Hello,

I disabled the spybot per your instructions. Here is the latest combofix log:

------------------------------------------------------------
ComboFix 08-05-09.1 - erika 2008-05-15 20:08:05.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2237 [GMT -5:00]
Running from: C:\Users\erika\Desktop\ComboFix.exe
Command switches used :: C:\Users\erika\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\ewqpijtk
C:\ProgramData\hszybahc

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-15 20:02 . 2008-05-15 20:02 <DIR> d-------- C:\Users\erika\AppData\Roaming\PeerNetworking
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Users\erika\AppData\Roaming\Malwarebytes
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-08 21:59 . 2008-05-08 23:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 21:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\System32\drivers\mbamcatchme.sys
2008-05-08 21:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-05-05 21:03 . 2008-05-07 12:29 287,899,900 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-03 12:23 . 2008-05-03 12:23 <DIR> d-------- C:\Users\erika\AppData\Roaming\Roxio
2008-04-22 21:57 . 2008-04-22 21:57 <DIR> d-------- C:\Autoruns

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 01:08 25,625,632 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-16 01:00 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-15 17:58 340,736 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-03 17:23 --------- d-----w C:\ProgramData\Sonic
2008-04-23 01:49 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-23 01:49 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-21 19:58 --------- d---a-w C:\ProgramData\TEMP
2008-04-14 20:23 --------- d-----w C:\ProgramData\Fugazo
2008-04-14 04:40 --------- d-----w C:\ProgramData\SpinTop Games
2008-04-14 03:29 --------- d-----w C:\Users\erika\AppData\Roaming\Apple Computer
2008-04-14 02:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-14 01:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-14 01:01 --------- d-----w C:\ProgramData\Lavasoft
2008-04-14 01:00 --------- d-----w C:\Program Files\Lavasoft
2008-04-14 00:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 04:12 --------- d-----w C:\Users\erika\AppData\Roaming\PlayFirst
2008-04-13 04:12 --------- d-----w C:\ProgramData\PlayFirst
2008-04-13 00:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-12 23:59 --------- d-----w C:\Program Files\Windows Mail
2008-04-12 23:59 --------- d-----w C:\Program Files\Windows Calendar
2008-04-12 23:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-12 23:57 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-12 23:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-12 23:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-12 23:53 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-12 23:53 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-12 23:53 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-12 23:53 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-12 23:53 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-12 23:53 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-12 23:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 23:52 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-12 23:52 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-12 23:52 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 23:52 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-12 23:52 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-12 23:52 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-04-12 23:52 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-12 23:52 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-12 23:51 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-12 23:51 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-04-12 23:51 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-04-12 23:51 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-04-12 23:51 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-04-12 23:51 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-04-12 23:51 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-04-12 23:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-12 23:51 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-04-12 23:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-12 23:50 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-12 23:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-12 23:50 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-12 23:50 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-12 23:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-12 23:50 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-12 23:48 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-04-12 23:47 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-12 23:47 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-12 23:47 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-12 23:47 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-04-12 23:47 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-12 23:47 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-04-12 23:45 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-04-12 23:45 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-04-12 23:45 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-12 23:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-04-12 23:43 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-12 23:43 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-12 23:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-04-12 23:43 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-12 23:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-04-12 23:43 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-04-12 23:42 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-12 23:42 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-12 23:42 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-12 23:42 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-12 23:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-12 23:41 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-12 23:40 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-04-12 23:40 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-12 15:37 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-12 14:49 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-04-12 14:49 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-04-12 14:49 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-12 14:49 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-12 14:49 33,624 ----a-w C:\Windows\System32\wups.dll
2008-04-12 14:49 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-12 14:49 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-04-12 14:49 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-12 14:49 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-06 21:56 --------- d-----w C:\Users\erika\AppData\Roaming\Mysteryville2
2008-04-06 19:43 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:43 --------- d-----w C:\Program Files\iTunes
2008-04-06 19:43 --------- d-----w C:\Program Files\iPod
2008-04-02 15:19 --------- d-----w C:\ProgramData\Symantec
2008-04-02 04:21 --------- d-----w C:\ProgramData\Interama
2008-03-31 04:35 --------- d-----w C:\Users\erika\AppData\Roaming\BloodTies
2008-03-29 04:41 --------- d-----w C:\Users\erika\AppData\Roaming\Yatec Games
2008-03-28 04:05 --------- d-----w C:\Users\erika\AppData\Roaming\Ludia
2008-03-28 04:05 --------- d-----w C:\ProgramData\Ludia
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-15_12.55.56.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 00:37:08 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-16 00:59:59 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-15 17:54:23 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-05-16 01:07:59 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-05-10 03:33:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-15 17:59:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-10 03:33:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-15 17:59:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-15 17:37:35 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usr class.dat
+ 2008-05-16 01:00:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usr class.dat
- 2008-05-10 03:35:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-15 18:01:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-15 17:54:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\u srclass.dat
+ 2008-05-16 01:07:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\u srclass.dat
- 2008-05-10 03:35:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-15 18:01:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-10 03:34:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2008-05-16 01:00:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2008-05-10 03:34:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 01:00:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2008-05-10 03:34:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2008-05-16 01:00:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2008-05-15 17:54:48 104,128 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-16 01:01:10 104,128 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-15 17:54:48 618,704 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-16 01:01:10 618,704 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-14 07:15:29 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-15 18:06:05 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-15 18:05:48 36,077 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 18:45 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 22:19 171448]
"cmds"="C:\Users\erika\AppData\Local\Temp\ddcAspop.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-13 10:53 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 10:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 06:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 23:31 178968]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-09 05:30 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-09 05:30 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-09 05:30 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 06:06 4669440 C:\WINDOWS\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 16:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 05:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"Airlink101 WLAN Monitor"="C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe" [2006-06-30 19:55 954368]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 17:59 49152]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-07 22:19 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7A3B5625-78D9-4922-ABF2-30F21E46EBDC}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F63876C7-30A6-4E61-9BB2-B53E7362BAC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D9699CBD-B153-4691-AC9A-406F65088F8A}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{E09CE15B-5F01-47D5-8BE7-FBCBB365D870}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{BCAECF92-ADD0-41AA-99BE-8F5770E8070B}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{6C8D929A-4B68-49EA-81A0-7170286E1F1B}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{40A0175B-A9DC-403A-AE5D-E2EDDECFA1AC}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{D1D8A6F1-B4A8-4038-AA50-A94B45ACF46B}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{C62A9A0D-93EF-4694-9B6B-653C888A0C1D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E11CD62B-1268-49A0-8EB6-3C269172D1D2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{91C21F08-BD4D-4C25-97DB-AC69D95B488E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{60C45900-ECA0-4BF4-AF7C-E2DE5A4BA0EA}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E57CF611-7A89-4510-B9C2-57B390CBA7EC}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96BDE7AA-D7FC-45C7-B444-F6E393B08743}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F1C0B9AA-5EA2-4D0F-9B91-E83DEBAD30E8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E207882F-CD91-4A41-9702-20A7728DAAB0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{840A055E-CEBF-463E-BDD1-EA300682BC85}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2991F59-4E74-4DCB-BB13-3025C3EE8DFE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A0ABCBDA-5035-48A1-AE8E-35FF9F1887DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A131C91F-981B-46C2-9510-AE157BB10166}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{74865007-5F4C-4DAA-BC26-0217513F1F8F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{10D4FB18-D112-45E5-8DB2-C6FF3F059308}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{5E5344FC-3B57-4110-8107-CCC80DB6D799}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{B9AC8E60-D29D-45A8-B32D-7232744F1F1A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{308ED02F-1234-4DD4-8645-A2107BE5FA9B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E0F427E9-ECB3-4178-94BF-7670477172DD}C:\\kav\\kav7\\setup.exe"= UDP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{ED0379E4-2470-4A18-A43C-5DA53F62CCC6}C:\\kav\\kav7\\setup.exe"= TCP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\S tatic\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 13:32]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
R3 AL101;Airlink101 802.11g PCI Driver;C:\Windows\system32\DRIVERS\AL101.sys [2006-07-04 16:28]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 12:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b28142bf-eb54-11dc-bb84-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
\shell\install\command - E:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ed0d312c-0962-11dd-b065-001d606465ef}]
\shell\AutoRun\command - L:\CAEdgemobile.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 20:09:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 20:10:52
ComboFix-quarantined-files.txt 2008-05-16 01:10:48
ComboFix2.txt 2008-05-15 17:56:11

Pre-Run: 369,418,145,792 bytes free
Post-Run: 369,393,434,624 bytes free

279 --- E O F --- 2008-05-14 07:15:32
--------------------------------------------------------------------

HijackThis log to follow in the next reply.

Here is the latest HijackThis log:
---------------------------------------------------
ComboFix 08-05-09.1 - erika 2008-05-15 20:08:05.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2237 [GMT -5:00]
Running from: C:\Users\erika\Desktop\ComboFix.exe
Command switches used :: C:\Users\erika\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\ewqpijtk
C:\ProgramData\hszybahc

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-15 20:02 . 2008-05-15 20:02 <DIR> d-------- C:\Users\erika\AppData\Roaming\PeerNetworking
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Users\erika\AppData\Roaming\Malwarebytes
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-08 21:59 . 2008-05-08 23:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 21:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\System32\drivers\mbamcatchme.sys
2008-05-08 21:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-05-05 21:03 . 2008-05-07 12:29 287,899,900 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-03 12:23 . 2008-05-03 12:23 <DIR> d-------- C:\Users\erika\AppData\Roaming\Roxio
2008-04-22 21:57 . 2008-04-22 21:57 <DIR> d-------- C:\Autoruns

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 01:08 25,625,632 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-16 01:00 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-15 17:58 340,736 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-03 17:23 --------- d-----w C:\ProgramData\Sonic
2008-04-23 01:49 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-23 01:49 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-21 19:58 --------- d---a-w C:\ProgramData\TEMP
2008-04-14 20:23 --------- d-----w C:\ProgramData\Fugazo
2008-04-14 04:40 --------- d-----w C:\ProgramData\SpinTop Games
2008-04-14 03:29 --------- d-----w C:\Users\erika\AppData\Roaming\Apple Computer
2008-04-14 02:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-14 01:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-14 01:01 --------- d-----w C:\ProgramData\Lavasoft
2008-04-14 01:00 --------- d-----w C:\Program Files\Lavasoft
2008-04-14 00:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 04:12 --------- d-----w C:\Users\erika\AppData\Roaming\PlayFirst
2008-04-13 04:12 --------- d-----w C:\ProgramData\PlayFirst
2008-04-13 00:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-12 23:59 --------- d-----w C:\Program Files\Windows Mail
2008-04-12 23:59 --------- d-----w C:\Program Files\Windows Calendar
2008-04-12 23:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-12 23:57 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-12 23:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-12 23:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-12 23:53 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-12 23:53 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-12 23:53 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-12 23:53 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-12 23:53 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-12 23:53 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-12 23:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 23:52 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-12 23:52 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-12 23:52 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 23:52 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-12 23:52 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-12 23:52 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-04-12 23:52 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-12 23:52 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-12 23:51 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-12 23:51 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-04-12 23:51 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-04-12 23:51 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-04-12 23:51 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-04-12 23:51 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-04-12 23:51 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-04-12 23:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-12 23:51 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-04-12 23:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-12 23:50 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-12 23:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-12 23:50 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-12 23:50 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-12 23:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-12 23:50 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-12 23:48 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-04-12 23:47 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-12 23:47 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-12 23:47 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-12 23:47 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-04-12 23:47 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-12 23:47 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-04-12 23:45 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-04-12 23:45 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-04-12 23:45 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-12 23:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-04-12 23:43 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-12 23:43 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-12 23:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-04-12 23:43 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-12 23:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-04-12 23:43 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-04-12 23:42 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-12 23:42 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-12 23:42 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-12 23:42 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-12 23:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-12 23:41 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-12 23:40 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-04-12 23:40 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-12 15:37 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-12 14:49 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-04-12 14:49 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-04-12 14:49 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-12 14:49 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-12 14:49 33,624 ----a-w C:\Windows\System32\wups.dll
2008-04-12 14:49 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-12 14:49 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-04-12 14:49 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-12 14:49 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-06 21:56 --------- d-----w C:\Users\erika\AppData\Roaming\Mysteryville2
2008-04-06 19:43 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:43 --------- d-----w C:\Program Files\iTunes
2008-04-06 19:43 --------- d-----w C:\Program Files\iPod
2008-04-02 15:19 --------- d-----w C:\ProgramData\Symantec
2008-04-02 04:21 --------- d-----w C:\ProgramData\Interama
2008-03-31 04:35 --------- d-----w C:\Users\erika\AppData\Roaming\BloodTies
2008-03-29 04:41 --------- d-----w C:\Users\erika\AppData\Roaming\Yatec Games
2008-03-28 04:05 --------- d-----w C:\Users\erika\AppData\Roaming\Ludia
2008-03-28 04:05 --------- d-----w C:\ProgramData\Ludia
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-15_12.55.56.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 00:37:08 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-16 00:59:59 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-15 17:54:23 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-05-16 01:07:59 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-05-10 03:33:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-15 17:59:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-10 03:33:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-15 17:59:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-15 17:37:35 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usr class.dat
+ 2008-05-16 01:00:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usr class.dat
- 2008-05-10 03:35:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-15 18:01:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-15 17:54:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\u srclass.dat
+ 2008-05-16 01:07:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\u srclass.dat
- 2008-05-10 03:35:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-15 18:01:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-10 03:34:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2008-05-16 01:00:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2008-05-10 03:34:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 01:00:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2008-05-10 03:34:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2008-05-16 01:00:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2008-05-15 17:54:48 104,128 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-16 01:01:10 104,128 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-15 17:54:48 618,704 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-16 01:01:10 618,704 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-14 07:15:29 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-15 18:06:05 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-15 18:05:48 36,077 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 18:45 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 22:19 171448]
"cmds"="C:\Users\erika\AppData\Local\Temp\ddcAspop.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-13 10:53 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 10:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 06:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 23:31 178968]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-09 05:30 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-09 05:30 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-09 05:30 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 06:06 4669440 C:\WINDOWS\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 16:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 05:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"Airlink101 WLAN Monitor"="C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe" [2006-06-30 19:55 954368]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 17:59 49152]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-07 22:19 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7A3B5625-78D9-4922-ABF2-30F21E46EBDC}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F63876C7-30A6-4E61-9BB2-B53E7362BAC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D9699CBD-B153-4691-AC9A-406F65088F8A}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{E09CE15B-5F01-47D5-8BE7-FBCBB365D870}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{BCAECF92-ADD0-41AA-99BE-8F5770E8070B}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{6C8D929A-4B68-49EA-81A0-7170286E1F1B}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{40A0175B-A9DC-403A-AE5D-E2EDDECFA1AC}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{D1D8A6F1-B4A8-4038-AA50-A94B45ACF46B}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{C62A9A0D-93EF-4694-9B6B-653C888A0C1D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E11CD62B-1268-49A0-8EB6-3C269172D1D2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{91C21F08-BD4D-4C25-97DB-AC69D95B488E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{60C45900-ECA0-4BF4-AF7C-E2DE5A4BA0EA}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E57CF611-7A89-4510-B9C2-57B390CBA7EC}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96BDE7AA-D7FC-45C7-B444-F6E393B08743}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F1C0B9AA-5EA2-4D0F-9B91-E83DEBAD30E8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E207882F-CD91-4A41-9702-20A7728DAAB0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{840A055E-CEBF-463E-BDD1-EA300682BC85}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2991F59-4E74-4DCB-BB13-3025C3EE8DFE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A0ABCBDA-5035-48A1-AE8E-35FF9F1887DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A131C91F-981B-46C2-9510-AE157BB10166}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{74865007-5F4C-4DAA-BC26-0217513F1F8F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{10D4FB18-D112-45E5-8DB2-C6FF3F059308}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{5E5344FC-3B57-4110-8107-CCC80DB6D799}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{B9AC8E60-D29D-45A8-B32D-7232744F1F1A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{308ED02F-1234-4DD4-8645-A2107BE5FA9B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E0F427E9-ECB3-4178-94BF-7670477172DD}C:\\kav\\kav7\\setup.exe"= UDP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{ED0379E4-2470-4A18-A43C-5DA53F62CCC6}C:\\kav\\kav7\\setup.exe"= TCP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\S tatic\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 13:32]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
R3 AL101;Airlink101 802.11g PCI Driver;C:\Windows\system32\DRIVERS\AL101.sys [2006-07-04 16:28]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 12:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b28142bf-eb54-11dc-bb84-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
\shell\install\command - E:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ed0d312c-0962-11dd-b065-001d606465ef}]
\shell\AutoRun\command - L:\CAEdgemobile.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 20:09:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 20:10:52
ComboFix-quarantined-files.txt 2008-05-16 01:10:48
ComboFix2.txt 2008-05-15 17:56:11

Pre-Run: 369,418,145,792 bytes free
Post-Run: 369,393,434,624 bytes free

279 --- E O F --- 2008-05-14 07:15:32

-------------------------------------------------------------------------------------

As always, your help is most appreciated.

easymfe

Are you sure you copied the entire script?

Please follow the same instructions as you did previously but run this new script please:

Hello,

Yes, this is the script I used last:

------------------
Folder::
C:\ProgramData\hszybahc
C:\ProgramData\ewqpijtk

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cmds"=-
------------------

I will get the latest script and follow your instructions again.

Thanks for all your help!

Eric

Yes, please do. Thanks.

Hello,

Ok, couple of things, I made sure the teatimer was unchecked and it was and then ran combo fix by dragging the script on to the executable. I did notice when combo fix was running I did see in the bottom right corner that a change was denied because of a user blacklist or something (it just flashed). Do I need to do something else to turn off spybot?

Also, right before the combo fix log came up I saw the following message in the box:

The system cannot find the file fdsv_cb.

I believe that was the message, I couldn't find a pen right away.

Anyway, here is the latest combo fix log. The HijackThis log will be in the next reply...

----------------------------------------------
ComboFix 08-05-09.1 - erika 2008-05-16 12:29:43.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2268 [GMT -5:00]
Running from: C:\Users\erika\Desktop\ComboFix.exe
Command switches used :: C:\Users\erika\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-15 20:02 . 2008-05-15 20:02 <DIR> d-------- C:\Users\erika\AppData\Roaming\PeerNetworking
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Users\erika\AppData\Roaming\Malwarebytes
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-08 21:59 . 2008-05-08 23:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 21:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\System32\drivers\mbamcatchme.sys
2008-05-08 21:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-05-05 21:03 . 2008-05-07 12:29 287,899,900 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-03 12:23 . 2008-05-03 12:23 <DIR> d-------- C:\Users\erika\AppData\Roaming\Roxio
2008-04-22 21:57 . 2008-04-22 21:57 <DIR> d-------- C:\Autoruns

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 17:31 25,903,392 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-16 01:00 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-15 17:58 340,736 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-03 17:23 --------- d-----w C:\ProgramData\Sonic
2008-04-23 01:49 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-23 01:49 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-21 19:58 --------- d---a-w C:\ProgramData\TEMP
2008-04-14 20:23 --------- d-----w C:\ProgramData\Fugazo
2008-04-14 04:40 --------- d-----w C:\ProgramData\SpinTop Games
2008-04-14 03:29 --------- d-----w C:\Users\erika\AppData\Roaming\Apple Computer
2008-04-14 02:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-14 01:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-14 01:01 --------- d-----w C:\ProgramData\Lavasoft
2008-04-14 01:00 --------- d-----w C:\Program Files\Lavasoft
2008-04-14 00:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 04:12 --------- d-----w C:\Users\erika\AppData\Roaming\PlayFirst
2008-04-13 04:12 --------- d-----w C:\ProgramData\PlayFirst
2008-04-13 00:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-12 23:59 --------- d-----w C:\Program Files\Windows Mail
2008-04-12 23:59 --------- d-----w C:\Program Files\Windows Calendar
2008-04-12 23:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-12 23:57 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-12 23:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-12 23:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-12 23:53 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-12 23:53 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-12 23:53 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-12 23:53 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-12 23:53 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-12 23:53 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-12 23:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 23:52 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-12 23:52 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-12 23:52 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 23:52 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-12 23:52 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-12 23:52 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-04-12 23:52 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-12 23:52 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-12 23:51 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-12 23:51 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-04-12 23:51 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-04-12 23:51 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-04-12 23:51 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-04-12 23:51 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-04-12 23:51 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-04-12 23:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-12 23:51 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-04-12 23:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-12 23:50 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-12 23:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-12 23:50 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-12 23:50 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-12 23:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-12 23:50 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-12 23:48 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-04-12 23:47 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-12 23:47 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-12 23:47 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-12 23:47 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-04-12 23:47 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-12 23:47 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-04-12 23:45 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-04-12 23:45 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-04-12 23:45 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-12 23:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-04-12 23:43 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-12 23:43 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-12 23:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-04-12 23:43 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-12 23:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-04-12 23:43 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-04-12 23:42 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-12 23:42 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-12 23:42 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-12 23:42 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-12 23:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-12 23:41 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-12 23:40 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-04-12 23:40 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-12 15:37 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-12 14:49 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-04-12 14:49 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-04-12 14:49 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-12 14:49 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-12 14:49 33,624 ----a-w C:\Windows\System32\wups.dll
2008-04-12 14:49 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-12 14:49 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-04-12 14:49 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-12 14:49 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-06 21:56 --------- d-----w C:\Users\erika\AppData\Roaming\Mysteryville2
2008-04-06 19:43 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:43 --------- d-----w C:\Program Files\iTunes
2008-04-06 19:43 --------- d-----w C:\Program Files\iPod
2008-04-02 15:19 --------- d-----w C:\ProgramData\Symantec
2008-04-02 04:21 --------- d-----w C:\ProgramData\Interama
2008-03-31 04:35 --------- d-----w C:\Users\erika\AppData\Roaming\BloodTies
2008-03-29 04:41 --------- d-----w C:\Users\erika\AppData\Roaming\Yatec Games
2008-03-28 04:05 --------- d-----w C:\Users\erika\AppData\Roaming\Ludia
2008-03-28 04:05 --------- d-----w C:\ProgramData\Ludia
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-15_20.10.22.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 00:59:59 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-16 17:27:28 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-16 01:07:59 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-05-16 17:29:35 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-05-16 01:00:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usr class.dat
+ 2008-05-16 17:27:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usr class.dat
- 2008-05-16 01:07:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\u srclass.dat
+ 2008-05-16 17:29:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\u srclass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 18:45 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 22:19 171448]
"cmds"="C:\Users\erika\AppData\Local\Temp\ddcAspop.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-13 10:53 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 10:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 06:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 23:31 178968]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-09 05:30 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-09 05:30 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-09 05:30 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 06:06 4669440 C:\WINDOWS\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 16:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 05:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"Airlink101 WLAN Monitor"="C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe" [2006-06-30 19:55 954368]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 17:59 49152]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-07 22:19 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7A3B5625-78D9-4922-ABF2-30F21E46EBDC}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F63876C7-30A6-4E61-9BB2-B53E7362BAC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D9699CBD-B153-4691-AC9A-406F65088F8A}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{E09CE15B-5F01-47D5-8BE7-FBCBB365D870}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{BCAECF92-ADD0-41AA-99BE-8F5770E8070B}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{6C8D929A-4B68-49EA-81A0-7170286E1F1B}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{40A0175B-A9DC-403A-AE5D-E2EDDECFA1AC}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{D1D8A6F1-B4A8-4038-AA50-A94B45ACF46B}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{C62A9A0D-93EF-4694-9B6B-653C888A0C1D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E11CD62B-1268-49A0-8EB6-3C269172D1D2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{91C21F08-BD4D-4C25-97DB-AC69D95B488E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{60C45900-ECA0-4BF4-AF7C-E2DE5A4BA0EA}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E57CF611-7A89-4510-B9C2-57B390CBA7EC}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96BDE7AA-D7FC-45C7-B444-F6E393B08743}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F1C0B9AA-5EA2-4D0F-9B91-E83DEBAD30E8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E207882F-CD91-4A41-9702-20A7728DAAB0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{840A055E-CEBF-463E-BDD1-EA300682BC85}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2991F59-4E74-4DCB-BB13-3025C3EE8DFE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A0ABCBDA-5035-48A1-AE8E-35FF9F1887DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A131C91F-981B-46C2-9510-AE157BB10166}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{74865007-5F4C-4DAA-BC26-0217513F1F8F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{10D4FB18-D112-45E5-8DB2-C6FF3F059308}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{5E5344FC-3B57-4110-8107-CCC80DB6D799}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{B9AC8E60-D29D-45A8-B32D-7232744F1F1A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{308ED02F-1234-4DD4-8645-A2107BE5FA9B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E0F427E9-ECB3-4178-94BF-7670477172DD}C:\\kav\\kav7\\setup.exe"= UDP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{ED0379E4-2470-4A18-A43C-5DA53F62CCC6}C:\\kav\\kav7\\setup.exe"= TCP:C:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\S tatic\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 13:32]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
R3 AL101;Airlink101 802.11g PCI Driver;C:\Windows\system32\DRIVERS\AL101.sys [2006-07-04 16:28]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 12:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b28142bf-eb54-11dc-bb84-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
\shell\install\command - E:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ed0d312c-0962-11dd-b065-001d606465ef}]
\shell\AutoRun\command - L:\CAEdgemobile.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 12:31:24
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-16 12:32:19
ComboFix-quarantined-files.txt 2008-05-16 17:32:15
ComboFix2.txt 2008-05-16 01:10:52
ComboFix3.txt 2008-05-15 17:56:11

Pre-Run: 369,043,468,288 bytes free
Post-Run: 370,579,173,376 bytes free

252 --- E O F --- 2008-05-14 07:15:32

Here's the latest HijackThis log:
--------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:33:03 PM, on 5/16/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\p2phost.exe
C:\Windows\Explorer.exe
C:\Users\erika\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\erika\AppData\Local\Temp\ddcAspop.dll,c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Private%20Eye/Images/stg_drm.ocx
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_bur...sPlayer_v4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Cate%20West%20-%20The%20Vanishing%20Files/Images/armhelper.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - In