Windows will not load on desktop XP Home SP 3

I would appreciate assistance with this issue. My desktop has been rendered useless! Yesterday, I was perusing available driver updating software on line. I left the site to check an email message with a powe point attachment that was loading very slowly. I noticed that software (probably the one I was previously looking at) was downloading!
I stopped the download, exited the email and selected Windows Restore. So far, so good. The Restore sequence went smoothly, I chose to restore to a restore point the previous day. When I initiated the restore action, my screen went blank with a blinking cursor, upper left of screen, and has remained there ever since. I can't do a thing. Do not have an XP CD because the OP system is embedded. (emachines, ugh!) My only software option is the emachines Restore CD set, which will wipe everything out. (I should have made a bootable windows CD and been more diligent with back-ups -
I will from now on!) I done the following so far, I'm an X-Motorola Tech, so I know how to use a meter.
Cleared the CMOS memory
Disassembled, inspected, reassembled and checked all power supply voltages, all OK. (+12VDC is +11.82VDC) the remaining voltages are spot on.
Removed the RAM sticks and put them in one at a time, no help
Was able to access the Bios and confirm that the boot sequence begins with the CD drive
Tried, but unable to get into Safe Mode. After initial boot - blank & blinking
The POST beep sequence is normal on boot-up - One Beep
There's an option on the Restore CD to boot-up in DOS mode. I did that, but the DOS is very limited to it's own drive and will not recognize any others.
Am I correct in thinking that I need to download a bootable XP Home CD? I'm using my friend's Vista Premium laptop
which has CD burning capability.
Thank you, thank you in advance!!!

Hi, Welcome to GeekPolice.net!

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Step 1: you need to get the appropriate burning software for this task.

Download ISOBurner

• This will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic.
  
• See the instructions page for more info.

Step 2: download the OTLPE REATOGO Windows Recovery Environment.

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  
• When downloaded double click and this will then open ISOBurner to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
    
  • Press Run Scan to start the scan.
    
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    
  • Copy this file to your USB drive if you do not have internet connection on this system
    
  • Please post the contents of the OTL.txt file in your reply.

Sneakyone,
Thank you very much for responding. I managed to fix the problem by studying my book, "Mastering Windows XP" Home Edition. (Second Edition) On P.519 is a 'recipe' for making a generic
boot disk. Well, I used my friend's laptop and typed the text in Notepad and burned it to a CD.
I booted my desktop with it and BINGO! There was Windows! I then restored the computer to an earlier date, set the time & date & ran a complete virus scan. Everything is peachy! Didn't lose a thing. I'm in the process of backing up all of my data and will do it regularly. Whew, close call!

However, several months ago I had planned to FDISK my computer because I had run ComoFix
(Previous posts) and lost the Auto-Play feature. I want it back and I haven't been successful in my attempts to rectify this issue. I didn't FDISK my machine because there is software I will not
be able to replace. I understand the reason for disabling AutoPlay, but hey, I'll take my chances and I don't want someone making that decision for me. Can you help me with this?

Hi.

Yes, I will be glad to help.

I have to go in about 5 minutes and I won't be back till around 11:00 PM Central time zone, when I get back I will see what I can find.

I think I have re-enabled it before, I forget how.

Hey Sneakyone,

Have you been sneaking around helping others and think I wouldn't notice?
I've had my private PI tailing you and he tells me that you've been unfaithful,
is this true? Well, I'm a forgiving soul, you are welcome back at any time.

Hi.

My bad, I missed the thread by accident. :/

Are you wanting to Auto-Play like Cds and stuff from your disk drive, or a external hard-drive/usb drive?

When I lost the Auto-Play feature, it affected all removable drives. What concerned me the most is the Media Card Reader because I download many photos from my CF card. However, Auto-Play no longer works on the CD/DVD drives. All removable drives are adversely affected.

Hi.

Please visit here and see if this enables it: http://www.ehow.com/how_5147384_enable-autoplay.html

That would be too easy. When Combo-Fix disables the Auto-Play functionality, it's a challenge to restore it. I don't know if anyone has been successful. I've tried all the obvious remedies, including downloading Autofix.exe from Microsoft, no help. Changed the binary values in the Auto-Play folder of the Registry, which enables and disables Auto-Play, no help. Ensured that the Shell Hardware Detection Service is running, nothing works. I have an embedded operating system, so I don't have the luxury of performing a Windows Repair, although, I have my doubts that it would do any good. You say you think you've done it in the past?

Hmm, I am out of ideas that would be the ways I would think that would fix it.

I will send a PM to someone who will probably be able to help you.

Thanks Sneakyone, I appreciate all your help. The outcome of this thread will be very interesting indeed. Thanks again!

Hi.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

Oh, I did that many moons ago. I read that after ComboFix performs it's task, it deletes itself from the system. I believe it, because it is nowhere to found.
I did make a note at the time that it did find a virus, called, "Mazapp.exe".
I searched for 'Mazapp" with the following results:

mazapp.dll --------------------------C\windows\system32
mazapp.exe.vir---------------------C:\Qoobox\Quarantine\C\windows\system32

So, apparently, ComboFix did it's job and left town.

Hi.

Just letting you know ComboFix does not uninstall itself, and it is dangerous to run without proper instruction from a expert.

Lets check for malware.

ComboFix doesn't get everything.

Please download a fresh copy and follow these instructions:

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Here is the ComboFix Report:

Can you find the command line where AutoPlay was disabled? Therein may unravel the mystery to restoring it, which is my ultimate goal. Of course, since AutoPlay had already been disabled from the previous installation of ComboFix, there may not be anything there to disable. In which case, we may need the assistance of David Copperfield!

ComboFix 10-08-11.04 - Charley 08/11/2010 20:40:34.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1358 [GMT -5]
Running from: c:\documents and settings\Charley\desktop\commy.exe
Command switches used :: /stepdel
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\UNWISE.EXE

.
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-08 03:54 . 2010-08-08 03:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-08 03:40 . 2010-08-08 03:40 -------- d-----w- c:\program files\eM
2010-08-05 07:00 . 2003-08-15 23:52 94208 ------r- c:\windows\system32\nvuenet.exe
2010-08-05 06:59 . 2003-10-29 17:02 110592 ------w- c:\windows\system32\nvusmb.exe
2010-08-05 00:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-05 00:43 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-04 06:03 . 2010-08-04 06:03 -------- d-----w- c:\program files\MSN Toolbar
2010-08-04 06:03 . 2010-08-04 06:03 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-07-28 08:25 . 2010-07-28 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Medic
2010-07-28 07:43 . 2010-07-28 07:44 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 19:10 . 2010-01-23 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-07 04:46 . 2009-03-01 22:34 -------- d-----w- c:\program files\Microsoft
2010-08-07 04:19 . 2010-08-07 04:19 503808 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c7e0ff3-n\msvcp71.dll
2010-08-07 04:19 . 2010-08-07 04:19 499712 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c7e0ff3-n\jmc.dll
2010-08-07 04:19 . 2010-08-07 04:19 12800 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5ebf71fd-n\decora-d3d.dll
2010-08-07 04:19 . 2010-08-07 04:19 61440 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5ebf71fd-n\decora-sse.dll
2010-08-07 04:19 . 2010-08-07 04:19 348160 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c7e0ff3-n\msvcr71.dll
2010-08-05 01:00 . 2008-04-11 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-31 19:49 . 2010-03-29 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-29 15:48 . 2010-01-23 07:04 113933 ------w- c:\windows\system32\drivers\klin.dat
2010-07-29 15:48 . 2010-01-23 07:04 97549 ------w- c:\windows\system32\drivers\klick.dat
2010-07-29 05:48 . 2009-07-03 01:22 -------- d-----w- c:\program files\Flickr Uploadr
2010-07-28 09:22 . 2008-06-06 00:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-28 08:05 . 2007-01-01 19:52 -------- d-----w- c:\program files\palmOne
2010-07-26 21:01 . 2010-08-11 18:51 37184 ----a-w- c:\documents and settings\Charley\Application Data\Mozilla\Firefox\Profiles\vhkmwcoi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-07-26 21:01 . 2010-08-11 18:51 32032 ----a-w- c:\documents and settings\Charley\Application Data\Mozilla\Firefox\Profiles\vhkmwcoi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-07-26 14:36 . 2006-07-09 02:22 -------- d-----w- c:\program files\Google
2010-07-19 15:04 . 2003-08-13 13:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-22 16:03 . 2010-06-22 16:03 503808 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34f81719-n\msvcp71.dll
2010-06-22 16:03 . 2010-06-22 16:03 61440 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-120e72c9-n\decora-sse.dll
2010-06-22 16:03 . 2010-06-22 16:03 499712 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34f81719-n\jmc.dll
2010-06-22 16:03 . 2010-06-22 16:03 348160 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34f81719-n\msvcr71.dll
2010-06-22 16:03 . 2010-06-22 16:03 12800 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-120e72c9-n\decora-d3d.dll
2010-06-22 16:02 . 2007-08-08 00:45 -------- d-----w- c:\program files\Common Files\Java
2010-06-22 16:00 . 2010-06-22 16:02 411368 ------w- c:\windows\system32\deployJava1.dll
2010-06-22 16:00 . 2007-08-08 00:45 -------- d-----w- c:\program files\Java
2010-06-20 03:38 . 2010-06-20 03:38 133648 ------w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-20 03:38 . 2010-06-20 03:38 133720 ------w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-14 14:31 . 2003-08-13 12:41 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Charley\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-28 39408]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Versato"="c:\program files\Media Key\Versato.exe" [2002-12-25 733184]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2008-06-12 113136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

c:\documents and settings\Charley\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-11-28 221247]
HP OfficeJet T Series Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe [2010-1-1 1175552]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-28 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ------w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2003-06-03 18:01 496640 -c----w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
2009-01-19 23:01 632048 -c----w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
2003-07-14 19:30 98304 -c----w- c:\program files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2009-10-12 22:51 692321 ------w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 18:16 5058560 ------r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 18:16 741376 ------r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PNAgent]
2006-01-13 18:05 40960 -c----w- c:\program files\PhatNoise Media Manager\PNAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 15:50 413696 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-23 15:05 244208 ------w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC Yahoo! Connection Manager]
2003-07-14 19:55 1028096 -c----w- c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-28 14:24 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-15 21:24 3092480 ------w- c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\palmOne\\Hotsync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Charley\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [6/23/2008 10:08 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [6/23/2008 10:06 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [6/23/2008 10:06 AM 166384]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/13/2003 7:28 AM 14336]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [6/23/2008 10:08 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/23/2008 10:05 AM 1120752]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
IE: {{96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99} -
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
FF - ProfilePath - c:\documents and settings\Charley\Application Data\Mozilla\Firefox\Profiles\vhkmwcoi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Charley\Application Data\Mozilla\Firefox\Profiles\vhkmwcoi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-MCODS
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 21:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1484054120-130084284-2373196925-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bluetooth\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Media Key\OSD.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-11 21:07:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-12 02:07
ComboFix2.txt 2010-01-22 01:32

Pre-Run: 82,460,778,496 bytes free
Post-Run: 82,460,672,000 bytes free

- - End Of File - - D7A6963F89BC27AB5DCB3B5E745B4D69

Hi.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

=================

• Please open a new Notepad file.
  
• Copy and paste the following into Notepad:
  

  
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom]
  "autorun"="1"
  
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5A46B35-525D-4594-ABB1-CE915479D7CD}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoDriveTypeAutoRun"=-
  
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5A46B35-525D-4594-ABB1-CE915479D7CD}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoDriveTypeAutoRun"=-
  
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoDriveTypeAutoRun"=-
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5A46B35-525D-4594-ABB1-CE915479D7CD}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoDriveTypeAutoRun"=-
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5A46B35-525D-4594-ABB1-CE915479D7CD}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoDriveTypeAutoRun"=-
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoDriveTypeAutoRun"=-
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

I performed the task and re-started the machine with my fingers crossed, thinking how great it would be if Autoplay would return. It did not. I opened the Registry to check the new values
and where there is suppose to be "NoDriveTypeAutoRun", reads "Default - Value not set."

Perhaps the following information will be helpful. I performed a search for autoplay.exe and what it found was: wpdshextautoplay. Does this look like a corrupted file to you??

Hi.

Nope I doubt that file is corrupted.

Let me see if I can get some more ideas and I will get back to you very soon.

Thanks, Sneakyone -

I appreciate all of your time and effort.

Hi.

Sorry, I am still trying to get some answers, please bear with me.

Time is not a big issue, this dilemma began in January. I've been researching
and trying different methods for some time now. If you're able to find the magical key to this locked door, time is of no consequence.

Hey Sneakyone,

I was researching this issue on-line when something happened that turned off Windows System Restore and deleted all of the restore points. I re-enabled System Restore, but the restore points are gone. I took the liberty of running Comofix again, the report follows:

ComboFix 10-08-15.04 - Charley 08/16/2010 10:13:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1333 [GMT -5:00]
Running from: d:\documents and settings\Charley\My Documents\Desktop\Commsy.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-14 19:03 . 2010-08-14 19:03 -------- d-----w- c:\program files\AquaSnap
2010-08-12 22:18 . 2010-08-12 22:21 -------- d-----w- C:\commy
2010-08-11 18:51 . 2010-07-26 21:01 37184 ----a-w- c:\documents and settings\Charley\Application Data\Mozilla\Firefox\Profiles\vhkmwcoi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-08-11 18:51 . 2010-07-26 21:01 32032 ----a-w- c:\documents and settings\Charley\Application Data\Mozilla\Firefox\Profiles\vhkmwcoi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-08-08 03:54 . 2010-08-08 03:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-08 03:40 . 2010-08-08 03:40 -------- d-----w- c:\program files\eM
2010-08-07 04:19 . 2010-08-07 04:19 503808 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c7e0ff3-n\msvcp71.dll
2010-08-07 04:19 . 2010-08-07 04:19 499712 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c7e0ff3-n\jmc.dll
2010-08-07 04:19 . 2010-08-07 04:19 12800 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5ebf71fd-n\decora-d3d.dll
2010-08-07 04:19 . 2010-08-07 04:19 61440 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5ebf71fd-n\decora-sse.dll
2010-08-07 04:19 . 2010-08-07 04:19 348160 ----a-w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c7e0ff3-n\msvcr71.dll
2010-08-05 07:00 . 2003-08-15 23:52 94208 ------r- c:\windows\system32\nvuenet.exe
2010-08-05 06:59 . 2003-10-29 17:02 110592 ------w- c:\windows\system32\nvusmb.exe
2010-08-05 00:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-05 00:43 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-04 06:03 . 2010-08-04 06:03 -------- d-----w- c:\program files\MSN Toolbar
2010-08-04 06:03 . 2010-08-04 06:03 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-07-28 08:25 . 2010-07-28 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Medic
2010-07-28 07:43 . 2010-07-28 07:44 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 07:11 . 2010-01-23 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-12 22:49 . 2006-10-19 02:00 17408 -c--a-w- c:\windows\system32\wpdshextautoplay.exe
2010-08-12 22:25 . 2005-05-26 01:53 84328 -c--a-w- c:\documents and settings\Charley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-07 04:46 . 2009-03-01 22:34 -------- d-----w- c:\program files\Microsoft
2010-08-05 01:00 . 2008-04-11 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-31 19:49 . 2010-03-29 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-29 15:48 . 2010-01-23 07:04 113933 ------w- c:\windows\system32\drivers\klin.dat
2010-07-29 15:48 . 2010-01-23 07:04 97549 ------w- c:\windows\system32\drivers\klick.dat
2010-07-29 05:48 . 2009-07-03 01:22 -------- d-----w- c:\program files\Flickr Uploadr
2010-07-28 09:22 . 2008-06-06 00:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-28 08:05 . 2007-01-01 19:52 -------- d-----w- c:\program files\palmOne
2010-07-26 14:36 . 2006-07-09 02:22 -------- d-----w- c:\program files\Google
2010-07-19 15:04 . 2003-08-13 13:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-22 16:03 . 2010-06-22 16:03 503808 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34f81719-n\msvcp71.dll
2010-06-22 16:03 . 2010-06-22 16:03 61440 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-120e72c9-n\decora-sse.dll
2010-06-22 16:03 . 2010-06-22 16:03 499712 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34f81719-n\jmc.dll
2010-06-22 16:03 . 2010-06-22 16:03 348160 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34f81719-n\msvcr71.dll
2010-06-22 16:03 . 2010-06-22 16:03 12800 ------w- c:\documents and settings\Charley\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-120e72c9-n\decora-d3d.dll
2010-06-22 16:02 . 2007-08-08 00:45 -------- d-----w- c:\program files\Common Files\Java
2010-06-22 16:00 . 2010-06-22 16:02 411368 ------w- c:\windows\system32\deployJava1.dll
2010-06-22 16:00 . 2007-08-08 00:45 -------- d-----w- c:\program files\Java
2010-06-20 03:38 . 2010-06-20 03:38 133648 ------w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-20 03:38 . 2010-06-20 03:38 133720 ------w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-14 14:31 . 2003-08-13 12:41 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Charley\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-28 39408]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
"AquaSnap"="c:\program files\AquaSnap\AquaSnap.Daemon.exe" [2010-08-04 733184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Versato"="c:\program files\Media Key\Versato.exe" [2002-12-25 733184]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2008-06-12 113136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

c:\documents and settings\Charley\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-11-28 221247]
HP OfficeJet T Series Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe [2010-1-1 1175552]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-28 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ------w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2003-06-03 18:01 496640 -c----w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
2009-01-19 23:01 632048 -c----w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
2003-07-14 19:30 98304 -c----w- c:\program files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2009-10-12 22:51 692321 ------w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 18:16 5058560 ------r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 18:16 741376 ------r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 15:50 413696 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-23 15:05 244208 ------w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC Yahoo! Connection Manager]
2003-07-14 19:55 1028096 -c----w- c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-28 14:24 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-15 21:24 3092480 ------w- c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\palmOne\\Hotsync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Charley\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [6/23/2008 10:08 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [6/23/2008 10:06 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [6/23/2008 10:06 AM 166384]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/13/2003 7:28 AM 14336]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [6/23/2008 10:08 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/23/2008 10:05 AM 1120752]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]

2010-08-16 c:\windows\Tasks\User_Feed_Synchronization-{1D47D8A3-7940-414F-BE43-04DC2ABE63A8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.suddenlink.net/x.php?u=https%3A%2F%2Faccount.suddenlink.net%2Fselfcare%2Fcheckemail.do%3Fredirect%3Dsynacor
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
IE: {{96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99} -
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
FF - ProfilePath - c:\documents and settings\Charley\Application Data\Mozilla\Firefox\Profiles\vhkmwcoi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Charley\Application Data\Mozilla\Firefox\Profiles\vhkmwcoi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-PNAgent - c:\program files\PhatNoise Media Manager\PNAgent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 10:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1484054120-130084284-2373196925-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(10156)
c:\windows\system32\WININET.dll
c:\program files\AquaSnap\AquaSnap.Hook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-16 10:38:05
ComboFix-quarantined-files.txt 2010-08-16 15:37
ComboFix2.txt 2010-08-12 02:07

Pre-Run: 89,056,899,072 bytes free
Post-Run: 89,046,130,688 bytes free

- - End Of File - - 9383219324354B4D274F87A7432168FB

Hi.

I doubt this is malware related, but just to make sure:

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post this log in your next reply.

[ERROR: java.lang.RuntimeException: Kaspersky Online Scanner 7.0 cannot be started because this computer has Kaspersky Internet Security 8.0 (9.0) installed.]

I have Kaspersky Internet Security 2010 Ver. 9.0.0736 resident on my computer. I ran a complete system scan and, you are correct, nothing was found.

Hi.

Sorry for the delay.

I have sent you a PM of instructions.

Sorry, I was out of town...

Please re-send the PM

Sent.