Inactive Applications "disappearing" from system

[HWBear]

My W7 desktop is infected with persistent and elusive malware.

The intrusion came while I was installing Norton Internet Security 2011 last Monday. I had--foolishly--turned off the pre-installed McAfee security suite for the installation and got a blizzard of pop ups for updates to Java, Adobe Reader, Acrobat and Win 7. I accepted them, and when the pop ups disappeared, every short cut on the desktop and the pop-up start list said something like this:

"Shortcut no longer points to iexplore.exe. Application has been moved or deleted. Delete shortcut?"

Windows explorer could not find most of the applications that had been installed.

The problem exists in all identities on the system.

A full-system scan with Norton Internet Security 2011 found two suspicious files and dealt with them. I rebooted and found the programs did not return. I apparently had only one restore point--two weeks old--and restored the system, only to find the same disappearing program phenomenon.

I downloaded some free web tools. Avira Free and GMER found nothing; Malwarebytes found a Trojan, whose name I did not record, and removed it. I rescanned with Norton and found nothing; restored the system and rebooted, and the phenomenon returned.

Another, possibly related problem: A popup that says a “runtime error” forced an unusal termination of “C:\Windows\System32\nvvsvc.exe”.

I have followed the Updated 8 Steps and the problem persists. As I noted above, I used system repair after apparently having cleaned the system and so may have lost my only restore point.

Since the browser is deleted or disabled by the malware—which does not disrupt the network connection, I had to download the various programs required on my laptop, copied them to a DVD and ran the programs from Windows Explorer. The various logs were saved to my desktop and copied to a thumb drive which I have connected to my laptop so I can attach or cut and pasted the various logs required by the Eight Steps.

Step 1: full system scan with updated Norton Internet Security 2011 found nothing.

Step 2. Download and run TFC. Done.

Step 3. Run Malwarebytes Anti-Malware. This was done three times, twice before I followed the eight steps. Here is the text of the quick scan I performed as part of Step 3.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5971

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/5/2011 9:46:24 PM
mbam-log-2011-03-05 (21-46-24).txt

Scan type: Quick scan
Objects scanned: 237384
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Step 4. Run GMER. The log file saved as GMER to my desktop and to the thumb drive is blank. (“Properties . . .Size: 0 bytes.”)

Step 5. Run DDS and paste texts of DDS.txt and Attach.txt.

Note that when these files opened, a popup also opened that said: “Windows Script Host can’t find script engine ‘VBSCRIPT’ for script “C:\Users\Hal\App Data\Local\Temp\MSGB.PIF”

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Hal at 22:44:47.77 on Sat 03/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
.
============== Running Processes ===============
.
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\SysWOW64\DllHost.exe
D:\dds.scr
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101020142509.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [UTW7Updater] "C:\Program Files (x86)\Parallels\Parallels Desktop\Application\prl_up2date_app.exe" check -u desktop_wl -nr -sa --mode silent
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: <NO NAME> =
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper20073151.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130563530265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - C:\PROGRA~2\WINDOW~3\MpShHook.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101020142509.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
IFEO-X64: Your Image File Name Here without a path - ntsd -d
.
============= SERVICES / DRIVERS ===============
.
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? DockLoginService;Dock Login Service
R? EraserUtilRebootDrv;EraserUtilRebootDrv
R? McComponentHostService;McAfee Security Scan Component Host Service
R? McShield;McShield
R? mfefire;McAfee Firewall Core Service
R? mferkdet;McAfee Inc. mferkdet
R? MpNWMon;Microsoft Malware Protection Network Driver
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;NisSrv
R? Parallels Networking Service;Parallels Networking Service
R? Parallels Virtualization Service;Parallels Virtualization Service
R? PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver
R? pmxdrv;pmxdrv
R? prl_dsk;Parallels Loopback Driver
R? prl_mount_svc;Parallels Mount Service
R? RoxMediaDB10;RoxMediaDB10
R? SessionLauncher;SessionLauncher
R? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
R? WatAdminSvc;Windows Activation Technologies Service
S? BHDrvx64;BHDrvx64
S? IDSVia64;IDSVia64
S? k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? MpFilter;Microsoft Malware Protection Driver
S? NIS;Norton Internet Security
S? Parallels USB Device Manager;Parallels USB Device Manager
S? Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor
S? prl_net;Parallels Networking Driver
S? PRLVNIC;Parallels Virtual NIC Adapter
S? PxHlpa64;PxHlpa64
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SymNetS;Symantec Network Security WFP Driver
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2011-03-06 05:41:46 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-06 05:41:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-03 22:21:33 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-03-03 22:09:14 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-03-03 22:09:14 -------- d-----w- C:\Program Files\Symantec
2011-03-03 22:09:14 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-03-03 22:08:55 802864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys
2011-03-03 22:08:55 735864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
2011-03-03 22:08:55 450608 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys
2011-03-03 22:08:55 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
2011-03-03 22:08:55 382072 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys
2011-03-03 22:08:55 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys
2011-03-03 22:08:38 -------- d-----w- C:\Windows\System32\drivers\NISx64\1205000.07D
2011-03-03 22:08:27 -------- d-----w- C:\Windows\System32\drivers\NISx64
2011-03-03 22:08:25 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-03-03 22:06:45 -------- d-----w- C:\PROGRA~3\Norton
2011-03-03 22:04:26 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-03-03 00:00:17 -------- d-----w- C:\Users\Hal\AppData\Roaming\Malwarebytes
2011-03-02 05:22:39 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-02 05:22:36 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-01 11:00:59 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-01 11:00:58 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-03-01 03:09:48 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-01 03:01:27 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-03-01 02:25:57 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-01 02:25:57 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-01 02:25:57 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-01 02:25:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-02-06 02:18:22 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-02-06 02:18:22 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-02-06 02:14:09 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-17 01:52:56 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 22:45:04.01 ===============



Attach.txt:

.
==== Installed Programs ======================
.
.
2Wire Wireless Client
32 Bit HP CIO Components Installer
Access Drivers
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AIO_Scan
ArcSoft TotalMedia Backup & Record
AT&T Yahoo! High Speed Internet Home Networking Installer
ATT-HSI
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
AutoUpdate
Banctec Service Agreement
Battlefield: Bad Company 2
Borderlands
BufferChm
C7200
C7200_Help
calibre
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant D850 56K V.9x DFVc Modem
Conexant SmartHSFi V.9x 56K DF PCI Modem
Consumer In-Home Service Agreement
Copy
Critical Update for Windows Media Player 11 (KB959772)
D-Fend v2
D3DX10
Data Access Objects (DAO) 3.0
Dawn of War - Dark Crusade Demo
Dell DataSafe Online
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Getting Started Guide
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
Destinations
DeviceDiscovery
Digital Line Detect
DirectXInstallService
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
DS21Patch
DVDSentry
EarthLink MDAC
EMC 10 Content
Fax
GPBaseService2
Greed Corp
H&R Block California 2009
H&R Block Deluxe + Efile + State 2009
Hauppauge TV Tuner Diagnostics (1.1.7057)
Hauppauge TV Tuner Driver
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Print Diagnostic Utility
HP Update
HP_Network_UserGuide
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ImageMixer VCD/DVD2 for OLYMPUS
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 22
Junk Mail filter update
Learn Windows 7
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice for Microsoft Agent
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Default Manager
Microsoft Encarta Encyclopedia Standard 2004
Microsoft IntelliPoint 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft XML Parser
Modem Helper
Mozilla Firefox (3.6.13)
MSN Toolbar
MSN Toolbar Platform
MSSoap
MSVCRT
MSVCRT_amd64
MSVCSetup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
NetWaiting
Norton Internet Security
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
OLYMPUS Master
Palm Desktop
Parallels Desktop Upgrade to Windows 7
Parallels runtime modules
Parallels USB Driver
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PhotoRecall Deluxe HP Edition
PocketMirror 3.0.2 (Standard Edition)
PowerDVD DX
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PunkBuster Services
QuickBooks Pro 2002
Quicken 2003 Deluxe
QuickTime
Reader Library by Sony
Readiris
RealOne Player
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shockwave
SmartWebPrinting
SnapAPI
SolutionCenter
Sonic CinePlayer Decoder Pack
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spelling Dictionaries Support For Adobe Reader 8
Star Wars Battlefront II
StarCraft II
Status
Steam
Symantec Technical Support Web Controls
TaxCut 2003
TaxCut 2004
TaxCut California 2007
TaxCut California 2008
TaxCut Deluxe 2005
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
TaxCut Premium 2006
Times Reader
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Upgrade Assistant
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WordPerfect Office 11
Xiph.Org Ogg Codecs 0.82.16930 32-bit
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot! I'll help you sort the problem out!

A caution: if you have to use a flash drive to download any programs be sure it's clean. If you have any doubts, I can give you a program to disinfect the flash drive.

First, you are running both the Norton security and McAfee. You may think you disabled McAfee, but multiple processes are still loading. Please run this tool to remove it all:
McAfee Removal
Please reboot the computer when finished.
=============================================
You can try to create a new shortcut for Internet Explorer while we look for the malware:
Using Windows Explorer (Windows key + E)> Computer> Local Drive> Programs> Look for Internet Explorer> double click on the program folder> On the right screen, look for the iexplore.exe and do a right click> Send To> Desktop to create a shortcut.
Exit Windows Explorer. This may give you a working launch while we look for the cause.
============================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the cli[board, you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

===========================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes it will open a text window. Please paste that log in your next reply.

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[HWBear]

Applications disappearing, followup

Bobbye

Hello and thank you for your reply.

I was able to download the McAfee removal tool onto a thumb drive using my laptop. I ran it successfully and saved the log.

I would appreciate having the tool to clean thumb drives.

I could not get online with my infected desktop because Internet Explorer does not exist on my computer. In WExplore there were to folders, updatesie07 and updatesie08. Both were empty. I know the system is connected to the internet because it is wired into my AT&T gateway and the connection responds to embedded links. But without a browser I have been unable to get to the Eset site.

I went to Eset and copied the URL into Windows document, but it wouldln't open because the virus wiped out my installation of MS Office 2003. When I tried to reinstall Office, I got a pop up that said:

MICROSOFT OFFICE STANDARD EDITION 2003

Error 25090 Office Setup encountered a problem with the Office Source Engine, system error: - 2147024894. Please open C:\Program Files (x86)\Microsoft Office\OFFICE11\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.

A second pop up said:

J:\Security Information\Security URLs.doc

Fatal error during installation.

wExplorer shows four folders under Program Files (x86): Common Files, Malwarebyte's Antimalware, Norton Internet Security and Norton Installer. Office 2003 is 100% MIA.

I tried copying the link to a text file and it has not worked. The text file comes up as a mess of code--NOT machine language. Copying the URL into a notepad txt file also failed as notepad does not preserve the text as a URL.

I could probably run Combofix since it does download an engine that I can load using my thumbdrive. That might also permit me to load the recovery console. Should I go ahead with Combofilx?

 

[Bobbye]

I am not really sure what you're trying to do. Do you find Internet Explorer in Programs in Windows Explorer? You need to right click click on Internet Explorer icon

> with the label iexplore.exe> Send To> Desktop to create a shortcut
(Microsoft Logo from Wiki)

IF this fails: Control Panel> Add/Remove Programs> Look for Internet Explorer> Highlight> Repair.

You cannot install Office without an online connection. You cannot run an online virus scan without an online connection. You cannot install the Recovery Console without an online connection.

For the Flash Drive and other removal media: Note: If you have to use the Flash Drive for Combofix, please disinfect it first)
These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
   Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
4. Wait until it has finished scanning and then exit the program.
5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
===================================
You can run Combofix now- just bypass the Recovery Console query and click on Scan.

 

[HWBear]

Applications "disappearing"

Bobbye:

Wen I called this thread Applications "Disappearing, I meant disappearing.

The only applications I know are now working are Norton Internet Security and Mawarebytes' Anti-Malware.

Windows features like magnify and control panel work--but control panel does not give me a "repair" option and did not list Internet Explorer as an installed application.

Without a functioning browser I am unable to navigate to the Eset homepage. Thus I was unable to scan my desktop with Eset NOD 32 Online Antivirus.

I cleaned my flash drives and ran Combo fix. by downloading it to a flash drive on my laptop. Once I launched Combo Fix from the executable on the flash drive, it was able to connect to the site and update. Hence I know my desktop has a functioning internet connection, which I cannot control because I have no browser. Here is the text of the log:

ComboFix 11-03-08.02 - Hal 03/08/2011 15:00:15.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6697 [GMT -8:00]
Running from: j:\security information\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Hal\Documents\Readiris.DUS
c:\windows\SysWow64\arp.exe
c:\windows\SysWow64\Data
c:\windows\SysWow64\SCardSvr.exe
c:\windows\SysWow64\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\SysWow64\spool\prtprocs\w32x86\hpzpp5ha.dll
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\users\Janice\AppData\Local\temp
2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\users\Alec\AppData\Local\temp
2011-03-08 23:04 . 2011-03-08 23:04 -------- d-----w- c:\users\Alec\AppData\Local\temp
2011-03-06 05:41 . 2011-03-06 05:41 -------- d-----w- c:\programdata\Malwarebytes
2011-03-06 05:41 . 2011-03-06 05:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-03 22:09 . 2011-03-03 22:09 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-03-03 22:09 . 2011-03-03 22:09 -------- d-----w- c:\program files\Symantec
2011-03-03 22:09 . 2011-03-03 22:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-03 22:08 . 2011-03-03 22:09 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-03-03 22:08 . 2011-03-03 22:08 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-03-03 22:08 . 2011-03-03 22:08 -------- d-----w- c:\program files\Windows Sidebar
2011-03-03 22:06 . 2011-03-03 22:08 -------- d-----w- c:\programdata\Norton
2011-03-03 22:04 . 2011-03-04 01:41 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-03-03 21:31 . 2011-03-03 21:31 -------- d-----w- c:\programdata\NVIDIA
2011-03-03 00:00 . 2011-03-03 00:00 -------- d-----w- c:\users\Hal\AppData\Roaming\Malwarebytes
2011-03-02 05:24 . 2011-03-02 05:56 -------- d-----w- c:\users\Alec\AppData\Local\Microsoft Games
2011-03-02 05:22 . 2011-03-02 05:22 -------- d-----w- c:\users\Alec\AppData\Roaming\Malwarebytes
2011-03-02 05:22 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-02 05:22 . 2010-12-21 02:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-01 11:00 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-01 11:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-01 03:09 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-03-01 03:05 . 2011-03-01 03:05 -------- d-----w- c:\users\Alec\AppData\Roaming\CyberLink
2011-03-01 03:01 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-03-01 02:25 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-01 02:25 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-01 02:25 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-01 02:25 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-01 02:23 . 2011-03-01 02:23 -------- d-----w- c:\users\Alec\AppData\Local\DataSafeOnline
2011-03-01 02:23 . 2011-03-01 02:23 -------- d-----w- c:\users\Alec\AppData\Roaming\Dell
2011-03-01 02:23 . 2011-03-01 02:23 -------- d-----w- c:\users\Alec\AppData\Local\Stardock_Corporation
2011-03-01 02:23 . 2011-03-01 02:23 -------- d-----w- c:\users\Alec\AppData\Roaming\Parallels
2011-03-01 02:01 . 2011-03-01 02:01 -------- d-----w- c:\users\Alec\AppData\Local\VirtualStore
2011-02-22 00:01 . 2011-02-22 00:36 -------- d-----w- c:\users\Janice\AppData\Local\Microsoft Games
2011-02-11 16:21 . 2011-02-11 16:21 -------- d-----w- c:\users\Janice\AppData\Local\DataSafeOnline
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 02:18 . 2010-11-07 05:31 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-06 02:18 . 2010-11-07 05:30 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-06 02:14 . 2010-11-07 05:30 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-12-17 01:52 . 2010-11-07 05:30 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
------- Sigcheck -------
.
[7] 2009-07-14 . 4ABA3E75A76195A3E38ED2766C962899 . 193536 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_ddc3da0b75baa7e0\appmgmts.dll
[7] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_e818845daa1b69db\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SysWOW64\appmgmts.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SysWOW64\msgsvc.dll
.
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SysWOW64\mspmsnsv.dll
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SysWOW64\DLLCACHE\mspmsnsv.dll
[-] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2002-11-27 01:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\mspmsnsv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SysWOW64\ntmssvc.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SysWOW64\srsvc.dll
.
[7] 2009-07-14 . 1C9D80CC3849B3788048078C26486E1A . 381952 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SysWOW64\w32time.dll
[7] 2009-07-14 . 1C9D80CC3849B3788048078C26486E1A . 381952 . . [6.1.7600.16385] . . c:\windows\system32\w32time.dll
.
[7] 2009-07-14 . 52D0E33B681BD0F33FDC08812FEE4F7D . 578560 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_8e892cb8cd0462ae\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SysWOW64\wiaservc.dll
[7] 2009-07-14 . 52D0E33B681BD0F33FDC08812FEE4F7D . 578560 . . [6.1.7600.16385] . . c:\windows\system32\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 Parallels Networking Service;Parallels Networking Service;c:\program files (x86)\Parallels\Parallels Desktop\Application\prl_naptd.exe [x]
R2 Parallels Virtualization Service;Parallels Virtualization Service;c:\program files (x86)\Parallels\Parallels Desktop\Application\prl_disp_service.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-10-20 38536]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-05-09 33160]
R3 prl_dsk;Parallels Loopback Driver;c:\program files (x86)\Parallels\Parallels Desktop\Drivers\prl_dsk.sys [x]
R3 prl_mount_svc;Parallels Mount Service;c:\program files (x86)\Parallels\Parallels Desktop\Application\prl_mount_svc.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-25 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [2010-10-21 450608]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [2010-11-18 802864]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-02-25 1124472]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110304.001\IDSvia64.sys [2010-11-11 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1205000.07D\SYMNETS.SYS [2010-12-01 382072]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 Parallels USB Device Manager;Parallels USB Device Manager;c:\windows\SysWOW64\drivers\prl_usb_mng64.sys [2010-05-13 21320]
S2 Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor;c:\windows\SysWOW64\drivers\prl_hypervisor_64.sys [2010-05-13 216904]
S2 prl_net;Parallels Networking Driver;c:\windows\system32\DRIVERS\prl_net.sys [2010-05-13 27976]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-05-21 25992]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 PRLVNIC;Parallels Virtual NIC Adapter;c:\windows\system32\DRIVERS\prl_vnic.sys [2010-05-13 15688]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724427880-2391815090-4251992463-1001Core.job
- c:\users\Alec\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 01:41]
.
2011-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724427880-2391815090-4251992463-1001UA.job
- c:\users\Alec\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 01:41]
.
2004-01-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2010-11-20 00:12]
.
2011-03-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Hal.job
- c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\navw32.exe [2011-03-03 06:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-25 4119552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
Wow6432Node-HKLM-Run-Dell DataSafe Online - c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe
Wow6432Node-HKLM-Run-PDVDDXSrv - c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
Wow6432Node-HKLM-Run-MSN Toolbar - c:\program files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
Wow6432Node-HKLM-Run-Microsoft Default Manager - c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Wow6432Node-HKLM-Run-dellsupportcenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-HP Software Update - c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Wow6432Node-HKLM-Run-UTW7Updater - c:\program files (x86)\Parallels\Parallels Desktop\Application\prl_up2date_app.exe
Wow6432Node-HKLM-Run-Reader Library Launcher - c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
Wow6432Node-HKLM-Run-hpqSRMon - c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
Toolbar-Locked - (no file)
HKLM-Run-IntelliPoint - c:\program files\Microsoft IntelliPoint\ipoint.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-itype - c:\program files\Microsoft IntelliType Pro\itype.exe
AddRemove-2Wire SetupWiz - c:\program files (x86)\2Wire\Uninstaller.exe
AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-ATT-HSI - c:\progra~2\ATT\UNWISE.EXE
AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2702 - c:\program files (x86)\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE
AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 - c:\program files (x86)\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE
AddRemove-D-Fend v2 - c:\program files (x86)\D-Fend\uninstall.exe
AddRemove-Dell Digital Jukebox Driver - c:\program files (x86)\Dell\Digital Jukebox Drivers\DrvUnins.exe
AddRemove-Digital Editions - c:\program files (x86)\Adobe\Adobe Digital Editions\uninstall.exe
AddRemove-Hauppauge TV Tuner Diagnostics - c:\progra~2\HCW85\Diags\UnUDiags.exe
AddRemove-InstallShield_{2D974D26-BA8F-4A0B-B7EE-3F563AF79746} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372} - c:\progra~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
AddRemove-Mozilla Firefox (3.6.13) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-NVIDIAStereo - c:\program files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe
AddRemove-Ogg Codecs - c:\program files (x86)\Xiph.Org\Ogg Codecs\uninst.exe
AddRemove-Pdf995 - c:\program files (x86)\pdf995\setup.exe
AddRemove-PdfEdit995 - c:\program files (x86)\pdf995\res\utilities\thinsetup.exe
AddRemove-PhotoRecall HP 2 - c:\program files (x86)\PhotoRecall\DeIsL1.isu
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-RealJukebox 1.0 - c:\program files (x86)\Common Files\Real\Update_OB\rnuninst.exe
AddRemove-RealPlayer 6.0 - c:\program files (x86)\Common Files\Real\Update_OB\rnuninst.exe
AddRemove-Sound Blaster Live!Windows Drivers - c:\program files (x86)\Creative\SBLive\Program\Ctzapxx.EXE
AddRemove-StarCraft II - c:\program files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
AddRemove-Steam App 24960 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 48950 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8980 - c:\program files (x86)\Steam\steam.exe
AddRemove-StreetPlugin - c:\program files (x86)\Learn2.com\StRunner\stuninst.exe
AddRemove-TaxCut 2003 - c:\program files (x86)\TaxCut03\Program\removetc.exe
AddRemove-TaxCut 2004 - c:\program files (x86)\TaxCut04\Program\removetc.exe
AddRemove-TaxCut Deluxe 2005 - c:\progra~2\TaxCut05\Program\removetc.exe
AddRemove-TaxCut Premium 2006 - c:\progra~2\TaxCut06\Program\removetc.exe
AddRemove-Windows Media Format Runtime - c:\program files (x86)\Windows Media Player\wmsetsdk.exe
AddRemove-WinLiveSuite - c:\program files (x86)\Windows Live\Installer\wlarp.exe
AddRemove-Yahoo! Companion - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\MSN Toolbar Installer\InstallManager.exe
AddRemove-{20B30DC1-E423-4939-B51D-05C58B0F9BBB} - c:\program files (x86)\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe
AddRemove-{3F92ABBB-6BBF-11D5-B229-002078017FBF} - c:\program files (x86)\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe
AddRemove-{537BF16E-7412-448C-95D8-846E85A1D817} - c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files (x86)\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files (x86)\DivX\DivXConverterUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files (x86)\DivX\DivXWebPlayerUninstall.exe
AddRemove-{E646DCF0-5A68-11D5-B229-002078017FBF} - c:\program files (x86)\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-03-08 15:12:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-08 23:12
.
Pre-Run: 1,388,561,756,160 bytes free
Post-Run: 1,388,391,387,136 bytes free
.
- - End Of File - - 62BBA46F5798EF7E21876BB3024AC060


Here us a copy of the log:

 

[Bobbye]

I don't know what happened regarding this section of Combofix:

- - - - ORPHANS REMOVED - - - -

But it is showing almost everything in the computer has been uninstalled.

I would say looking at this that you are going to have to do a reformat/reinstall of the OS.

 

[HWBear]

Applications "Disappearing"

Thanks for your help. It has obviously been a huge effort and I appreciate it. I have been thinking about the process of reformatting and reinstalling the the OS on my desktop. I have some questions about the condition of the system and how I move forward.

1. Is the system free of viruses? I have heard some malware can survive reformatting the HDD. Is that a possibility with the problem I have here? Is there anything further I might do to minimize that possibility?

2. Is there a recommended way to go about the process of reformatting the HDD and reinstalling the OS?

3. We had a backup drive connected to the system, but disconnected it as soon as the virus manifested. It had not been scheduled to back up the system between manifestation and disconnection. Might that backup drive be infected? How can I check our the possibility?

To summarize:

Is my system clean?

How do I do a reformat and reinstallation?

How do I check my backup drive to see if it is clean?

Thanks.

Thanks

 

[Bobbye]

1. I don't have enough information to tell you if the system is clean- half of it is missing!

2. You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

3. Disinfect the flash drive:
You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
   Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
4. Wait until it has finished scanning and then exit the program.
5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================