w- c:\program files\QuickTime
2009-10-27 22:11 . 2006-06-09 00:57 -------- d-----w- c:\program files\eFax Messenger 4.1
2009-10-27 22:11 . 2005-07-10 11:32 -------- d-----w- c:\program files\Norton SystemWorks
2009-10-27 22:11 . 2003-05-06 05:40 -------- d-----w- c:\program files\Coloreal
2009-10-27 18:55 . 2009-02-09 20:38 -------- d-----w- c:\documents and settings\Raj\Application Data\HPAppData
2009-10-25 22:15 . 2005-07-10 11:25 -------- d-----w- c:\program files\BRP
2009-10-25 03:20 . 2003-09-03 00:25 182504 ----a-w- c:\documents and settings\Raj\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 21:29 . 2003-05-06 07:55 -------- d-----w- c:\program files\Symantec
2009-10-24 21:29 . 2009-10-24 21:29 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-24 21:29 . 2009-10-24 21:29 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-24 21:29 . 2007-10-06 18:11 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-24 21:29 . 2007-10-06 18:11 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-24 20:58 . 2009-01-28 15:47 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-24 16:13 . 2003-05-06 05:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-24 15:43 . 2008-12-19 23:58 -------- d-----w- c:\documents and settings\Raj\Application Data\Download Manager
2009-10-24 14:47 . 2009-07-02 19:31 -------- d-----w- c:\documents and settings\Raj\Application Data\Aim
2009-10-17 19:08 . 2008-06-05 00:26 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-17 19:05 . 2009-01-06 20:47 -------- d-----w- c:\program files\Microsoft Works
2009-09-19 11:29 . 2004-10-25 22:53 -------- d-----w- c:\program files\Google
2009-09-19 11:23 . 2009-09-19 11:23 -------- d-----w- c:\program files\wwdpae
2009-09-16 11:33 . 2003-05-06 05:38 -------- d-----w- c:\program files\Quicken
2009-09-13 13:17 . 2008-05-30 21:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 14:18 . 2003-05-21 21:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-05-21 21:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-24 00:32 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-05-21 20:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24 . 2004-09-18 10:57 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-09-18 10:57 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-09-18 10:57 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2003-05-21 20:54 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2003-05-21 21:14 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-09-18 10:57 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-09-12 22:38 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2003-05-21 20:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-29 08:04 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 08:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2007-08-09 18:08 . 2008-02-26 02:08 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 . 2008-02-26 02:08 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2004-03-03 04:33 . 2004-03-03 04:33 0 -csha-w- c:\windows\SMINST\HPCD.sys
2006-04-11 22:28 . 2006-04-11 22:28 56 --sh--r- c:\windows\system32\DEFF81F1E0.sys
2007-06-28 13:48 . 2007-06-28 13:43 88 --sh--r- c:\windows\system32\E0F181FFDE.sys
2007-09-15 13:24 . 2007-06-28 13:43 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-10-25_02.48.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-27 22:02 . 2009-10-27 22:02 16384 c:\windows\temp\Perflib_Perfdata_1c4.dat
+ 2009-10-25 03:20 . 2009-10-25 03:20 10134 c:\windows\Installer\{F19F7B24-AAD4-4236-8475-5335483DA676}\ARPPRODUCTICON.exe
+ 2009-10-27 21:38 . 2009-10-27 21:38 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Mi crosoft.VisualC.ni.dll
+ 2009-10-27 21:37 . 2009-10-27 21:37 264704 c:\windows\Installer\d52f6.msi
+ 2009-10-27 21:38 . 2009-10-27 21:38 223744 c:\windows\assembly\NativeImages_v2.0.50727_32\Vis taBridgeLibrary\da7d86ec852d73c3a94a94f8423b4c86\V istaBridgeLibrary.ni.dll
+ 2009-10-27 21:38 . 2009-10-27 21:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4 \System.Runtime.Remoting.ni.dll
+ 2008-12-22 12:52 . 2009-10-25 12:08 2586720 c:\windows\system32\FNTCACHE.DAT
+ 2009-10-25 03:20 . 2009-10-25 03:20 3765248 c:\windows\Installer\1a3a82.msi
+ 2009-10-27 21:38 . 2009-10-27 21:38 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a \System.Data.OracleClient.ni.dll
+ 2009-10-27 21:38 . 2009-10-27 21:38 3628544 c:\windows\assembly\NativeImages_v2.0.50727_32\Fen ces\b836a749cfe68abdd21f419c4f9f3fc0\Fences.ni.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-10-23 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"KYE_Showicon"="c:\program files\USB Storage RW\shwicon.exe" [2002-10-25 69632]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"USB2Check"="c:\windows\system32\PCLECoInst.dl l" [2004-09-21 73728]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe " [2003-05-21 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"VF0060 STISvc"="V0060Pin.dll" - c:\windows\system32\V0060Pin.dll [2004-11-01 36864]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

c:\documents and settings\Raj\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-10-27 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-6-13 450560]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-9-21 811008]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\StubInstaller.exe"=
"c:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125419246\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125419246\\ee\\aolservicehost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"k:\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\LimeWire\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Client Software(V2.0.0)\\HcNetClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"2544:UDP"= 2544:UDP:Windows Media Format SDK (iexplore.exe)
"2545:UDP"= 2545:UDP:Windows Media Format SDK (iexplore.exe)
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [3/15/2004 9:00 AM 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [3/15/2004 9:00 AM 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [3/15/2004 9:00 AM 431236]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [1/6/2006 8:09 PM 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/28/2008 10:30 AM 24652]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [3/15/2004 9:00 AM 64093]
S2 mrtRate;mrtRate; [x]
S3 DCamUSBConexant;Vivicam 355 USB Video Camera;c:\windows\system32\DRIVERS\Rapvid.sys --> c:\windows\system32\DRIVERS\Rapvid.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\MapleStory\Ga meGuard\dump_wmimmc.sys --> c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/24/2009 5:47 PM 102448]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Part izan.sys [10/24/2009 1:22 PM 34760]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 UsbCmxp;Scientific Atlanta WebSTAR 2000 series Cable Modem;c:\windows\system32\drivers\sacmxp2.sys [3/24/2005 8:57 AM 14336]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [9/29/2005 9:18 PM 196409]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-02-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B81951 62030.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2009-10-27 c:\windows\Tasks\User_Feed_Synchronization-{886034A9-BE59-4BF8-9E09-6D79CE981D5D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optonline.net/Home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.windowsdownloads.com/success.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Optimum Online Cursor Search - c:\documents and settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: go.com\*.disney
Trusted Zone: go.com\secure.disney
Trusted Zone: optimum.net\www
TCP: {C8326AE7-2F7C-425E-B772-5F759B9D491A} = 95.211.97.20,95.211.97.21,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
DPF: {6299BA62-2020-463C-954A-512718E5A23A} - hxxp://66.155.150.10/worklist/PiViewNet.cab
DPF: {9FA45D9C-1412-4949-B735-0D73A3D20E51} - hxxp://www.gloopers.com/VFX.CAB
DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} - hxxp://69.119.148.58:81/codebase/HCNetVideoActiveX.cab
FF - ProfilePath - c:\documents and settings\Raj\Application Data\Mozilla\Firefox\Profiles\x3nsn6ws.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

BHO-{7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKLM-Run-DnsUpdater - c:\program files\Common Files\~.exe
HKLM-Run-{7d479f20-1af3-a432-e616-0c6897a83e78} - c:\windows\system32\{8cf4ed85-073b-2a0a-78a0-71fa9160e12d}.dll
HKLM-Run-AlcxMonitor - ALCXMNTR.EXE
HKCU-Explorer_Run-aiaqmimu.exe - c:\windows\system\aiaqmimu.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-27 19:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:93,5e,8f,c6,6a,f8,cc,bf,93,a5,25,70, b8,8b,c4,e9,38,39,93,73,54,
0a,58,e0,7c,12,ec,9d,b1,81,2f,17,98,f5,90,c5,fa,0e ,45,80,8f,23,bf,c0,e6,25,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:93,5e,8f,c6,6a,f8,cc,bf,93,a5,25,70, b8,8b,c4,e9,38,39,93,73,54,
0a,58,e0,7c,12,ec,9d,b1,81,2f,17,98,f5,90,c5,fa,0e ,45,80,8f,23,bf,c0,e6,25,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\nView.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Completion time: 2009-10-27 19:21
ComboFix-quarantined-files.txt 2009-10-27 23:21
ComboFix2.txt 2009-10-25 12:39
ComboFix3.txt 2009-09-08 19:03

Pre-Run: 117,612,941,312 bytes free
Post-Run: 117,812,183,040 bytes free

- - End Of File - - 507084B5236F9C09143CE540E64C5163

Just these to fix and we are done..
========================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the red text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Out of curiosity, was LimeWire deleted?

ComboFix 09-10-24.01 - Raj 10/27/2009 21:28.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.244 [GMT -4:00]
Running from: c:\documents and settings\Raj\Desktop\ComFx.exe
Command switches used :: c:\documents and settings\Raj\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\LimeWire
c:\limewire\.NetworkShare\LimeWirePackedJars4.9.37 .7z
c:\limewire\.NetworkShare\LimeWireWin4.9.37.exe
c:\limewire\clink.jar
c:\limewire\commons-httpclient.jar
c:\limewire\commons-logging.jar
c:\limewire\COPYING
c:\limewire\daap.jar
c:\limewire\data.ser
c:\limewire\donotremove.htm
c:\limewire\GenericWindowsUtils.dll
c:\limewire\hashes
c:\limewire\i18n.jar
c:\limewire\icu4j.jar
c:\limewire\id3v2.jar
c:\limewire\install.log
c:\limewire\jcraft.jar
c:\limewire\jl011.jar
c:\limewire\jmdns.jar
c:\limewire\language.prop
c:\limewire\LimeWire On Startup.lnk
c:\limewire\LimeWire.exe
c:\limewire\LimeWire.ico
c:\limewire\LimeWire.jar
c:\limewire\LimeWire\.NetworkShare\LimeWirePackedJ ars4.12.6.7z
c:\limewire\LimeWire\.NetworkShare\LimeWireWin4.12 .6.exe
c:\limewire\LimeWire\.NetworkShare\LimeWireWin4.14 .3.exe
c:\limewire\LimeWire\.NetworkShare\LimeWireWin4.16 .6.exe
c:\limewire\LimeWire\.NetworkShare\LimeWireWin4.18 .3.exe
c:\limewire\LimeWire\Buy LimeWire PRO.url
c:\limewire\LimeWire\COPYING
c:\limewire\LimeWire\data.ser
c:\limewire\LimeWire\hs_err_pid4404.log
c:\limewire\LimeWire\inspection.props
c:\limewire\LimeWire\install.log
c:\limewire\LimeWire\language.prop
c:\limewire\LimeWire\lib\aopalliance.jar
c:\limewire\LimeWire\lib\clink.jar
c:\limewire\LimeWire\lib\commons-codec-1.3.jar
c:\limewire\LimeWire\lib\commons-httpclient.jar
c:\limewire\LimeWire\lib\commons-logging.jar
c:\limewire\LimeWire\lib\commons-net.jar
c:\limewire\LimeWire\lib\commons-pool.jar
c:\limewire\LimeWire\lib\daap.jar
c:\limewire\LimeWire\lib\dnsjava.jar
c:\limewire\LimeWire\lib\forms.jar
c:\limewire\LimeWire\lib\foxtrot.jar
c:\limewire\LimeWire\lib\gettext-commons.jar
c:\limewire\LimeWire\lib\guice-1.0.jar
c:\limewire\LimeWire\lib\hashes
c:\limewire\LimeWire\lib\hsqldb.jar
c:\limewire\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\limewire\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\limewire\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\limewire\LimeWire\lib\httpcore-nio.jar
c:\limewire\LimeWire\lib\httpcore.jar
c:\limewire\LimeWire\lib\icu4j.jar
c:\limewire\LimeWire\lib\id3v2.jar
c:\limewire\LimeWire\lib\jaudiotagger.jar
c:\limewire\LimeWire\lib\jcraft.jar
c:\limewire\LimeWire\lib\jdic.dll
c:\limewire\LimeWire\lib\jdic.jar
c:\limewire\LimeWire\lib\jdic_stub.jar
c:\limewire\LimeWire\lib\jflac.jar
c:\limewire\LimeWire\lib\jl.jar
c:\limewire\LimeWire\lib\jl011.jar
c:\limewire\LimeWire\lib\jmdns.jar
c:\limewire\LimeWire\lib\jogg.jar
c:\limewire\LimeWire\lib\jorbis.jar
c:\limewire\LimeWire\lib\LimeWire.ico
c:\limewire\LimeWire\lib\LimeWire.jar
c:\limewire\LimeWire\lib\log4j.jar
c:\limewire\LimeWire\lib\log4j.properties
c:\limewire\LimeWire\lib\looks.jar
c:\limewire\LimeWire\lib\messages.jar
c:\limewire\LimeWire\lib\MessagesBundles.jar
c:\limewire\LimeWire\lib\mp3sp14.jar
c:\limewire\LimeWire\lib\mp3spi.jar
c:\limewire\LimeWire\lib\onion-common.jar
c:\limewire\LimeWire\lib\onion-fec.jar
c:\limewire\LimeWire\lib\ProgressTabs.jar
c:\limewire\LimeWire\lib\swt.jar
c:\limewire\LimeWire\lib\SystemUtilities.dll
c:\limewire\LimeWire\lib\SystemUtilitiesA.dll
c:\limewire\LimeWire\lib\themes.jar
c:\limewire\LimeWire\lib\tray.dll
c:\limewire\LimeWire\lib\tritonus.jar
c:\limewire\LimeWire\lib\vorbis.jar
c:\limewire\LimeWire\lib\vorbisspi.jar
c:\limewire\LimeWire\LimeWire On Startup.lnk
c:\limewire\LimeWire\LimeWire.exe
c:\limewire\LimeWire\LimeWire.ico
c:\limewire\LimeWire\pmf.ico
c:\limewire\LimeWire\root\magnet10\badge.img
c:\limewire\LimeWire\root\magnet10\canHandle.img
c:\limewire\LimeWire\root\magnet10\limewire.gif
c:\limewire\LimeWire\root\magnet10\options.js
c:\limewire\LimeWire\root\magnet10\silentdetect.js
c:\limewire\LimeWire\SOURCE
c:\limewire\LimeWire\spacer.gif
c:\limewire\LimeWire\uninstall.exe
c:\limewire\LimeWire\unpack.log
c:\limewire\LimeWire\xml.war
c:\limewire\LimeWire20.dll
c:\limewire\logicrypto.jar
c:\limewire\looks.jar
c:\limewire\MessagesBundle.properties
c:\limewire\MessagesBundles.jar
c:\limewire\mp3sp14.jar
c:\limewire\pmf.ico
c:\limewire\ProgressTabs.jar
c:\limewire\root\magnet10\badge.img
c:\limewire\root\magnet10\canHandle.img
c:\limewire\root\magnet10\limewire.gif
c:\limewire\root\magnet10\options.js
c:\limewire\root\magnet10\silentdetect.js
c:\limewire\SOURCE
c:\limewire\spacer.gif
c:\limewire\themes.jar
c:\limewire\tritonus.jar
c:\limewire\uninstall.exe
c:\limewire\unpack.log
c:\limewire\update.ver
c:\limewire\vorbis.jar
c:\limewire\WindowsV5PlusUtils.dll
c:\limewire\xerces.jar
c:\limewire\xml-apis.jar
c:\limewire\xml.war
c:\windows\system32\bak
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\bak\PSDrvCheck.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-27 21:37 . 2009-10-27 21:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-10-27 21:21 . 2009-10-27 21:21 -------- d-----w- c:\documents and settings\Raj\Application Data\Stardock
2009-10-27 21:11 . 2009-10-27 21:11 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\PackageAware
2009-10-27 18:51 . 2009-10-27 18:51 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\Stardock
2009-10-27 18:51 . 2009-10-27 21:37 -------- d-----w- c:\program files\Stardock
2009-10-27 18:51 . 2009-10-27 18:51 -------- d-----w- c:\program files\Common Files\Stardock
2009-10-25 17:41 . 2009-10-25 17:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-25 14:22 . 2009-10-27 18:50 -------- d-----w- c:\program files\RocketDock
2009-10-25 02:26 . 2009-10-25 02:56 -------- dc----w- C:\ComFx9764C
2009-10-25 02:16 . 2009-10-25 02:20 -------- dc----w- C:\ComFx
2009-10-24 22:06 . 2009-10-24 22:09 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\Tific
2009-10-24 22:06 . 2009-10-24 22:06 -------- d-----w- c:\documents and settings\Raj\Application Data\Tific
2009-10-24 21:28 . 2009-10-24 21:28 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 21:28 . 2009-10-25 02:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-24 21:28 . 2009-10-25 02:24 -------- dc----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-24 20:34 . 2009-10-24 20:35 23724034 -c--a-w- C:\SYM_REGISTRY_BACKUP.reg
2009-10-24 17:57 . 2009-10-25 23:10 -------- d-----w- c:\documents and settings\Raj\.housecall6.6
2009-10-24 17:22 . 2009-10-24 17:22 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-10-24 17:22 . 2009-10-24 17:22 32480 ----a-w- c:\windows\system32\Partizan.exe
2009-10-24 16:03 . 2009-10-24 22:46 0 ----a-r- c:\windows\win32k.sys
2009-10-17 19:31 . 2009-10-17 19:31 -------- d-----w- C:\found.001
2009-09-28 22:20 . 2009-09-28 22:26 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\AIM
2009-09-28 22:20 . 2009-09-28 22:20 -------- dc----w- c:\documents and settings\All Users\Application Data\AIM
2009-09-28 22:19 . 2009-09-28 22:20 -------- d-----w- c:\program files\AIM7
2009-09-28 22:18 . 2009-09-28 22:18 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-27 22:11 . 2003-05-06 07:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-27 22:11 . 2007-10-03 18:58 -------- d-----w- c:\program files\iTunes
2009-10-27 22:11 . 2007-08-09 13:15 -------- d-----w- c:\program files\QuickTime
2009-10-27 22:11 . 2006-06-09 00:57 -------- d-----w- c:\program files\eFax Messenger 4.1
2009-10-27 22:11 . 2005-07-10 11:32 -------- d-----w- c:\program files\Norton SystemWorks
2009-10-27 22:11 . 2003-05-06 05:40 -------- d-----w- c:\program files\Coloreal
2009-10-27 18:55 . 2009-02-09 20:38 -------- d-----w- c:\documents and settings\Raj\Application Data\HPAppData
2009-10-25 22:15 . 2005-07-10 11:25 -------- d-----w- c:\program files\BRP
2009-10-25 03:20 . 2003-09-03 00:25 182504 ----a-w- c:\documents and settings\Raj\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 21:29 . 2003-05-06 07:55 -------- d-----w- c:\program files\Symantec
2009-10-24 21:29 . 2009-10-24 21:29 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-24 21:29 . 2009-10-24 21:29 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-24 21:29 . 2007-10-06 18:11 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-24 21:29 . 2007-10-06 18:11 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-24 20:58 . 2009-01-28 15:47 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-24 16:13 . 2003-05-06 05:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-24 15:43 . 2008-12-19 23:58 -------- d-----w- c:\documents and settings\Raj\Application Data\Download Manager
2009-10-24 14:47 . 2009-07-02 19:31 -------- d-----w- c:\documents and settings\Raj\Application Data\Aim
2009-10-17 19:08 . 2008-06-05 00:26 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-17 19:05 . 2009-01-06 20:47 -------- d-----w- c:\program files\Microsoft Works
2009-09-19 11:29 . 2004-10-25 22:53 -------- d-----w- c:\program files\Google
2009-09-19 11:23 . 2009-09-19 11:23 -------- d-----w- c:\program files\wwdpae
2009-09-16 11:33 . 2003-05-06 05:38 -------- d-----w- c:\program files\Quicken
2009-09-13 13:17 . 2008-05-30 21:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 14:18 . 2003-05-21 21:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-05-21 21:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-24 00:32 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-05-21 20:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24 . 2004-09-18 10:57 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-09-18 10:57 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-09-18 10:57 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2003-05-21 20:54 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2003-05-21 21:14 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-09-18 10:57 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-09-12 22:38 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2003-05-21 20:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-29 08:04 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 08:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2007-08-09 18:08 . 2008-02-26 02:08 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 . 2008-02-26 02:08 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2004-03-03 04:33 . 2004-03-03 04:33 0 -csha-w- c:\windows\SMINST\HPCD.sys
2006-04-11 22:28 . 2006-04-11 22:28 56 --sh--r- c:\windows\system32\DEFF81F1E0.sys
2007-06-28 13:48 . 2007-06-28 13:43 88 --sh--r- c:\windows\system32\E0F181FFDE.sys
2007-09-15 13:24 . 2007-06-28 13:43 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-10-25_02.48.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-27 22:02 . 2009-10-27 22:02 16384 c:\windows\temp\Perflib_Perfdata_1c4.dat
+ 2009-10-25 03:20 . 2009-10-25 03:20 10134 c:\windows\Installer\{F19F7B24-AAD4-4236-8475-5335483DA676}\ARPPRODUCTICON.exe
+ 2009-10-27 21:38 . 2009-10-27 21:38 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Mi crosoft.VisualC.ni.dll
+ 2009-10-27 21:37 . 2009-10-27 21:37 264704 c:\windows\Installer\d52f6.msi
+ 2009-10-27 21:38 . 2009-10-27 21:38 223744 c:\windows\assembly\NativeImages_v2.0.50727_32\Vis taBridgeLibrary\da7d86ec852d73c3a94a94f8423b4c86\V istaBridgeLibrary.ni.dll
+ 2009-10-27 21:38 . 2009-10-27 21:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4 \System.Runtime.Remoting.ni.dll
+ 2008-12-22 12:52 . 2009-10-25 12:08 2586720 c:\windows\system32\FNTCACHE.DAT
+ 2009-10-25 03:20 . 2009-10-25 03:20 3765248 c:\windows\Installer\1a3a82.msi
+ 2009-10-27 21:38 . 2009-10-27 21:38 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a \System.Data.OracleClient.ni.dll
+ 2009-10-27 21:38 . 2009-10-27 21:38 3628544 c:\windows\assembly\NativeImages_v2.0.50727_32\Fen ces\b836a749cfe68abdd21f419c4f9f3fc0\Fences.ni.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-10-23 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"KYE_Showicon"="c:\program files\USB Storage RW\shwicon.exe" [2002-10-25 69632]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"USB2Check"="c:\windows\system32\PCLECoInst.dl l" [2004-09-21 73728]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe " [2003-05-21 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"VF0060 STISvc"="V0060Pin.dll" - c:\windows\system32\V0060Pin.dll [2004-11-01 36864]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

c:\documents and settings\Raj\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-10-27 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-6-13 450560]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-9-21 811008]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125419246\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125419246\\ee\\aolservicehost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"k:\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Client Software(V2.0.0)\\HcNetClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"2544:UDP"= 2544:UDP:Windows Media Format SDK (iexplore.exe)
"2545:UDP"= 2545:UDP:Windows Media Format SDK (iexplore.exe)
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [3/15/2004 9:00 AM 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [3/15/2004 9:00 AM 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [3/15/2004 9:00 AM 431236]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [1/6/2006 8:09 PM 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/28/2008 10:30 AM 24652]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [3/15/2004 9:00 AM 64093]
S2 mrtRate;mrtRate; [x]
S3 DCamUSBConexant;Vivicam 355 USB Video Camera;c:\windows\system32\DRIVERS\Rapvid.sys --> c:\windows\system32\DRIVERS\Rapvid.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\MapleStory\Ga meGuard\dump_wmimmc.sys --> c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/24/2009 5:47 PM 102448]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system3 2\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Part izan.sys [10/24/2009 1:22 PM 34760]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 UsbCmxp;Scientific Atlanta WebSTAR 2000 series Cable Modem;c:\windows\system32\drivers\sacmxp2.sys [3/24/2005 8:57 AM 14336]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [9/29/2005 9:18 PM 196409]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-02-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B81951 62030.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2009-10-28 c:\windows\Tasks\User_Feed_Synchronization-{886034A9-BE59-4BF8-9E09-6D79CE981D5D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optonline.net/Home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.windowsdownloads.com/success.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Optimum Online Cursor Search - c:\documents and settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: go.com\*.disney
Trusted Zone: go.com\secure.disney
Trusted Zone: optimum.net\www
TCP: {C8326AE7-2F7C-425E-B772-5F759B9D491A} = 95.211.97.20,95.211.97.21,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
DPF: {6299BA62-2020-463C-954A-512718E5A23A} - hxxp://66.155.150.10/worklist/PiViewNet.cab
DPF: {9FA45D9C-1412-4949-B735-0D73A3D20E51} - hxxp://www.gloopers.com/VFX.CAB
DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} - hxxp://69.119.148.58:81/codebase/HCNetVideoActiveX.cab
FF - ProfilePath - c:\documents and settings\Raj\Application Data\Mozilla\Firefox\Profiles\x3nsn6ws.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

BHO-{7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-27 21:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:93,5e,8f,c6,6a,f8,cc,bf,93,a5,25,70, b8,8b,c4,e9,38,39,93,73,54,
0a,58,e0,7c,12,ec,9d,b1,81,2f,17,98,f5,90,c5,fa,0e ,45,80,8f,23,bf,c0,e6,25,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:93,5e,8f,c6,6a,f8,cc,bf,93,a5,25,70, b8,8b,c4,e9,38,39,93,73,54,
0a,58,e0,7c,12,ec,9d,b1,81,2f,17,98,f5,90,c5,fa,0e ,45,80,8f,23,bf,c0,e6,25,\
.
Completion time: 2009-10-28 21:43
ComboFix-quarantined-files.txt 2009-10-28 01:43
ComboFix2.txt 2009-10-27 23:21
ComboFix3.txt 2009-10-25 12:39
ComboFix4.txt 2009-09-08 19:03

Pre-Run: 117,834,592,256 bytes free
Post-Run: 117,813,743,616 bytes free

- - End Of File - - 991F95CF640A25058979FC6F9DD8A418

I see no more malware.You should be fine now..

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

ComboFix /u

Please read these for future reference it may save you future problems with malware:

http://www.pchelpforum.com/fixed-hij...afterwork.html
http://www.pchelpforum.com/fixed-hij...happening.html
http://www.pchelpforum.com/fixed-hij...-infected.html