TechSpot

Applications "disappearing" from system

By HWBear
Mar 6, 2011
  1. My W7 desktop is infected with persistent and elusive malware.

    The intrusion came while I was installing Norton Internet Security 2011 last Monday. I had--foolishly--turned off the pre-installed McAfee security suite for the installation and got a blizzard of pop ups for updates to Java, Adobe Reader, Acrobat and Win 7. I accepted them, and when the pop ups disappeared, every short cut on the desktop and the pop-up start list said something like this:

    "Shortcut no longer points to iexplore.exe. Application has been moved or deleted. Delete shortcut?"

    Windows explorer could not find most of the applications that had been installed.

    The problem exists in all identities on the system.

    A full-system scan with Norton Internet Security 2011 found two suspicious files and dealt with them. I rebooted and found the programs did not return. I apparently had only one restore point--two weeks old--and restored the system, only to find the same disappearing program phenomenon.

    I downloaded some free web tools. Avira Free and GMER found nothing; Malwarebytes found a Trojan, whose name I did not record, and removed it. I rescanned with Norton and found nothing; restored the system and rebooted, and the phenomenon returned.

    Another, possibly related problem: A popup that says a “runtime error” forced an unusal termination of “C:\Windows\System32\nvvsvc.exe”.

    I have followed the Updated 8 Steps and the problem persists. As I noted above, I used system repair after apparently having cleaned the system and so may have lost my only restore point.

    Since the browser is deleted or disabled by the malware—which does not disrupt the network connection, I had to download the various programs required on my laptop, copied them to a DVD and ran the programs from Windows Explorer. The various logs were saved to my desktop and copied to a thumb drive which I have connected to my laptop so I can attach or cut and pasted the various logs required by the Eight Steps.

    Step 1: full system scan with updated Norton Internet Security 2011 found nothing.

    Step 2. Download and run TFC. Done.

    Step 3. Run Malwarebytes Anti-Malware. This was done three times, twice before I followed the eight steps. Here is the text of the quick scan I performed as part of Step 3.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5971

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/5/2011 9:46:24 PM
    mbam-log-2011-03-05 (21-46-24).txt

    Scan type: Quick scan
    Objects scanned: 237384
    Time elapsed: 3 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Step 4. Run GMER. The log file saved as GMER to my desktop and to the thumb drive is blank. (“Properties . . .Size: 0 bytes.”)

    Step 5. Run DDS and paste texts of DDS.txt and Attach.txt.

    Note that when these files opened, a popup also opened that said: “Windows Script Host can’t find script engine ‘VBSCRIPT’ for script “C:\Users\Hal\App Data\Local\Temp\MSGB.PIF”

    DDS.txt:

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Hal at 22:44:47.77 on Sat 03/05/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
    C:\Windows\SysWOW64\DllHost.exe
    D:\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101020142509.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [UTW7Updater] "C:\Program Files (x86)\Parallels\Parallels Desktop\Application\prl_up2date_app.exe" check -u desktop_wl -nr -sa --mode silent
    mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: <NO NAME> =
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper20073151.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130563530265
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
    DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - C:\PROGRA~2\WINDOW~3\MpShHook.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101020142509.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    IFEO-X64: Your Image File Name Here without a path - ntsd -d
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? cfwids;McAfee Inc. cfwids
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? DockLoginService;Dock Login Service
    R? EraserUtilRebootDrv;EraserUtilRebootDrv
    R? McComponentHostService;McAfee Security Scan Component Host Service
    R? McShield;McShield
    R? mfefire;McAfee Firewall Core Service
    R? mferkdet;McAfee Inc. mferkdet
    R? MpNWMon;Microsoft Malware Protection Network Driver
    R? NisDrv;Microsoft Network Inspection System
    R? NisSrv;NisSrv
    R? Parallels Networking Service;Parallels Networking Service
    R? Parallels Virtualization Service;Parallels Virtualization Service
    R? PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver
    R? pmxdrv;pmxdrv
    R? prl_dsk;Parallels Loopback Driver
    R? prl_mount_svc;Parallels Mount Service
    R? RoxMediaDB10;RoxMediaDB10
    R? SessionLauncher;SessionLauncher
    R? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
    R? WatAdminSvc;Windows Activation Technologies Service
    S? BHDrvx64;BHDrvx64
    S? IDSVia64;IDSVia64
    S? k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfefirek;McAfee Inc. mfefirek
    S? mfehidk;McAfee Inc. mfehidk
    S? mfenlfk;McAfee NDIS Light Filter
    S? mfevtp;McAfee Validation Trust Protection Service
    S? mfewfpk;McAfee Inc. mfewfpk
    S? MpFilter;Microsoft Malware Protection Driver
    S? NIS;Norton Internet Security
    S? Parallels USB Device Manager;Parallels USB Device Manager
    S? Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor
    S? prl_net;Parallels Networking Driver
    S? PRLVNIC;Parallels Virtual NIC Adapter
    S? PxHlpa64;PxHlpa64
    S? SymDS;Symantec Data Store
    S? SymEFA;Symantec Extended File Attributes
    S? SymIRON;Symantec Iron Driver
    S? SymNetS;Symantec Network Security WFP Driver
    S? vwififlt;Virtual WiFi Filter Driver
    .
    =============== Created Last 30 ================
    .
    2011-03-06 05:41:46 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-06 05:41:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-03 22:21:33 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-03-03 22:09:14 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-03-03 22:09:14 -------- d-----w- C:\Program Files\Symantec
    2011-03-03 22:09:14 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-03-03 22:08:55 802864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys
    2011-03-03 22:08:55 735864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
    2011-03-03 22:08:55 450608 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys
    2011-03-03 22:08:55 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
    2011-03-03 22:08:55 382072 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys
    2011-03-03 22:08:55 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys
    2011-03-03 22:08:38 -------- d-----w- C:\Windows\System32\drivers\NISx64\1205000.07D
    2011-03-03 22:08:27 -------- d-----w- C:\Windows\System32\drivers\NISx64
    2011-03-03 22:08:25 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
    2011-03-03 22:06:45 -------- d-----w- C:\PROGRA~3\Norton
    2011-03-03 22:04:26 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-03-03 00:00:17 -------- d-----w- C:\Users\Hal\AppData\Roaming\Malwarebytes
    2011-03-02 05:22:39 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-02 05:22:36 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-01 11:00:59 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-03-01 11:00:58 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-03-01 03:09:48 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-03-01 03:01:27 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
    2011-03-01 02:25:57 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-01 02:25:57 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-03-01 02:25:57 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-01 02:25:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    .
    ==================== Find3M ====================
    .
    2011-02-06 02:18:22 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-02-06 02:18:22 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-02-06 02:14:09 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
    2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-12-17 01:52:56 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    .
    ============= FINISH: 22:45:04.01 ===============



    Attach.txt:

    .
    ==== Installed Programs ======================
    .
    .
    2Wire Wireless Client
    32 Bit HP CIO Components Installer
    Access Drivers
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    AIO_Scan
    ArcSoft TotalMedia Backup & Record
    AT&T Yahoo! High Speed Internet Home Networking Installer
    ATT-HSI
    Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
    AutoUpdate
    Banctec Service Agreement
    Battlefield: Bad Company 2
    Borderlands
    BufferChm
    C7200
    C7200_Help
    calibre
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant D850 56K V.9x DFVc Modem
    Conexant SmartHSFi V.9x 56K DF PCI Modem
    Consumer In-Home Service Agreement
    Copy
    Critical Update for Windows Media Player 11 (KB959772)
    D-Fend v2
    D3DX10
    Data Access Objects (DAO) 3.0
    Dawn of War - Dark Crusade Demo
    Dell DataSafe Online
    Dell Digital Jukebox Driver
    Dell Driver Download Manager
    Dell Getting Started Guide
    Dell Media Experience
    Dell Networking Guide
    Dell Solution Center
    Dell Support Center (Support Software)
    DellSupport
    Destinations
    DeviceDiscovery
    Digital Line Detect
    DirectXInstallService
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DocProc
    DS21Patch
    DVDSentry
    EarthLink MDAC
    EMC 10 Content
    Fax
    GPBaseService2
    Greed Corp
    H&R Block California 2009
    H&R Block Deluxe + Efile + State 2009
    Hauppauge TV Tuner Diagnostics (1.1.7057)
    Hauppauge TV Tuner Driver
    Help and Support Customization
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photosmart All-In-One Driver Software 10.0 Rel .2
    HP Print Diagnostic Utility
    HP Update
    HP_Network_UserGuide
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    ImageMixer VCD/DVD2 for OLYMPUS
    Internet Explorer Default Page
    Jasc Paint Shop Photo Album
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 22
    Junk Mail filter update
    Learn Windows 7
    Learn2 Player (Uninstall Only)
    Lernout & Hauspie TruVoice for Microsoft Agent
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Calculator Plus
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Default Manager
    Microsoft Encarta Encyclopedia Standard 2004
    Microsoft IntelliPoint 5.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WinUsb 1.0
    Microsoft XML Parser
    Modem Helper
    Mozilla Firefox (3.6.13)
    MSN Toolbar
    MSN Toolbar Platform
    MSSoap
    MSVCRT
    MSVCRT_amd64
    MSVCSetup
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    MSXML4 Parser
    NetWaiting
    Norton Internet Security
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OGA Notifier 2.0.0048.0
    OLYMPUS Master
    Palm Desktop
    Parallels Desktop Upgrade to Windows 7
    Parallels runtime modules
    Parallels USB Driver
    Pdf995 (installed by H&R Block)
    PdfEdit995 (installed by H&R Block)
    PhotoRecall Deluxe HP Edition
    PocketMirror 3.0.2 (Standard Edition)
    PowerDVD DX
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_Min
    PunkBuster Services
    QuickBooks Pro 2002
    Quicken 2003 Deluxe
    QuickTime
    Reader Library by Sony
    Readiris
    RealOne Player
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shockwave
    SmartWebPrinting
    SnapAPI
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Live!
    Spelling Dictionaries Support For Adobe Reader 8
    Star Wars Battlefront II
    StarCraft II
    Status
    Steam
    Symantec Technical Support Web Controls
    TaxCut 2003
    TaxCut 2004
    TaxCut California 2007
    TaxCut California 2008
    TaxCut Deluxe 2005
    TaxCut Premium + State + Efile 2007
    TaxCut Premium + State + Efile 2008
    TaxCut Premium 2006
    Times Reader
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Upgrade Assistant
    WebFldrs XP
    WebReg
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WordPerfect Office 11
    Xiph.Org Ogg Codecs 0.82.16930 32-bit
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Toolbar
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help you sort the problem out!

    A caution: if you have to use a flash drive to download any programs be sure it's clean. If you have any doubts, I can give you a program to disinfect the flash drive.

    First, you are running both the Norton security and McAfee. You may think you disabled McAfee, but multiple processes are still loading. Please run this tool to remove it all:
    McAfee Removal
    Please reboot the computer when finished.
    =============================================
    You can try to create a new shortcut for Internet Explorer while we look for the malware:
    Using Windows Explorer (Windows key + E)> Computer> Local Drive> Programs> Look for Internet Explorer> double click on the program folder> On the right screen, look for the iexplore.exe and do a right click> Send To> Desktop to create a shortcut.
    Exit Windows Explorer. This may give you a working launch while we look for the cause.
    ============================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the cli[board, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===========================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  3. HWBear

    HWBear TS Rookie Topic Starter

    Applications disappearing, followup

    Bobbye

    Hello and thank you for your reply.

    I was able to download the McAfee removal tool onto a thumb drive using my laptop. I ran it successfully and saved the log.

    I would appreciate having the tool to clean thumb drives.

    I could not get online with my infected desktop because Internet Explorer does not exist on my computer. In WExplore there were to folders, updatesie07 and updatesie08. Both were empty. I know the system is connected to the internet because it is wired into my AT&T gateway and the connection responds to embedded links. But without a browser I have been unable to get to the Eset site.

    I went to Eset and copied the URL into Windows document, but it wouldln't open because the virus wiped out my installation of MS Office 2003. When I tried to reinstall Office, I got a pop up that said:

    MICROSOFT OFFICE STANDARD EDITION 2003

    Error 25090 Office Setup encountered a problem with the Office Source Engine, system error: - 2147024894. Please open C:\Program Files (x86)\Microsoft Office\OFFICE11\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.

    A second pop up said:

    J:\Security Information\Security URLs.doc

    Fatal error during installation.

    wExplorer shows four folders under Program Files (x86): Common Files, Malwarebyte's Antimalware, Norton Internet Security and Norton Installer. Office 2003 is 100% MIA.

    I tried copying the link to a text file and it has not worked. The text file comes up as a mess of code--NOT machine language. Copying the URL into a notepad txt file also failed as notepad does not preserve the text as a URL.

    I could probably run Combofix since it does download an engine that I can load using my thumbdrive. That might also permit me to load the recovery console. Should I go ahead with Combofilx?
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am not really sure what you're trying to do. Do you find Internet Explorer in Programs in Windows Explorer? You need to right click click on Internet Explorer icon [​IMG]> with the label iexplore.exe> Send To> Desktop to create a shortcut
    (Microsoft Logo from Wiki)

    IF this fails: Control Panel> Add/Remove Programs> Look for Internet Explorer> Highlight> Repair.

    You cannot install Office without an online connection. You cannot run an online virus scan without an online connection. You cannot install the Recovery Console without an online connection.

    For the Flash Drive and other removal media: Note: If you have to use the Flash Drive for Combofix, please disinfect it first)
    These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    ===================================
    You can run Combofix now- just bypass the Recovery Console query and click on Scan.
     
  5. HWBear

    HWBear TS Rookie Topic Starter

    Applications "disappearing"

    Bobbye:

    Wen I called this thread Applications "Disappearing, I meant disappearing.

    The only applications I know are now working are Norton Internet Security and Mawarebytes' Anti-Malware.

    Windows features like magnify and control panel work--but control panel does not give me a "repair" option and did not list Internet Explorer as an installed application.

    Without a functioning browser I am unable to navigate to the Eset homepage. Thus I was unable to scan my desktop with Eset NOD 32 Online Antivirus.

    I cleaned my flash drives and ran Combo fix. by downloading it to a flash drive on my laptop. Once I launched Combo Fix from the executable on the flash drive, it was able to connect to the site and update. Hence I know my desktop has a functioning internet connection, which I cannot control because I have no browser. Here is the text of the log:

    ComboFix 11-03-08.02 - Hal 03/08/2011 15:00:15.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6697 [GMT -8:00]
    Running from: j:\security information\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Hal\Documents\Readiris.DUS
    c:\windows\SysWow64\arp.exe
    c:\windows\SysWow64\Data
    c:\windows\SysWow64\SCardSvr.exe
    c:\windows\SysWow64\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    c:\windows\SysWow64\spool\prtprocs\w32x86\hpzpp5ha.dll
    c:\windows\system32\slwga.dll . . . . Failed to delete
    c:\windows\system32\systemcpl.dll . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
    2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
    2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\users\Janice\AppData\Local\temp
    2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\users\Alec\AppData\Local\temp
    2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\users\Alec\AppData\Local\temp
    2011-03-06 05:41 . 2011-03-06 05:41 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-06 05:41 . 2011-03-06 05:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-03 22:09 . 2011-03-03 22:09 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-03-03 22:09 . 2011-03-03 22:09 -------- d-----w- c:\program files\Symantec
    2011-03-03 22:09 . 2011-03-03 22:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-03-03 22:08 . 2011-03-03 22:09 -------- d-----w- c:\windows\system32\drivers\NISx64
    2011-03-03 22:08 . 2011-03-03 22:08 -------- d-----w- c:\program files (x86)\Norton Internet Security
    2011-03-03 22:08 . 2011-03-03 22:08 -------- d-----w- c:\program files\Windows Sidebar
    2011-03-03 22:06 . 2011-03-03 22:08 -------- d-----w- c:\programdata\Norton
    2011-03-03 22:04 . 2011-03-04 01:41 -------- d-----w- c:\program files (x86)\NortonInstaller
    2011-03-03 21:31 . 2011-03-03 21:31 -------- d-----w- c:\programdata\NVIDIA
    2011-03-03 00:00 . 2011-03-03 00:00 -------- d-----w- c:\users\Hal\AppData\Roaming\Malwarebytes
    2011-03-02 05:24 . 2011-03-02 05:56 -------- d-----w- c:\users\Alec\AppData\Local\Microsoft Games
    2011-03-02 05:22 . 2011-03-02 05:22 -------- d-----w- c:\users\Alec\AppData\Roaming\Malwarebytes
    2011-03-02 05:22 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-02 05:22 . 2010-12-21 02:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-01 11:00 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-03-01 11:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2011-03-01 03:09 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-01 03:05 . 2011-03-01 03:05 -------- d-----w- c:\users\Alec\AppData\Roaming\CyberLink
    2011-03-01 03:01 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-03-01 02:25 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-03-01 02:25 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-01 02:25 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-03-01 02:25 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-03-01 02:23 . 2011-03-01 02:23 -------- d-----w- c:\users\Alec\AppData\Local\DataSafeOnline
    2011-03-01 02:23 . 2011-03-01 02:23 -------- d-----w- c:\users\Alec\AppData\Roaming\Dell
    2011-03-01 02:23 . 2011-03-01 02:23 -------- d-----w- c:\users\Alec\AppData\Local\Stardock_Corporation
    2011-03-01 02:23 . 2011-03-01 02:23 -------- d-----w- c:\users\Alec\AppData\Roaming\Parallels
    2011-03-01 02:01 . 2011-03-01 02:01 -------- d-----w- c:\users\Alec\AppData\Local\VirtualStore
    2011-02-22 00:01 . 2011-02-22 00:36 -------- d-----w- c:\users\Janice\AppData\Local\Microsoft Games
    2011-02-11 16:21 . 2011-02-11 16:21 -------- d-----w- c:\users\Janice\AppData\Local\DataSafeOnline
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-06 02:18 . 2010-11-07 05:31 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-02-06 02:18 . 2010-11-07 05:30 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-02-06 02:14 . 2010-11-07 05:30 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2010-12-17 01:52 . 2010-11-07 05:30 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    .
    .
    ------- Sigcheck -------
    .
    [7] 2009-07-14 . 4ABA3E75A76195A3E38ED2766C962899 . 193536 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_ddc3da0b75baa7e0\appmgmts.dll
    [7] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_e818845daa1b69db\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SysWOW64\appmgmts.dll
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SysWOW64\msgsvc.dll
    .
    [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SysWOW64\mspmsnsv.dll
    [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SysWOW64\DLLCACHE\mspmsnsv.dll
    [-] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    [-] 2002-11-27 01:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\mspmsnsv.dll
    .
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SysWOW64\ntmssvc.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SysWOW64\srsvc.dll
    .
    [7] 2009-07-14 . 1C9D80CC3849B3788048078C26486E1A . 381952 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SysWOW64\w32time.dll
    [7] 2009-07-14 . 1C9D80CC3849B3788048078C26486E1A . 381952 . . [6.1.7600.16385] . . c:\windows\system32\w32time.dll
    .
    [7] 2009-07-14 . 52D0E33B681BD0F33FDC08812FEE4F7D . 578560 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_8e892cb8cd0462ae\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SysWOW64\wiaservc.dll
    [7] 2009-07-14 . 52D0E33B681BD0F33FDC08812FEE4F7D . 578560 . . [6.1.7600.16385] . . c:\windows\system32\wiaservc.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    c:\users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    c:\users\Hal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
    R2 Parallels Networking Service;Parallels Networking Service;c:\program files (x86)\Parallels\Parallels Desktop\Application\prl_naptd.exe [x]
    R2 Parallels Virtualization Service;Parallels Virtualization Service;c:\program files (x86)\Parallels\Parallels Desktop\Application\prl_disp_service.exe [x]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
    R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
    R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [x]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-10-20 38536]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-05-09 33160]
    R3 prl_dsk;Parallels Loopback Driver;c:\program files (x86)\Parallels\Parallels Desktop\Drivers\prl_dsk.sys [x]
    R3 prl_mount_svc;Parallels Mount Service;c:\program files (x86)\Parallels\Parallels Desktop\Application\prl_mount_svc.exe [x]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-25 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [2010-10-21 450608]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [2010-11-18 802864]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-02-25 1124472]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110304.001\IDSvia64.sys [2010-11-11 476792]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [2010-11-16 171128]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1205000.07D\SYMNETS.SYS [2010-12-01 382072]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
    S2 Parallels USB Device Manager;Parallels USB Device Manager;c:\windows\SysWOW64\drivers\prl_usb_mng64.sys [2010-05-13 21320]
    S2 Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor;c:\windows\SysWOW64\drivers\prl_hypervisor_64.sys [2010-05-13 216904]
    S2 prl_net;Parallels Networking Driver;c:\windows\system32\DRIVERS\prl_net.sys [2010-05-13 27976]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-05-21 25992]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
    S3 PRLVNIC;Parallels Virtual NIC Adapter;c:\windows\system32\DRIVERS\prl_vnic.sys [2010-05-13 15688]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724427880-2391815090-4251992463-1001Core.job
    - c:\users\Alec\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 01:41]
    .
    2011-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724427880-2391815090-4251992463-1001UA.job
    - c:\users\Alec\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 01:41]
    .
    2004-01-23 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\System32\OOBE\OOBEBALN.EXE [2010-11-20 00:12]
    .
    2011-03-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Hal.job
    - c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\navw32.exe [2011-03-03 06:57]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-25 4119552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\SysWOW64\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
    Wow6432Node-HKLM-Run-Dell DataSafe Online - c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    Wow6432Node-HKLM-Run-PDVDDXSrv - c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    Wow6432Node-HKLM-Run-MSN Toolbar - c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
    Wow6432Node-HKLM-Run-Microsoft Default Manager - c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    Wow6432Node-HKLM-Run-dellsupportcenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
    Wow6432Node-HKLM-Run-HP Software Update - c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    Wow6432Node-HKLM-Run-UTW7Updater - c:\program files (x86)\Parallels\Parallels Desktop\Application\prl_up2date_app.exe
    Wow6432Node-HKLM-Run-Reader Library Launcher - c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    Wow6432Node-HKLM-Run-hpqSRMon - c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    Toolbar-Locked - (no file)
    HKLM-Run-IntelliPoint - c:\program files\Microsoft IntelliPoint\ipoint.exe
    HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
    HKLM-Run-itype - c:\program files\Microsoft IntelliType Pro\itype.exe
    AddRemove-2Wire SetupWiz - c:\program files (x86)\2Wire\Uninstaller.exe
    AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
    AddRemove-ATT-HSI - c:\progra~2\ATT\UNWISE.EXE
    AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2702 - c:\program files (x86)\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE
    AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 - c:\program files (x86)\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE
    AddRemove-D-Fend v2 - c:\program files (x86)\D-Fend\uninstall.exe
    AddRemove-Dell Digital Jukebox Driver - c:\program files (x86)\Dell\Digital Jukebox Drivers\DrvUnins.exe
    AddRemove-Digital Editions - c:\program files (x86)\Adobe\Adobe Digital Editions\uninstall.exe
    AddRemove-Hauppauge TV Tuner Diagnostics - c:\progra~2\HCW85\Diags\UnUDiags.exe
    AddRemove-InstallShield_{2D974D26-BA8F-4A0B-B7EE-3F563AF79746} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
    AddRemove-InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372} - c:\progra~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
    AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
    AddRemove-Mozilla Firefox (3.6.13) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
    AddRemove-NVIDIAStereo - c:\program files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe
    AddRemove-Ogg Codecs - c:\program files (x86)\Xiph.Org\Ogg Codecs\uninst.exe
    AddRemove-Pdf995 - c:\program files (x86)\pdf995\setup.exe
    AddRemove-PdfEdit995 - c:\program files (x86)\pdf995\res\utilities\thinsetup.exe
    AddRemove-PhotoRecall HP 2 - c:\program files (x86)\PhotoRecall\DeIsL1.isu
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    AddRemove-RealJukebox 1.0 - c:\program files (x86)\Common Files\Real\Update_OB\rnuninst.exe
    AddRemove-RealPlayer 6.0 - c:\program files (x86)\Common Files\Real\Update_OB\rnuninst.exe
    AddRemove-Sound Blaster Live!Windows Drivers - c:\program files (x86)\Creative\SBLive\Program\Ctzapxx.EXE
    AddRemove-StarCraft II - c:\program files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
    AddRemove-Steam App 24960 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 48950 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 8980 - c:\program files (x86)\Steam\steam.exe
    AddRemove-StreetPlugin - c:\program files (x86)\Learn2.com\StRunner\stuninst.exe
    AddRemove-TaxCut 2003 - c:\program files (x86)\TaxCut03\Program\removetc.exe
    AddRemove-TaxCut 2004 - c:\program files (x86)\TaxCut04\Program\removetc.exe
    AddRemove-TaxCut Deluxe 2005 - c:\progra~2\TaxCut05\Program\removetc.exe
    AddRemove-TaxCut Premium 2006 - c:\progra~2\TaxCut06\Program\removetc.exe
    AddRemove-Windows Media Format Runtime - c:\program files (x86)\Windows Media Player\wmsetsdk.exe
    AddRemove-WinLiveSuite - c:\program files (x86)\Windows Live\Installer\wlarp.exe
    AddRemove-Yahoo! Companion - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
    AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
    AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\MSN Toolbar Installer\InstallManager.exe
    AddRemove-{20B30DC1-E423-4939-B51D-05C58B0F9BBB} - c:\program files (x86)\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe
    AddRemove-{3F92ABBB-6BBF-11D5-B229-002078017FBF} - c:\program files (x86)\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe
    AddRemove-{537BF16E-7412-448C-95D8-846E85A1D817} - c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe
    AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files (x86)\DivX\DivXConverterUninstall.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
    AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
    AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files (x86)\DivX\DivXConverterUninstall.exe
    AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files (x86)\DivX\DivXWebPlayerUninstall.exe
    AddRemove-{E646DCF0-5A68-11D5-B229-002078017FBF} - c:\program files (x86)\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{048DBD20-445E8C82-05040104}]
    "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
    @Denied: (A) (Everyone)
    @="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-08 15:12:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-08 23:12
    .
    Pre-Run: 1,388,561,756,160 bytes free
    Post-Run: 1,388,391,387,136 bytes free
    .
    - - End Of File - - 62BBA46F5798EF7E21876BB3024AC060


    Here us a copy of the log:
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I don't know what happened regarding this section of Combofix:
    But it is showing almost everything in the computer has been uninstalled.

    I would say looking at this that you are going to have to do a reformat/reinstall of the OS.
     
  7. HWBear

    HWBear TS Rookie Topic Starter

    Applications "Disappearing"

    Thanks for your help. It has obviously been a huge effort and I appreciate it. I have been thinking about the process of reformatting and reinstalling the the OS on my desktop. I have some questions about the condition of the system and how I move forward.

    1. Is the system free of viruses? I have heard some malware can survive reformatting the HDD. Is that a possibility with the problem I have here? Is there anything further I might do to minimize that possibility?

    2. Is there a recommended way to go about the process of reformatting the HDD and reinstalling the OS?

    3. We had a backup drive connected to the system, but disconnected it as soon as the virus manifested. It had not been scheduled to back up the system between manifestation and disconnection. Might that backup drive be infected? How can I check our the possibility?

    To summarize:

    Is my system clean?

    How do I do a reformat and reinstallation?

    How do I check my backup drive to see if it is clean?

    Thanks.

    Thanks
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    1. I don't have enough information to tell you if the system is clean- half of it is missing!

    2. You will find excellent reformat/reinstall instructions here:
    http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

    3. Disinfect the flash drive:
    You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...