Bob-PC (D:)

[evilfantasy]

If ComboFix alerts you that an antivirus is running just ignore it and keep on with the instructions.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[Bobh]

evilfantasy -
You want me to close the Internet Explorer.  How do I do that if I have to keep this page in front of me to follow direction?  Sometime I think this has gotten out of hand.  Bob

[evilfantasy]

Just close IE and then run ComboFix. It will guide you through the steps.

[Bobh]

evilfantasy -
ComboFix 09-06-13.09 - Bob 06/14/2009 15:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.1.1033.18.1525.915 [GMT -5:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090614-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: avast! antivirus 4.8.1335 [VPS 090614-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Desktop.ini

.
(((((((((((((((((((((((((   Files Created from 2009-05-14 to 2009-06-14  )))))))))))))))))))))))))))))))
.

2009-06-14 17:46 . 2009-02-05 20:06   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-06-14 17:46 . 2009-02-05 20:06   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-06-14 17:46 . 2009-02-05 20:04   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-06-14 17:46 . 2009-02-05 20:07   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-06-14 17:46 . 2009-02-05 20:07   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-06-14 17:46 . 2009-02-05 20:11   1256296   ----a-w-   c:\windows\system32\aswBoot.exe
2009-06-14 17:46 . 2009-02-05 20:06   51792   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-06-14 17:46 . 2003-03-18 20:20   1060864   ----a-w-   c:\windows\system32\MFC71.dll
2009-06-14 17:46 . 2009-06-14 17:46   --------   d-----w-   c:\program files\Alwil Software
2009-06-13 16:54 . 2009-06-13 16:54   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-06-13 16:17 . 2009-06-13 16:17   --------   d-----w-   c:\users\Bob\AppData\Roaming\Malwarebytes
2009-06-13 16:17 . 2009-05-26 18:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 16:17 . 2009-06-13 16:17   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-13 16:17 . 2009-06-13 16:17   --------   d-----w-   c:\programdata\Malwarebytes
2009-06-13 16:17 . 2009-05-26 18:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-13 15:25 . 2009-06-14 18:20   117760   ----a-w-   c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-13 15:25 . 2009-06-13 15:25   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2009-06-13 15:23 . 2009-06-13 15:23   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-06-13 15:23 . 2009-06-13 15:23   --------   d-----w-   c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2009-06-13 15:22 . 2009-06-13 15:22   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-13 11:05 . 2009-06-13 11:10   116842   ----a-w-   c:\windows\hpqins00.dat
2009-06-12 09:59 . 2009-06-13 17:55   --------   d-----w-   c:\program files\trend micro
2009-06-12 09:59 . 2009-06-12 10:04   --------   d-----w-   C:\rsit
2009-06-11 23:56 . 2009-06-11 23:56   --------   d-----w-   c:\programdata\HP Product Assistant
2009-06-11 15:35 . 2009-06-11 15:35   --------   d-----w-   c:\program files\CCleaner
2009-06-11 11:09 . 2009-06-11 11:09   268800   ----a-w-   c:\windows\system32\es.dll
2009-06-11 00:22 . 2009-06-14 00:37   --------   d-----w-   c:\programdata\Symantec
2009-06-11 00:22 . 2009-06-14 00:37   --------   d-----w-   c:\programdata\Norton
2009-06-11 00:18 . 2009-06-11 00:22   --------   d-----w-   c:\programdata\NortonInstaller
2009-06-10 23:48 . 2009-06-10 23:54   --------   d-----w-   c:\users\Bob\AppData\Local\Microsoft Games
2009-06-10 23:30 . 2009-06-10 23:30   --------   d-----w-   c:\program files\Internet Saving Optimizer
2009-06-10 23:29 . 2009-06-10 23:29   --------   d-----w-   c:\program files\DoubleD
2009-06-10 21:19 . 2009-06-10 21:19   --------   d-----w-   c:\users\Bob\AppData\Roaming\WildTangent
2009-06-10 20:52 . 2006-12-22 02:51   771672   ------w-   c:\programdata\HP\Installer\Temp\hpzscr01.exe
2009-06-10 20:52 . 2006-12-22 02:47   472664   ------w-   c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2009-06-10 20:40 . 2009-06-10 20:40   --------   d-----w-   c:\programdata\WEBREG
2009-06-10 20:39 . 2009-06-10 20:50   --------   d-----w-   c:\users\Bob\AppData\Roaming\HP
2009-06-10 20:35 . 2009-06-10 20:35   --------   d-----w-   c:\program files\Hewlett-Packard
2009-06-10 20:35 . 2009-06-10 20:35   --------   d-----w-   c:\program files\Common Files\Hewlett-Packard
2009-06-10 20:35 . 2009-06-10 20:38   --------   d-----w-   c:\program files\Common Files\HP
2009-06-10 20:00 . 2009-06-10 20:53   --------   d-----w-   c:\program files\HP
2009-06-10 19:58 . 2009-06-10 20:45   148928   ----a-w-   c:\windows\hpoins19.dat
2009-06-10 19:58 . 2009-06-10 20:50   --------   d-----w-   c:\programdata\HP
2009-06-10 19:58 . 2006-11-20 21:36   258048   ----a-w-   c:\windows\system32\hpzids01.dll
2009-06-10 19:58 . 2006-12-16 06:19   675840   ----a-w-   c:\windows\system32\hpowiav1.dll
2009-06-10 19:58 . 2006-12-16 06:19   303104   ----a-w-   c:\windows\system32\hpovst01.dll
2009-06-10 19:58 . 2006-12-16 06:19   573440   ----a-w-   c:\windows\system32\hpotscl1.dll
2009-06-10 19:58 . 2007-03-13 19:52   26952   ----a-w-   c:\windows\hpomdl19.dat
2009-06-10 18:43 . 2009-06-10 18:43   --------   d-----w-   c:\program files\Common Files\Adobe
2009-06-10 18:41 . 2009-02-12 09:35   38208   ----a-w-   c:\users\Bob\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-10 18:40 . 2009-06-10 18:40   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2009-06-10 18:39 . 2009-06-10 18:44   --------   d-----w-   c:\users\Bob\AppData\Local\Adobe
2009-06-10 18:39 . 2009-06-10 18:39   86016   ----a-w-   c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-10 18:38 . 2009-06-10 18:52   --------   d-----w-   c:\programdata\NOS
2009-06-10 18:38 . 2009-06-10 18:52   --------   d-----w-   c:\program files\NOS
2009-06-10 18:08 . 2009-06-10 18:08   61440   ----a-w-   c:\windows\system32\winipsec.dll
2009-06-10 18:08 . 2009-06-10 18:08   28672   ----a-w-   c:\windows\system32\FwRemoteSvr.dll
2009-06-10 18:08 . 2009-06-10 18:08   361984   ----a-w-   c:\windows\system32\IPSECSVC.DLL
2009-06-10 18:08 . 2009-06-10 18:08   272896   ----a-w-   c:\windows\system32\polstore.dll
2009-06-10 18:07 . 2009-06-10 18:07   8192   ----a-w-   c:\windows\system32\riched32.dll
2009-06-10 18:07 . 2009-06-10 18:07   48640   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2009-06-10 18:07 . 2009-06-10 18:07   20480   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2009-06-10 18:07 . 2009-06-10 18:07   77824   ----a-w-   c:\windows\system32\rascfg.dll
2009-06-10 18:07 . 2009-06-10 18:07   61952   ----a-w-   c:\windows\system32\drivers\wanarp.sys
2009-06-10 18:07 . 2009-06-10 18:07   52736   ----a-w-   c:\windows\system32\rasdiag.dll
2009-06-10 18:07 . 2009-06-10 18:07   32768   ----a-w-   c:\windows\system32\rasmxs.dll
2009-06-10 18:07 . 2009-06-10 18:07   22016   ----a-w-   c:\windows\system32\rasser.dll
2009-06-10 18:06 . 2009-06-10 18:06   384000   ----a-w-   c:\windows\system32\netcfgx.dll
2009-06-10 18:06 . 2009-06-10 18:06   286208   ----a-w-   c:\windows\system32\ipnathlp.dll
2009-06-10 18:06 . 2009-06-10 18:06   13824   ----a-w-   c:\windows\system32\icsunattend.exe
2009-06-10 18:06 . 2009-06-10 18:06   70144   ----a-w-   c:\windows\system32\drivers\pacer.sys
2009-06-10 18:06 . 2009-06-10 18:06   33280   ----a-w-   c:\windows\system32\traffic.dll
2009-06-10 18:06 . 2009-06-10 18:06   13824   ----a-w-   c:\windows\system32\wshqos.dll
2009-06-10 18:06 . 2009-06-10 18:06   619008   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2009-06-10 18:06 . 2009-06-10 18:06   36864   ----a-w-   c:\windows\system32\cdd.dll
2009-06-10 18:06 . 2009-06-10 18:06   15360   ----a-w-   c:\windows\system32\pacerprf.dll
2009-06-10 18:06 . 2009-06-10 18:06   134656   ----a-w-   c:\windows\system32\dps.dll
2009-06-10 18:05 . 2009-06-10 18:05   95232   ----a-w-   c:\windows\system32\PortableDeviceClassExtension.dll
2009-06-10 18:05 . 2009-06-10 18:05   241152   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
2009-06-10 18:05 . 2009-06-10 18:05   160768   ----a-w-   c:\windows\system32\PortableDeviceTypes.dll
2009-06-10 18:04 . 2009-06-10 18:04   87040   ----a-w-   c:\windows\system32\msoert2.dll
2009-06-10 18:04 . 2009-06-10 18:04   39424   ----a-w-   c:\windows\system32\ACCTRES.dll
2009-06-10 18:04 . 2009-06-10 18:04   205824   ----a-w-   c:\windows\system32\msoeacct.dll
2009-06-10 18:02 . 2009-06-10 18:02   704000   ----a-w-   c:\windows\system32\PhotoScreensaver.scr
2009-06-10 18:02 . 2009-06-10 18:02   356352   ----a-w-   c:\windows\system32\wbem\wbemcomn.dll
2009-06-10 18:02 . 2009-06-10 18:02   24064   ----a-w-   c:\windows\system32\wtsapi32.dll
2009-06-10 18:02 . 2009-06-10 18:02   28344   ----a-w-   c:\windows\system32\drivers\battc.sys
2009-06-10 18:02 . 2009-06-10 18:02   258232   ----a-w-   c:\windows\system32\drivers\acpi.sys
2009-06-10 18:02 . 2009-06-10 18:02   20920   ----a-w-   c:\windows\system32\drivers\compbatt.sys
2009-06-10 18:02 . 2009-06-10 18:02   542720   ----a-w-   c:\windows\system32\sysmain.dll
2009-06-10 18:02 . 2009-06-10 18:02   67584   ----a-w-   c:\windows\system32\wlanhlp.dll
2009-06-10 18:02 . 2009-06-10 18:02   502784   ----a-w-   c:\windows\system32\wlansvc.dll
2009-06-10 18:02 . 2009-06-10 18:02   47104   ----a-w-   c:\windows\system32\wlanapi.dll
2009-06-10 18:02 . 2009-06-10 18:02   297984   ----a-w-   c:\windows\system32\wlansec.dll
2009-06-10 18:02 . 2009-06-10 18:02   290816   ----a-w-   c:\windows\system32\wlanmsm.dll
2009-06-10 18:00 . 2009-06-10 18:00   110080   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2009-06-10 18:00 . 2009-06-10 18:00   194560   ----a-w-   c:\windows\system32\WebClnt.dll
2009-06-10 17:59 . 2009-06-10 17:59   2028032   ----a-w-   c:\windows\system32\win32k.sys
2009-06-10 17:58 . 2009-06-10 17:58   49664   ----a-w-   c:\windows\system32\csrsrv.dll
2009-06-10 17:58 . 2009-06-10 17:58   376320   ----a-w-   c:\windows\system32\winsrv.dll
2009-06-10 17:54 . 2009-06-10 17:54   376832   ----a-w-   c:\windows\system32\winhttp.dll
2009-06-10 17:51 . 2009-06-10 17:51   297472   ----a-w-   c:\windows\system32\gdi32.dll
2009-06-10 17:50 . 2009-06-10 17:50   41984   ----a-w-   c:\windows\system32\drivers\monitor.sys
2009-06-10 17:50 . 2009-06-10 17:50   1060920   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2009-06-10 17:48 . 2009-06-10 17:48   --------   d-----w-   c:\windows\system32\x64
2009-06-10 17:47 . 2009-06-10 17:47   211456   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2009-06-10 17:46 . 2009-06-10 17:46   374456   ----a-w-   c:\windows\system32\mcupdate_GenuineIntel.dll
2009-06-10 17:44 . 2009-06-10 17:44   500736   ----a-w-   c:\windows\system32\msdtcprx.dll
2009-06-10 17:44 . 2009-06-10 17:44   30208   ----a-w-   c:\windows\system32\xolehlp.dll
2009-06-10 17:43 . 2009-06-10 17:43   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2009-06-10 17:43 . 2009-06-10 17:43   4247552   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-10 17:43 . 2009-06-10 17:43   1687040   ----a-w-   c:\windows\system32\gameux.dll
2009-06-10 17:41 . 2009-06-10 17:41   303616   ----a-w-   c:\windows\system32\wmpeffects.dll
2009-06-10 17:40 . 2009-06-10 17:40   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2009-06-10 17:40 . 2009-06-10 17:40   1194496   ----a-w-   c:\windows\system32\msxml3.dll
2009-06-10 17:38 . 2009-06-10 17:38   414208   ----a-w-   c:\windows\system32\msscp.dll
2009-06-10 17:37 . 2009-06-10 17:37   356864   ----a-w-   c:\windows\system32\MediaMetadataHandler.dll
2009-06-10 17:36 . 2009-06-10 17:36   86016   ----a-w-   c:\windows\system32\icfupgd.dll
2009-06-10 17:36 . 2009-06-10 17:36   63488   ----a-w-   c:\windows\system32\drivers\mpsdrv.sys
2009-06-10 17:36 . 2009-06-10 17:36   396800   ----a-w-   c:\windows\system32\MPSSVC.dll
2009-06-10 17:36 . 2009-06-10 17:36   392192   ----a-w-   c:\windows\system32\FirewallAPI.dll
2009-06-10 17:36 . 2009-06-10 17:36   61952   ----a-w-   c:\windows\system32\cmifw.dll
2009-06-10 17:36 . 2009-06-10 17:36   16896   ----a-w-   c:\windows\system32\wfapigp.dll
2009-06-10 17:36 . 2009-06-10 17:36   23040   ----a-w-   c:\windows\system32\drivers\tunnel.sys
2009-06-10 17:36 . 2009-06-10 17:36   178688   ----a-w-   c:\windows\system32\iphlpsvc.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 18:15 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Calendar
2009-06-10 18:14 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-06-10 18:14 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Defender
2009-06-10 18:14 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Sidebar
2009-06-10 18:14 . 2006-11-02 10:25   665600   ----a-w-   c:\windows\inf\drvindex.dat
2009-06-10 17:09 . 2009-06-10 17:09   40960   ----a-w-   c:\windows\system32\srclient.dll
2009-06-10 17:06 . 2009-06-10 17:06   549888   ----a-w-   c:\windows\system32\rpcss.dll
2009-06-10 17:06 . 2009-06-10 17:06   3503584   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-06-10 17:06 . 2009-06-10 17:06   3469280   ----a-w-   c:\windows\system32\ntoskrnl.exe
2009-06-10 17:06 . 2009-06-10 17:06   654336   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2009-06-10 17:06 . 2009-06-10 17:06   247296   ----a-w-   c:\windows\system32\wbem\WmiPrvSE.exe
2009-06-10 17:06 . 2009-06-10 17:06   24576   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2009-06-10 17:06 . 2009-06-10 17:06   130560   ----a-w-   c:\windows\system32\wbem\WmiDcPrv.dll
2009-06-10 17:06 . 2009-06-10 17:06   614912   ----a-w-   c:\windows\system32\wbem\fastprox.dll
2009-06-10 17:06 . 2009-06-10 17:06   501760   ----a-w-   c:\windows\system32\wbem\WmiPrvSD.dll
2009-06-10 17:06 . 2009-06-10 17:06   97280   ----a-w-   c:\windows\system32\iasrecst.dll
2009-06-10 17:06 . 2009-06-10 17:06   53248   ----a-w-   c:\windows\system32\iasads.dll
2009-06-10 17:06 . 2009-06-10 17:06   37888   ----a-w-   c:\windows\system32\iasdatastore.dll
2009-06-10 17:06 . 2009-06-10 17:06   158720   ----a-w-   c:\windows\system32\sdohlp.dll
2009-06-10 17:05 . 2009-06-10 17:05   72704   ----a-w-   c:\windows\system32\admparse.dll
2009-06-10 17:05 . 2009-06-10 17:05   827392   ----a-w-   c:\windows\system32\wininet.dll
2009-06-10 17:05 . 2009-06-10 17:05   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-06-10 17:05 . 2009-06-10 17:05   48128   ----a-w-   c:\windows\system32\mshtmler.dll
2009-06-10 17:05 . 2009-06-10 17:05   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-06-10 17:05 . 2009-06-10 17:05   56320   ----a-w-   c:\windows\system32\iesetup.dll
2009-06-10 17:02 . 2009-06-10 17:02   0   ----a-w-   c:\windows\system32\drivers\EMACHINES_W3609__GCY7110063644.MRK
2009-06-10 15:21 . 2009-06-10 15:21   --------   d-----w-   c:\users\Bob\AppData\Roaming\SampleView
2009-06-10 15:17 . 2009-06-10 15:17   --------   d-sh--we   c:\programdata\Templates
2009-06-10 15:17 . 2009-06-10 15:17   --------   d-sh--we   c:\programdata\Start Menu
2009-06-10 15:17 . 2009-06-10 15:17   --------   d-sh--we   c:\programdata\Favorites
2009-06-10 15:17 . 2009-06-10 15:17   --------   d-sh--we   c:\programdata\Documents
2009-06-10 15:17 . 2009-06-10 15:17   --------   d-sh--we   c:\programdata\Desktop
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-11-02 303104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3206373129-98774604-3863853047-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3206373129-98774604-3863853047-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3B7DEAAA-1CC5-4686-A134-28C43700D33E}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/14/2009 12:46 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/14/2009 12:46 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/14/2009 12:46 PM 51792]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609
uInternet Settings,ProxyOverride = <local>
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 15:21
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-14 15:22
ComboFix-quarantined-files.txt  2009-06-14 20:22

Pre-Run: 80,566,763,520 bytes free
Post-Run: 80,382,128,128 bytes free

267   --- E O F ---   2009-06-14 15:01

[Bobh]

evilfantasy -
I hope that is what you wanted.  I must be the dumbest person you have ever tried to help .  If I had known how much this would take I would never have started.  I would have called in a Geek.  Thank you for your effort.  I hope we finish soon.  Bob

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
c:\program files\Common Files\McAfee

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3B7DEAAA-1CC5-4686-A134-28C43700D33E}"=-


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[Bobh]

evilfantasy -
I could not get McAfee turned off and the panel said it might not run correctly.  Sure enough it is running and I can not get it to stop.  I even turned the computer off while I ate supper but when I turned it back on it is still going from CFScript and ComboFix.  I checked, I still have McAfee.  However a lot of space is back in D drive.  It is now 2.79   GB free of 8.36 GB.  Now if I could shut off the ComboFix and get rid of McAfee I would be happy.  Bob

[Bobh]

evilfantasy -
One other thing.  I now have the desktop background that comes up when I take a full factory restart.  I know this is true because I use other desktop backgrounds.  Bob

[evilfantasy]

What is the computer doing now?

Are you saying you have reset it to factory settings?

[Bobh]

evilfantasy -
The only thing I did was try to do the part where CFScript put stuff in ComboFix.  You are suppose to turn off all your security.  I got Avast turned off but I could not get McAfee turned off.  The panel said run at my risk so I ran it.  It never stopped running even while I ate supper.  I turned the computer off and back on and the desktop background that is used when the computer is new and turned on came up.  I would guess it went back to a restore point at the factory restart.  The ComboFix never gave me a log.  Then the computer quit working.  The message was "can't display page".  I hit F* when I turned it back on and "repair".  It came back on.  I of course have no idea what happened.  I guess it is fixed.  It seems to be working.  Bob

[Bobh]

evilfantasy -
I just discovered that if I scroll back up to the post where I was to get CFScript to put stuff into ComboFix that it is still doing that.  How do I stop it?  Bob

[Bobh]

evilfantasy -
Shuting down for the night.  At least you got more space in my D drive.  I got a popup that said "perfact uninstall" could get rid of McAfee.  Do you know them?  Bob