Don't know if this is a repetitive query:

I am not able to install Spybot1.6, but when I change the name of installer it gets partially installed as SpybotSD.exe is missing.


Here is ComboFix Log:
ComboFix 09-01-15.01 - Shailesh Patel 2009-01-20 21:04:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2005.1233 [GMT 5.5:30]
Running from: d:\documents and settings\Shailesh Patel\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\icon.ico
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-20 20:52 . 2009-01-20 20:52 28 --a------ c:\windows\system32\comdlg32_dll.iss
2009-01-20 19:56 . 2009-01-20 19:56 <DIR> d-------- c:\program files\Vaugouin
2009-01-20 19:43 . 2009-01-20 19:43 <DIR> d-------- c:\program files\Locate
2009-01-19 21:57 . 2009-01-19 21:57 <DIR> d-------- c:\program files\Avaya
2009-01-19 21:57 . 2007-12-05 14:56 172,032 --a------ c:\windows\system32\QosServM.exe
2009-01-19 19:56 . 2009-01-20 20:49 <DIR> d-------- c:\program files\Unlocker
2009-01-19 19:49 . 2009-01-20 20:52 345 --a------ c:\windows\gmer.ini
2009-01-19 19:42 . 2009-01-19 19:51 <DIR> d-------- d:\documents and settings\All Users\Application Data\AppRanger
2009-01-19 19:42 . 2009-01-19 19:42 <DIR> d-------- c:\windows\logs
2009-01-19 19:42 . 2009-01-20 20:49 <DIR> d-------- c:\program files\AppRanger
2009-01-19 19:23 . 2009-01-19 19:23 <DIR> d-------- d:\documents and settings\Shailesh Patel\Application Data\Malwarebytes
2009-01-19 19:22 . 2009-01-19 19:22 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 19:21 . 2009-01-19 19:37 <DIR> d-a------ d:\documents and settings\All Users\Application Data\TEMP
2009-01-19 18:43 . 2009-01-19 18:43 <DIR> d-------- c:\program files\RedLeg
2009-01-19 18:42 . 2009-01-19 18:42 <DIR> d-------- d:\documents and settings\All Users\Application Data\RedLeg
2009-01-19 18:38 . 2009-01-19 18:38 <DIR> d-------- c:\program files\CCleaner
2009-01-19 18:33 . 2009-01-19 18:33 <DIR> d-------- c:\program files\Safer Networking
2009-01-19 18:27 . 2009-01-19 18:39 <DIR> d-------- c:\program files\RootKit Hook Analyzer
2009-01-19 17:28 . 2009-01-19 17:27 14,336 --a------ C:\contractor_details.xls
2009-01-14 17:43 . 2009-01-20 20:45 <DIR> d-------- d:\documents and settings\Shailesh Patel\shailesh_patel.ft
2009-01-14 10:01 . 2009-01-14 10:01 2,142,208 --a------ c:\windows\WebSS4.scr
2009-01-14 01:08 . 2008-08-30 00:53 151,552 --a------ c:\windows\system32\securenet.dll
2009-01-14 00:42 . 2009-01-14 00:42 <DIR> d-------- d:\documents and settings\Shailesh Patel\Application Data\Research In Motion
2009-01-14 00:42 . 2009-01-14 00:42 256 --a------ c:\windows\system32\pool.bin
2009-01-13 23:46 . 2009-01-13 23:46 <DIR> d-------- d:\documents and settings\All Users\Application Data\MySQL
2009-01-13 23:30 . 2009-01-14 00:17 <DIR> d-------- d:\documents and settings\Shailesh Patel\Application Data\MySQL
2009-01-13 23:24 . 2009-01-16 15:00 <DIR> d-------- c:\program files\MySQL
2009-01-13 22:23 . 2009-01-13 22:36 <DIR> d-------- d:\documents and settings\Shailesh Patel\workspace
2009-01-13 20:51 . 2009-01-13 20:51 <DIR> d-------- c:\program files\Sun
2009-01-13 20:51 . 2009-01-13 20:51 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-13 20:51 . 2009-01-13 20:51 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-13 20:43 . 2009-01-13 20:49 <DIR> d-------- C:\Eclipse
2009-01-13 20:35 . 2009-01-16 15:44 <DIR> d-------- c:\program files\Apache Software Foundation
2009-01-07 16:30 . 2009-01-07 16:30 <DIR> d-------- C:\Audits
2008-12-29 16:25 . 2008-12-29 16:25 1,509,376 -ra------ C:\ODC Induction.ppt
2008-12-26 15:21 . 2008-12-26 15:21 1,327,104 --a------ C:\locate32-3.0.7.7010.exe
2008-12-24 16:47 . 2008-12-24 16:47 <DIR> d-------- C:\My Documents
2008-12-24 16:46 . 2008-12-24 16:46 <DIR> d-------- C:\Extensity
2008-12-24 16:19 . 2008-12-24 16:19 <DIR> d-------- d:\documents and settings\Shailesh Patel\Extensity
2008-12-24 15:24 . 2008-12-24 15:24 <DIR> d-------- c:\program files\iFooter AddIn
2008-12-24 15:24 . 2008-12-24 15:24 <DIR> d-------- c:\program files\iFooter
2008-12-24 14:29 . 2008-12-24 14:29 37,888 -ra------ C:\Phase 2 - Seating.xls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 14:22 --------- d-----w c:\program files\msilaunch
2009-01-20 11:27 --------- d-----w c:\program files\PLSQL Developer
2009-01-13 15:21 --------- d-----w c:\program files\Java
2008-12-24 09:52 --------- d-----w c:\program files\Common Files\Adobe
2008-12-23 14:54 --------- d-----w d:\documents and settings\Shailesh Patel\Application Data\Download Manager
2008-12-23 09:55 --------- d-----w c:\program files\Notes
2008-12-19 13:50 --------- d-----w d:\documents and settings\Shailesh Patel\Application Data\Locate32
2008-12-18 17:45 --------- d-----w c:\program files\McK PDF Writer
2008-11-11 12:13 24,028,402 ----a-w C:\sametime 801-setup-win32.zip
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2005-11-15 19:32 3,638 ----a-r c:\program files\Common Files\Altiris_Icon.ico
2001-09-28 11:30 164,864 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppInstaller"="c:\windows\I386\fi\tivoli\AppInst\AppInst.EXE" [2007-11-16 20480]
"DSKMGR"="c:\program files\Desktop Manager\DskMgr.exe" [2007-09-10 122880]
"ScreenSaverReset"="c:\windows\I386\fi\security\ScreenSaverReset.exe" [2003-03-21 20480]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2006-11-02 1115333]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-22 166424]
"SpySweeperEnterprise"="c:\program files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe" [2006-01-04 1327616]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2008-01-31 143360]
"AgentUiRunKey"="d:\connected\Agent.exe" [2007-12-06 239104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-11 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= AMINIT.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1897051121-1417001333-131732\Scripts\Logon\0\0]
"Script"=wscript.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1897051121-1417001333-131732\Scripts\Logon\1\0]
"Script"=wscript.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1897051121-1417001333-132007\Scripts\Logon\0\0]
"Script"=wscript.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1897051121-1417001333-132007\Scripts\Logon\1\0]
"Script"=wscript.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2008-01-28 17968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [2008-08-21 76849]
R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [2008-08-21 47788]
R4 AgentService;AgentService;d:\connected\AgentService.exe -p 16386 --> d:\connected\AgentService.exe -p 16386 [?]
R4 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]
R4 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2007-12-06 45384]
R4 SavRoam;SAVRoam;c:\program files\Symantec_Client_Security\Symantec AntiVirus\SavRoam.exe [2007-03-15 116416]
R4 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\vpatch.exe [2008-08-21 426333]
S3 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [2008-08-21 2011473]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-04 33752]
S4 apprngr_svc;AppRanger Service;"c:\program files\AppRanger\SWSvc.exe" --> c:\program files\AppRanger\SWSvc.exe [?]
S4 black;black;c:\windows\system32\drivers\Blackcat.sys [2008-08-21 197106]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\Weekly VSS Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 17:30]
.
.


c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf


c:\windows\Downloaded Program Files\scvncctrl.dll - O16 -: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD}
hxxp://eu-altirisds01/icpredesign/depconsole/viewerx.cab
c:\windows\Downloaded Program Files\viewerx.inf

c:\windows\Downloaded Program Files\in_wrapper80.INF
FF - ProfilePath - d:\documents and settings\Shailesh Patel\Application Data\Mozilla\Firefox\Profiles\71pbx1ya.default\
FF - plugin: c:\program files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 21:13:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\ginahook.dll
c:\windows\system32\WRLogonNtf.DLL

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
d:\connected\AgentService.exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ISS\Proventia Desktop\RapApp.exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Webroot\Enterprise\Spy Sweeper\CommAgent.exe
c:\program files\Webroot\Enterprise\Spy Sweeper\SPYSWEEPER.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2009-01-20 21:17:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-20 15:46:55

Pre-Run: 9,346,109,440 bytes free
Post-Run: 9,238,966,272 bytes free

319 --- E O F --- 2009-01-20 15:41:15

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:17 PM, on 1/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
D:\Connected\AgentService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Connected\Agent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\notes\NLNOTES.EXE
C:\Program Files\notes\ntaskldr.EXE
D:\NotesII\nlnotes.exe
D:\NotesII\ntaskldr.EXE
C:\Program Files\IBM\Lotus\Sametime Connect\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.1.200803131536\win32\x86\eclipse.exe
C:\Program Files\IBM\Lotus\Sametime Connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200803200905\jre\bin\sametime80w.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Locate\Locate32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer 03.18.04
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AvayaIEHlprObj Class - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AppInstaller] C:\WINDOWS\I386\fi\tivoli\AppInst\AppInst.EXE
O4 - HKLM\..\Run: [DSKMGR] C:\Program Files\Desktop Manager\DskMgr.exe
O4 - HKLM\..\Run: [ScreenSaverReset] C:\WINDOWS\I386\fi\security\ScreenSaverReset.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeperEnterprise] "C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe" /StartInTray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [AgentUiRunKey] "D:\Connected\Agent.exe" -ni -sss -e http://localhost:16386/
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O20 - AppInit_DLLs: AMINIT.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: AgentService - Iron Mountain Incorporated - D:\Connected\AgentService.exe
O23 - Service: AppRanger Service (apprngr_svc) - Unknown owner - C:\Program Files\AppRanger\SWSvc.exe (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\QosServM.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\CommAgent.exe
O23 - Service: WebrootSpySweeperService - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

gmer log file attached:

Updates:

I found that SpybotSD.exe and few other files are not deleted they are converted as Protected OS hidden files. And their are 3-4 .scr files in SB folder which when I delete come back with different name with .scr ext.

I downloaded SpybotSD.exe 4777KB from 4shared and ran it the spybot scanner starts but doesn't proceed and ask for updates. I am not able to install update by running SpybotUpdate.exe even after renaming it nor by the manually installing spybot_includes.

Please comment. Will keep you all posted on my findings

Thanks
Shailesh

As found in this forum, .scr is the backup of original file. I drag and dropped the file in cmd prompt and it started scan, only two tracking cookies were found i.e 'statcounter' and 'Web Trends Live'.

How this can be, is SB missing any thing ?