HJT Log File

Mark Marquez
Mark Marquez used Ask the Experts™
on
Can someone please review the following HJT log file and let me know if there's anything suspect?
Problem with Active Desktop Recovery.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:28 AM, on 7/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Sharp\Sharpdesk\FtpServer.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Sharp\Sharpdesk\nsapp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1052
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.*;192.168.0.*
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll
R3 - URLSearchHook: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" /n
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262902825128
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262902818316
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = limandri.local
O17 - HKLM\Software\..\Telephony: DomainName = limandri.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = limandri.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = limandri.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = limandri.local
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KDENWO~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 11950 bytes
hijackthis.log
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Have you tried changing your background? Your active desktop files might be corrupted.
Top Expert 2009

Commented:
Fix these:

R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dllO2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll
  ...............................................................................................................................

These entries am unsure of. Theres a few. Do you use this toolbar?
Free TV Bar c3 Toolbar
      ..............................................................................................................

Run Combofix and post logfile
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
                                ................................................................................................
Then reset IE settings if still having issue
http://support.microsoft.com/kb/923737
Top Expert 2007

Commented:
There is nothing malicious showing in your Hijackthis log... some entries are open to debate or optional but not malicious.
But then a lot of nasties can now hide from the Hijackthis scan so scanning the system is a good idea, either MalwareBytes or ComboFix as suggested and attach the log.

The problem could also be caused by conflicts with your installed programs, try uninstalling or disabling your toolbars etc to troubleshoot.
Also check these:
Active Desktop Recovery failure:
http://www.computing.net/answers/windows-xp/active-desktop-recovery-solved/174591.html

Active Desktop Recovery error:
http://www.computing.net/answers/windows-xp/active-desktop-recovery-error/179373.html
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Author

Commented:
Thank you both optoma and rpggamergirl,  will get to it tomorrow morning.

Thank you....

Author

Commented:
Ran ComboFix.  Attached is the log.

ComboFix 10-07-06.05 - kdenworth 07/07/2010   9:45.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2039.1477 [GMT -7:00]
Running from: c:\documents and settings\kdenworth\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2010-06-07 to 2010-07-07  )))))))))))))))))))))))))))))))
.

2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\windows\system32\wbem\snmp
2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\windows\srchasst
2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\windows\system32\xircom
2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\windows\msagent
2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\program files\microsoft frontpage
2010-07-05 17:07 . 2010-07-05 17:07      --------      d-----w-      c:\program files\Trend Micro
2010-07-05 17:06 . 2010-07-05 17:07      --------      d-----w-      C:\HiJackThis
2010-07-02 18:43 . 2010-07-02 18:43      --------      d-----w-      C:\Depos
2010-06-26 02:38 . 2010-06-26 02:38      503808      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16649a82-n\msvcp71.dll
2010-06-26 02:38 . 2010-06-26 02:38      499712      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16649a82-n\jmc.dll
2010-06-26 02:38 . 2010-06-26 02:38      348160      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16649a82-n\msvcr71.dll
2010-06-26 02:38 . 2010-06-26 02:38      61440      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-423474dc-n\decora-sse.dll
2010-06-26 02:38 . 2010-06-26 02:38      12800      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-423474dc-n\decora-d3d.dll
2010-06-26 02:38 . 2010-06-26 02:38      --------      d-----w-      c:\program files\Common Files\Java
2010-06-26 02:37 . 2010-04-13 00:29      411368      ----a-w-      c:\windows\system32\deployJava1.dll
2010-06-23 16:55 . 2010-07-06 15:24      --------      d-----w-      c:\documents and settings\kdenworth\Application Data\PriceGong
2010-06-18 21:17 . 2010-06-18 21:17      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn
2010-06-15 19:02 . 2010-05-06 10:41      743424      ------w-      c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 18:57 . 2010-03-05 14:57      65536      ------w-      c:\windows\system32\dllcache\asycfilt.dll
2010-06-15 18:56 . 2010-04-20 05:51      285696      ------w-      c:\windows\system32\dllcache\atmfd.dll
2010-06-15 17:58 . 2010-06-15 19:05      --------      d-----w-      c:\program files\Microsoft Works
2010-06-15 17:57 . 2010-06-15 17:57      --------      d-----w-      c:\program files\Microsoft.NET
2010-06-15 17:55 . 2010-06-15 17:55      --------      d-----r-      C:\MSOCache
2010-06-15 15:25 . 2010-06-15 15:25      133648      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-15 15:25 . 2010-06-15 15:25      133720      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-10 06:24 . 2010-06-10 06:24      80400      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-06-10 06:24 . 2010-06-10 06:24      109072      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-06-10 06:24 . 2010-06-10 06:24      315408      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-06-10 06:13 . 2010-06-10 06:24      97549      ----a-w-      c:\windows\system32\drivers\klick.dat
2010-06-10 06:13 . 2010-06-10 06:24      113933      ----a-w-      c:\windows\system32\drivers\klin.dat
2010-06-10 06:12 . 2010-07-07 17:00      --------      d-----w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-06-10 06:12 . 2010-06-10 06:12      --------      d-----w-      c:\program files\Kaspersky Lab
2010-06-10 06:11 . 2010-06-10 06:11      --------      d-----w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-06-10 05:41 . 2010-06-10 05:41      --------      d-sh--w-      c:\documents and settings\NetworkService\IETldCache
2010-06-10 04:37 . 2010-04-29 22:39      38224      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 04:36 . 2010-06-10 04:37      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2010-06-10 04:36 . 2010-04-29 22:39      20952      ----a-w-      c:\windows\system32\drivers\mbam.sys
2010-06-09 21:51 . 2010-06-10 05:02      276      ----a-w-      c:\windows\system32\localux.dat
2010-06-09 21:51 . 2010-06-10 05:02      276      ----a-w-      c:\windows\system32\fecliynt.dat
2010-06-09 21:51 . 2010-06-10 04:37      0      ----a-w-      c:\windows\system32\mswsocnc.dat
2010-06-09 21:39 . 2010-06-21 18:38      120      ----a-w-      c:\windows\Kpuqoda.dat
2010-06-09 21:39 . 2010-06-21 14:24      0      ----a-w-      c:\windows\Rhuya.bin
2010-06-09 21:38 . 2010-06-10 05:02      --------      d-----w-      c:\documents and settings\kdenworth\Local Settings\Application Data\yerfurg
2010-06-09 21:36 . 2010-06-10 04:36      605      ----a-w-      c:\windows\system32\qedizo.dat
2010-06-09 21:36 . 2010-06-10 04:36      605      ----a-w-      c:\windows\system32\ialmdevj.dat
2010-06-09 21:36 . 2010-06-10 04:36      0      ----a-w-      c:\windows\system32\hnetmin.dat
2010-06-09 21:36 . 2010-06-09 21:51      316      ----a-w-      c:\windows\system32\msxmw3a.dat
2010-06-09 21:36 . 2010-06-10 05:02      --------      d-----w-      c:\documents and settings\All Users\Application Data\Update

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 17:00 . 2010-05-10 16:25      --------      d-----w-      c:\program files\lg_fwupdate
2010-07-07 15:29 . 2009-07-16 18:54      848      --sha-w-      c:\windows\system32\KGyGaAvL.sys
2010-07-07 12:29 . 2009-06-09 16:54      --------      d-----w-      c:\program files\LogMeIn
2010-06-26 02:37 . 2009-06-15 16:08      --------      d-----w-      c:\program files\Java
2010-06-17 21:30 . 2010-05-10 16:20      --------      d-----w-      c:\documents and settings\kdenworth\Application Data\CyberLink
2010-06-16 19:47 . 2009-06-08 20:00      84448      ----a-w-      c:\documents and settings\kdenworth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-15 19:10 . 2009-06-06 00:36      --------      d-----w-      c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-15 17:41 . 2009-06-06 00:39      --------      d-----w-      c:\program files\MSBuild
2010-06-10 06:41 . 2009-06-06 00:03      40840      ----a-w-      c:\windows\system32\drivers\termdd.sys
2010-06-10 05:56 . 2009-06-08 16:55      --------      d-----w-      c:\documents and settings\All Users\Application Data\avg8
2010-06-09 15:09 . 2009-06-09 16:55      83360      ----a-w-      c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 15:09 . 2009-06-09 16:55      29568      ----a-w-      c:\windows\system32\LMIport.dll
2010-06-09 15:09 . 2009-06-09 16:54      87424      ----a-w-      c:\windows\system32\LMIinit.dll
2010-06-02 17:02 . 2010-06-02 17:02      --------      d-----w-      c:\documents and settings\kdenworth\Application Data\FinalMediaPlayer
2010-06-02 17:02 . 2010-06-02 17:02      --------      d-----w-      c:\program files\FinalMediaPlayer
2010-06-02 17:01 . 2010-06-02 17:01      --------      d-----w-      c:\program files\Free Offers from Freeze.com
2010-06-02 17:01 . 2010-06-02 17:01      14534      ----a-r-      c:\documents and settings\kdenworth\Application Data\Microsoft\Installer\{E7B100D8-98A5-42AA-830F-16D6BD5351F1}\SystemFolder_msiexec.exe
2010-06-02 17:01 . 2010-06-02 17:01      --------      d-----w-      c:\program files\Freeze.com
2010-05-26 22:17 . 2010-05-26 22:17      503808      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-60b66f7e-n\msvcp71.dll
2010-05-26 22:17 . 2010-05-26 22:17      499712      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-60b66f7e-n\jmc.dll
2010-05-26 22:17 . 2010-05-26 22:17      348160      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-60b66f7e-n\msvcr71.dll
2010-05-17 17:27 . 2009-11-20 16:22      --------      d-----w-      c:\program files\Free_TV_Bar_c3
2010-05-10 16:27 . 2010-05-10 16:16      --------      d-----w-      c:\documents and settings\All Users\Application Data\CyberLink
2010-05-10 16:27 . 2009-06-06 00:15      --------      d--h--w-      c:\program files\InstallShield Installation Information
2010-05-10 16:27 . 2010-05-10 16:17      --------      d-----w-      c:\program files\CyberLink
2010-05-10 16:27 . 2010-05-10 16:25      16384      ----a-w-      c:\windows\system32\lgfwunis.exe
2010-05-10 16:26 . 2010-05-10 16:16      --------      d-----w-      c:\documents and settings\All Users\Application Data\Temp
2010-05-10 16:26 . 2010-05-10 16:26      53319      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2010-05-10 16:22 . 2010-05-10 16:22      36864      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2010-05-10 16:21 . 2010-05-10 16:21      --------      d-----w-      c:\program files\Common Files\CyberLink
2010-05-10 16:20 . 2010-05-10 16:20      29480      ----a-w-      c:\windows\system32\msxml3a.dll
2010-05-10 16:20 . 2010-05-10 16:20      53319      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2010-05-10 16:18 . 2010-05-10 16:18      36864      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-05-10 16:17 . 2010-05-10 16:17      53319      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2010-05-10 16:16 . 2010-05-10 16:16      53319      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-05-06 10:41 . 2007-01-21 18:25      916480      ----a-w-      c:\windows\system32\wininet.dll
2010-05-02 07:09 . 2007-01-21 18:25      1859968      ----a-w-      c:\windows\system32\win32k.sys
2010-04-22 17:23 . 2010-04-19 19:47      761856      ----a-w-      c:\windows\etrnview.exe
2010-04-20 05:51 . 2004-08-12 12:00      285696      ----a-w-      c:\windows\system32\atmfd.dll
2006-12-13 09:12 . 2009-06-06 00:07      66648      ----a-w-      c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 09:12 . 2009-06-06 00:07      54352      ----a-w-      c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 09:12 . 2009-06-06 00:07      34928      ----a-w-      c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 09:12 . 2009-06-06 00:07      46696      ----a-w-      c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 09:12 . 2009-06-06 00:07      172120      ----a-w-      c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------


[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" [2010-01-19 361592]
"{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}"= "c:\program files\Free_TV_Bar_c3\tbFre1.dll" [2010-06-23 2736736]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]
2010-06-23 16:38      2736736      ----a-w-      c:\program files\Free_TV_Bar_c3\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-01-19 22:08      361592      ----a-w-      c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}"= "c:\program files\Free_TV_Bar_c3\tbFre1.dll" [2010-06-23 2736736]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}"= "c:\program files\Free_TV_Bar_c3\tbFre1.dll" [2010-06-23 2736736]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-01-21 61952]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"IndexTray"="c:\program files\Sharp\Sharpdesk\IndexTray.exe" [2007-08-02 106496]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2007-08-02 32768]
"TypeRegChecker"="c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe" [2007-08-02 57344]
"FtpServer.exe"="c:\program files\Sharp\Sharpdesk\FtpServer.exe" [2007-07-26 692224]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-05-10 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-26 210216]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-6-5 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-5 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 15:09      87424      ----a-w-      c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Sharp\\Sharpdesk\\FTPServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S4 Srbuhnpahce;Srbuhnpahce;c:\windows\system32\drivers\mcd.sys [8/12/2004 5:00 AM 7680]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:1052
uInternet Settings,ProxyOverride = 127.0.0.*;192.168.0.*
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\kdenworth\Application Data\Mozilla\Firefox\Profiles\vlnknjm3.default\
FF - prefs.js: browser.search.selectedengine - Yahoo! Search
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1052
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101028100&s=.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
ShellIconOverlayIdentifiers-{653543CF-487B-C342-E652-AAF25259DD54} - (no file)
MSConfigStartUp-skb - mljfceps.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 10:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2864)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Sharp\Sharpdesk\nsapp.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2010-07-07  10:03:45 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-07 17:03

Pre-Run: 54,199,586,816 bytes free
Post-Run: 54,578,667,520 bytes free

- - End Of File - - 554A68260B4C26E689742FDB48418B23


ComboFix.txt
Top Expert 2009

Commented:
Have you recently cleaned off viruses/malware?
Some system files are reported missing.

In the meantime run System File Checker or Rpg may have a script to provide to replace those files:)
http://ask-leo.com/what_is_the_system_file_checker_and_how_do_i_run_it.html
Top Expert 2007
Commented:
Run combofix again using this script.

1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
c:\windows\system32\localux.dat
c:\windows\system32\fecliynt.dat
c:\windows\system32\mswsocnc.dat
c:\windows\Kpuqoda.dat
c:\windows\Rhuya.bin
c:\windows\system32\qedizo.dat
c:\windows\system32\ialmdevj.dat
c:\windows\system32\hnetmin.dat
c:\windows\system32\msxmw3a.dat

Folder::
c:\documents and settings\kdenworth\Local Settings\Application Data\yerfurg

DirLook::
c:\documents and settings\All Users\Application Data\Update

------------------------------------------------------------------------
3. Save the above as CFScript.txt in the same location as Combofix.exe.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.


The following files are missing and need replacing, combofix wasn't able to find replacement for them.
c:\windows\System32\drivers\beep.sys
c:\windows\System32\wscntfy.exe
c:\windows\System32\regsvc.dll

And since NETSVCS also needs to be repaired, if you still have your windows CD you need to run a repair install.

How to Perform a Windows XP Repair Install
http://www.michaelstevenstech.com/XPrepairinstall.htm

Windows Xp Repair Tutorial
http://www.besttechie.net/forums/topic/1523-windows-xp-repair-tutorial/

Author

Commented:
Sorry for the delayed response,  will get to it Monday.

Again sorry.

MM

Author

Commented:
Here it is:

ComboFix 10-07-12.06 - kdenworth 07/13/2010  15:22:38.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2039.1547 [GMT -7:00]
Running from: c:\documents and settings\kdenworth\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kdenworth\Desktop\CFScript.txt

FILE ::
"c:\windows\Kpuqoda.dat"
"c:\windows\Rhuya.bin"
"c:\windows\system32\fecliynt.dat"
"c:\windows\system32\hnetmin.dat"
"c:\windows\system32\ialmdevj.dat"
"c:\windows\system32\localux.dat"
"c:\windows\system32\mswsocnc.dat"
"c:\windows\system32\msxmw3a.dat"
"c:\windows\system32\qedizo.dat"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kdenworth\Local Settings\Application Data\yerfurg
c:\windows\Kpuqoda.dat
c:\windows\Rhuya.bin
c:\windows\system32\fecliynt.dat
c:\windows\system32\hnetmin.dat
c:\windows\system32\ialmdevj.dat
c:\windows\system32\localux.dat
c:\windows\system32\mswsocnc.dat
c:\windows\system32\msxmw3a.dat
c:\windows\system32\qedizo.dat

.
(((((((((((((((((((((((((   Files Created from 2010-06-13 to 2010-07-13  )))))))))))))))))))))))))))))))
.

2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\windows\system32\wbem\snmp
2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\windows\srchasst
2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\windows\system32\xircom
2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\windows\msagent
2010-07-07 16:50 . 2010-07-07 16:50      --------      d-----w-      c:\program files\microsoft frontpage
2010-07-05 17:07 . 2010-07-05 17:07      --------      d-----w-      c:\program files\Trend Micro
2010-07-05 17:06 . 2010-07-05 17:07      --------      d-----w-      C:\HiJackThis
2010-07-02 18:43 . 2010-07-02 18:43      --------      d-----w-      C:\Depos
2010-06-26 02:38 . 2010-06-26 02:38      503808      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16649a82-n\msvcp71.dll
2010-06-26 02:38 . 2010-06-26 02:38      499712      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16649a82-n\jmc.dll
2010-06-26 02:38 . 2010-06-26 02:38      348160      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16649a82-n\msvcr71.dll
2010-06-26 02:38 . 2010-06-26 02:38      61440      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-423474dc-n\decora-sse.dll
2010-06-26 02:38 . 2010-06-26 02:38      12800      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-423474dc-n\decora-d3d.dll
2010-06-26 02:38 . 2010-06-26 02:38      --------      d-----w-      c:\program files\Common Files\Java
2010-06-26 02:37 . 2010-04-13 00:29      411368      ----a-w-      c:\windows\system32\deployJava1.dll
2010-06-23 16:55 . 2010-07-13 22:15      --------      d-----w-      c:\documents and settings\kdenworth\Application Data\PriceGong
2010-06-18 21:17 . 2010-06-18 21:17      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn
2010-06-15 19:02 . 2010-05-06 10:41      743424      ------w-      c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 18:57 . 2010-03-05 14:57      65536      ------w-      c:\windows\system32\dllcache\asycfilt.dll
2010-06-15 18:56 . 2010-04-20 05:51      285696      ------w-      c:\windows\system32\dllcache\atmfd.dll
2010-06-15 17:58 . 2010-06-15 19:05      --------      d-----w-      c:\program files\Microsoft Works
2010-06-15 17:57 . 2010-06-15 17:57      --------      d-----w-      c:\program files\Microsoft.NET
2010-06-15 17:55 . 2010-06-15 17:55      --------      d-----r-      C:\MSOCache
2010-06-15 15:25 . 2010-06-15 15:25      133648      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-15 15:25 . 2010-06-15 15:25      133720      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 14:33 . 2009-07-16 18:54      848      --sha-w-      c:\windows\system32\KGyGaAvL.sys
2010-07-13 14:22 . 2009-06-09 16:54      --------      d-----w-      c:\program files\LogMeIn
2010-07-13 14:21 . 2010-05-10 16:25      --------      d-----w-      c:\program files\lg_fwupdate
2010-07-13 14:21 . 2010-06-10 06:12      --------      d-----w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-08 23:50 . 2009-06-06 00:36      --------      d-----w-      c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-26 02:37 . 2009-06-15 16:08      --------      d-----w-      c:\program files\Java
2010-06-17 21:30 . 2010-05-10 16:20      --------      d-----w-      c:\documents and settings\kdenworth\Application Data\CyberLink
2010-06-16 19:47 . 2009-06-08 20:00      84448      ----a-w-      c:\documents and settings\kdenworth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-15 17:41 . 2009-06-06 00:39      --------      d-----w-      c:\program files\MSBuild
2010-06-10 06:41 . 2009-06-06 00:03      40840      ----a-w-      c:\windows\system32\drivers\termdd.sys
2010-06-10 06:24 . 2010-06-10 06:13      97549      ----a-w-      c:\windows\system32\drivers\klick.dat
2010-06-10 06:24 . 2010-06-10 06:13      113933      ----a-w-      c:\windows\system32\drivers\klin.dat
2010-06-10 06:24 . 2010-06-10 06:24      80400      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-06-10 06:24 . 2010-06-10 06:24      109072      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-06-10 06:24 . 2010-06-10 06:24      315408      ----a-w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-06-10 06:12 . 2010-06-10 06:12      --------      d-----w-      c:\program files\Kaspersky Lab
2010-06-10 06:11 . 2010-06-10 06:11      --------      d-----w-      c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-06-10 05:56 . 2009-06-08 16:55      --------      d-----w-      c:\documents and settings\All Users\Application Data\avg8
2010-06-10 05:02 . 2010-06-09 21:36      --------      d-----w-      c:\documents and settings\All Users\Application Data\Update
2010-06-10 04:37 . 2010-06-10 04:36      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2010-06-09 15:09 . 2009-06-09 16:55      83360      ----a-w-      c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 15:09 . 2009-06-09 16:55      29568      ----a-w-      c:\windows\system32\LMIport.dll
2010-06-09 15:09 . 2009-06-09 16:54      87424      ----a-w-      c:\windows\system32\LMIinit.dll
2010-06-02 17:02 . 2010-06-02 17:02      --------      d-----w-      c:\documents and settings\kdenworth\Application Data\FinalMediaPlayer
2010-06-02 17:02 . 2010-06-02 17:02      --------      d-----w-      c:\program files\FinalMediaPlayer
2010-06-02 17:01 . 2010-06-02 17:01      --------      d-----w-      c:\program files\Free Offers from Freeze.com
2010-06-02 17:01 . 2010-06-02 17:01      14534      ----a-r-      c:\documents and settings\kdenworth\Application Data\Microsoft\Installer\{E7B100D8-98A5-42AA-830F-16D6BD5351F1}\SystemFolder_msiexec.exe
2010-06-02 17:01 . 2010-06-02 17:01      --------      d-----w-      c:\program files\Freeze.com
2010-05-26 22:17 . 2010-05-26 22:17      503808      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-60b66f7e-n\msvcp71.dll
2010-05-26 22:17 . 2010-05-26 22:17      499712      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-60b66f7e-n\jmc.dll
2010-05-26 22:17 . 2010-05-26 22:17      348160      ----a-w-      c:\documents and settings\kdenworth\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-60b66f7e-n\msvcr71.dll
2010-05-17 17:27 . 2009-11-20 16:22      --------      d-----w-      c:\program files\Free_TV_Bar_c3
2010-05-10 16:27 . 2010-05-10 16:25      16384      ----a-w-      c:\windows\system32\lgfwunis.exe
2010-05-10 16:26 . 2010-05-10 16:26      53319      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2010-05-10 16:22 . 2010-05-10 16:22      36864      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2010-05-10 16:20 . 2010-05-10 16:20      29480      ----a-w-      c:\windows\system32\msxml3a.dll
2010-05-10 16:20 . 2010-05-10 16:20      53319      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2010-05-10 16:18 . 2010-05-10 16:18      36864      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-05-10 16:17 . 2010-05-10 16:17      53319      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2010-05-10 16:16 . 2010-05-10 16:16      53319      ----a-w-      c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-05-06 10:41 . 2007-01-21 18:25      916480      ----a-w-      c:\windows\system32\wininet.dll
2010-05-02 07:09 . 2007-01-21 18:25      1859968      ----a-w-      c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2010-06-10 04:37      38224      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-06-10 04:36      20952      ----a-w-      c:\windows\system32\drivers\mbam.sys
2010-04-22 17:23 . 2010-04-19 19:47      761856      ----a-w-      c:\windows\etrnview.exe
2010-04-20 05:51 . 2004-08-12 12:00      285696      ----a-w-      c:\windows\system32\atmfd.dll
2006-12-13 09:12 . 2009-06-06 00:07      66648      ----a-w-      c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 09:12 . 2009-06-06 00:07      54352      ----a-w-      c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 09:12 . 2009-06-06 00:07      34928      ----a-w-      c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 09:12 . 2009-06-06 00:07      46696      ----a-w-      c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 09:12 . 2009-06-06 00:07      172120      ----a-w-      c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\Update ----



------- Sigcheck -------


[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
(((((((((((((((((((((((((((((   SnapShot@2010-07-07_17.00.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-12 14:22 . 2010-07-12 14:22      16384              c:\windows\Temp\Perflib_Perfdata_12c.dat
+ 2010-07-08 02:29 . 2010-07-09 12:42      32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-06 00:09 . 2010-07-09 12:42      16384              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-06 00:09 . 2010-07-07 10:08      16384              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-07-08 02:29 . 2010-07-09 12:42      16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-06 00:09 . 2010-07-07 10:08      16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" [2010-01-19 361592]
"{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}"= "c:\program files\Free_TV_Bar_c3\tbFre1.dll" [2010-06-23 2736736]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]
2010-06-23 16:38      2736736      ----a-w-      c:\program files\Free_TV_Bar_c3\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-01-19 22:08      361592      ----a-w-      c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}"= "c:\program files\Free_TV_Bar_c3\tbFre1.dll" [2010-06-23 2736736]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}"= "c:\program files\Free_TV_Bar_c3\tbFre1.dll" [2010-06-23 2736736]

[HKEY_CLASSES_ROOT\clsid\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-01-21 61952]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"IndexTray"="c:\program files\Sharp\Sharpdesk\IndexTray.exe" [2007-08-02 106496]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2007-08-02 32768]
"TypeRegChecker"="c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe" [2007-08-02 57344]
"FtpServer.exe"="c:\program files\Sharp\Sharpdesk\FtpServer.exe" [2007-07-26 692224]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-05-10 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-26 210216]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-6-5 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-5 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 15:09      87424      ----a-w-      c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Sharp\\Sharpdesk\\FTPServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S4 Srbuhnpahce;Srbuhnpahce;c:\windows\system32\drivers\mcd.sys [8/12/2004 5:00 AM 7680]

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:1052
uInternet Settings,ProxyOverride = 127.0.0.*;192.168.0.*
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\kdenworth\Application Data\Mozilla\Firefox\Profiles\vlnknjm3.default\
FF - prefs.js: browser.search.selectedengine - Yahoo! Search
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1052
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101028100&s=.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 15:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-07-13  15:30:31
ComboFix-quarantined-files.txt  2010-07-13 22:30
ComboFix2.txt  2010-07-07 17:03

Pre-Run: 53,454,016,512 bytes free
Post-Run: 53,619,408,896 bytes free

- - End Of File - - 5F50DBFDB76EF316C028A509FDCFD317
ComboFix.txt

Author

Commented:
rpggamergirl:

Thanks for the file.  Have not heard from the user-all is well.  Thank you for your help and sorry for the delay.
Top Expert 2007

Commented:
No problem... thanks for coming back and closing the question.

Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial