Desktop Icons missing after HDD removal

Okay, try running Combofix one more time and if no go, we'll uninstall avast then.

Uninstalled Avast. After a couple of freezes and forced reboots, finally got Combofix to run. Icons still missing...


ComboFix 10-12-11.06 - Steve 12/12/2010 19:52:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.689 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\0A6amm105.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\4L6AYnb.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\B0AyPX.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\On56M8La.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Thumbs.db
c:\documents and settings\Steve\Local Settings\Temporary Internet Files\1xAj84A4J.jpg
c:\documents and settings\Steve\Local Settings\Temporary Internet Files\2KNXj6Xl6.jpg
c:\documents and settings\Steve\Local Settings\Temporary Internet Files\BnBmX.jpg
c:\documents and settings\Steve\Local Settings\Temporary Internet Files\YbM4m.jpg
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\sst110.sys
c:\windows\system32\drivers\sst110.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sst110
-------\Service_sst110


((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-11 23:37 . 2010-12-12 23:25 -------- d-----w- C:\Combo-Fix
2010-12-11 16:08 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-11 16:08 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-11 15:44 . 2010-12-03 19:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-12-11 15:44 . 2010-12-03 19:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-12-11 15:44 . 2010-12-03 19:35 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-12-05 21:19 . 2010-12-05 21:19 -------- d-sh--w- c:\documents and settings\Steve\IECompatCache
2010-12-05 20:03 . 2010-12-05 20:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-11-13 17:44 . 2010-11-13 17:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-11-13 17:34 . 2010-11-13 17:34 -------- d-----w- c:\program files\iPod
2010-11-13 17:33 . 2010-11-13 17:34 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-02-22 21:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-02-22 21:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-28 20:44 . 2009-06-30 20:15 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2009-06-30 20:15 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 16:23 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 18:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 18:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 07:29 . 2008-02-03 16:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"NvMediaCenter"="NvMCTray.dll" [2006-01-19 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-2-19 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 16:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 19:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 21:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 23:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 23:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 21:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 22:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"1126765"=c:\docume~1\Steve\LOCALS~1\Temp\1126765.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [8/24/2009 6:52 PM 82432]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 1:50 PM 5120]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [5/15/2009 2:34 PM 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [5/15/2009 2:34 PM 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [5/15/2009 2:34 PM 174720]
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{07E84C83-6AE7-4437-94DC-387C32B4F0A6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080114
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: turbotax.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://campwoof2.dyndns.org:7180/RtspVaPgDec.cab
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\fydqi223.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\fydqi223.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExt: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\fydqi223.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 20:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1232)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-12-12 20:44:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-13 01:43

Pre-Run: 37,823,291,392 bytes free
Post-Run: 37,883,559,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 423DF394A3B6AB8B1E33DC82F1884C08

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=31e28cd158d79642b2d9c7fc831302f3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-14 03:38:45
# local_time=2010-12-13 10:38:45 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 7057927 7057927 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=101098
# found=2
# cleaned=2
# scan_time=4118
C:\Documents and Settings\Steve\Application Data\Uniblue\Registry Booster2\RB_Setup_7_22_2010.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Steve\Application Data\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 8.2.5

Then download and install Adobe Reader 9.4

How is the machine running now?

No change. Still no icons on desktop. Can't re-create shortcuts on desktop. Everything still visible in Explorer/Desktop folder.

Hello.
Can you post a screenshot of your issue? it would help me a lot more on this issue, as I can't really pin-point your problem at the moment.

no icons on desktop. Can't re-create shortcuts on desktop. Everything still visible in Explorer/Desktop folder.

Hello,
Any new thoughts about what I can do?

Hmmm.

Please download a new copy of Combofix, and run it as normal, post the new log when done.

ComboFix 10-12-18.02 - Steve 12/19/2010 16:22:17.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.595 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-15 00:27 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 00:26 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-15 00:20 . 2010-12-15 00:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-14 02:22 . 2010-12-14 02:22 -------- d-----w- c:\program files\ESET
2010-12-11 23:37 . 2010-12-12 23:25 -------- d-----w- C:\Combo-Fix
2010-12-11 16:08 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-11 16:08 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-11 15:44 . 2010-12-03 19:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-12-11 15:44 . 2010-12-03 19:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-12-11 15:44 . 2010-12-03 19:35 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-12-05 21:19 . 2010-12-05 21:19 -------- d-sh--w- c:\documents and settings\Steve\IECompatCache
2010-12-05 20:03 . 2010-12-05 20:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-02-22 21:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-02-22 21:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-10 19:02 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 18:51 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 18:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 18:51 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44 . 2009-06-30 20:15 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2009-06-30 20:15 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"NvMediaCenter"="NvMCTray.dll" [2006-01-19 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-2-19 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 16:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 19:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 21:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 23:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 23:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 21:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 22:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [8/24/2009 6:52 PM 82432]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 1:50 PM 5120]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [5/15/2009 2:34 PM 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [5/15/2009 2:34 PM 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [5/15/2009 2:34 PM 174720]
.
Contents of the 'Scheduled Tasks' folder

2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{07E84C83-6AE7-4437-94DC-387C32B4F0A6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080114
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: turbotax.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://campwoof2.dyndns.org:7180/RtspVaPgDec.cab
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\fydqi223.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 16:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\program files\Internet Explorer\iexplore.exe [4900] 0x8623FB30

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1200)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1256)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll

- - - - - - - > 'explorer.exe'(4252)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-12-19 17:10:18
ComboFix-quarantined-files.txt 2010-12-19 22:09
ComboFix2.txt 2010-12-13 01:44

Pre-Run: 40,984,137,728 bytes free
Post-Run: 41,013,460,992 bytes free

- - End Of File - - 21AEA8F86E9F80B0D68618BEC3837BAB

Found a display setting "Show Desktop Icons" that must've gotten reset during the malware removal. Everything seems to be ok now. Can't believe I didn't see this before. Thanks for everything.

No problems.