Solve : Bob-PC (D:)? – InterviewSolution

InterviewSolution

1.	Solve : Bob-PC (D:)?
Answer» If ComboFix alerts you that an antivirus is running just ignore it and keep on with the instructions. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix evilfantasy - You want me to close the Internet Explorer. How do I do that if I have to keep this page in front of me to follow DIRECTION? Sometime I think this has gotten out of hand. Bob Just close IE and then run ComboFix. It will guide you through the steps.evilfantasy - ComboFix 09-06-13.09 - Bob 06/14/2009 15:16.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1525.915 [GMT -5:00] Running from: c:\users\Bob\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090614-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: McAfee VirusScan On-access scanning enabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} SP: avast! antivirus 4.8.1335 [VPS 090614-0] disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: McAfee VirusScan enabled (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: SUPERAntiSpyware enabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 ))))))))))))))))))))))))))))))) . 2009-06-14 17:46 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-06-14 17:46 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-06-14 17:46 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-06-14 17:46 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-06-14 17:46 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-06-14 17:46 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-06-14 17:46 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-06-14 17:46 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-06-14 17:46 . 2009-06-14 17:46 -------- d-----w- c:\program files\Alwil Software 2009-06-13 16:54 . 2009-06-13 16:54 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-13 16:17 . 2009-06-13 16:17 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes 2009-06-13 16:17 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-13 16:17 . 2009-06-13 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-13 16:17 . 2009-06-13 16:17 -------- d-----w- c:\programdata\Malwarebytes 2009-06-13 16:17 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-13 15:25 . 2009-06-14 18:20 117760 ----a-w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-13 15:25 . 2009-06-13 15:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-06-13 15:23 . 2009-06-13 15:23 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-13 15:23 . 2009-06-13 15:23 -------- d-----w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com 2009-06-13 15:22 . 2009-06-13 15:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-13 11:05 . 2009-06-13 11:10 116842 ----a-w- c:\windows\hpqins00.dat 2009-06-12 09:59 . 2009-06-13 17:55 -------- d-----w- c:\program files\trend micro 2009-06-12 09:59 . 2009-06-12 10:04 -------- d-----w- C:\rsit 2009-06-11 23:56 . 2009-06-11 23:56 -------- d-----w- c:\programdata\HP Product Assistant 2009-06-11 15:35 . 2009-06-11 15:35 -------- d-----w- c:\program files\CCleaner 2009-06-11 11:09 . 2009-06-11 11:09 268800 ----a-w- c:\windows\system32\es.dll 2009-06-11 00:22 . 2009-06-14 00:37 -------- d-----w- c:\programdata\Symantec 2009-06-11 00:22 . 2009-06-14 00:37 -------- d-----w- c:\programdata\Norton 2009-06-11 00:18 . 2009-06-11 00:22 -------- d-----w- c:\programdata\NortonInstaller 2009-06-10 23:48 . 2009-06-10 23:54 -------- d-----w- c:\users\Bob\AppData\Local\Microsoft Games 2009-06-10 23:30 . 2009-06-10 23:30 -------- d-----w- c:\program files\Internet Saving Optimizer 2009-06-10 23:29 . 2009-06-10 23:29 -------- d-----w- c:\program files\DoubleD 2009-06-10 21:19 . 2009-06-10 21:19 -------- d-----w- c:\users\Bob\AppData\Roaming\WildTangent 2009-06-10 20:52 . 2006-12-22 02:51 771672 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.exe 2009-06-10 20:52 . 2006-12-22 02:47 472664 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe 2009-06-10 20:40 . 2009-06-10 20:40 -------- d-----w- c:\programdata\WEBREG 2009-06-10 20:39 . 2009-06-10 20:50 -------- d-----w- c:\users\Bob\AppData\Roaming\HP 2009-06-10 20:35 . 2009-06-10 20:35 -------- d-----w- c:\program files\Hewlett-Packard 2009-06-10 20:35 . 2009-06-10 20:35 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-06-10 20:35 . 2009-06-10 20:38 -------- d-----w- c:\program files\Common Files\HP 2009-06-10 20:00 . 2009-06-10 20:53 -------- d-----w- c:\program files\HP 2009-06-10 19:58 . 2009-06-10 20:45 148928 ----a-w- c:\windows\hpoins19.dat 2009-06-10 19:58 . 2009-06-10 20:50 -------- d-----w- c:\programdata\HP 2009-06-10 19:58 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll 2009-06-10 19:58 . 2006-12-16 06:19 675840 ----a-w- c:\windows\system32\hpowiav1.dll 2009-06-10 19:58 . 2006-12-16 06:19 303104 ----a-w- c:\windows\system32\hpovst01.dll 2009-06-10 19:58 . 2006-12-16 06:19 573440 ----a-w- c:\windows\system32\hpotscl1.dll 2009-06-10 19:58 . 2007-03-13 19:52 26952 ----a-w- c:\windows\hpomdl19.dat 2009-06-10 18:43 . 2009-06-10 18:43 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-10 18:41 . 2009-02-12 09:35 38208 ----a-w- c:\users\Bob\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-06-10 18:40 . 2009-06-10 18:40 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-10 18:39 . 2009-06-10 18:44 -------- d-----w- c:\users\Bob\AppData\Local\Adobe 2009-06-10 18:39 . 2009-06-10 18:39 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe 2009-06-10 18:38 . 2009-06-10 18:52 -------- d-----w- c:\programdata\NOS 2009-06-10 18:38 . 2009-06-10 18:52 -------- d-----w- c:\program files\NOS 2009-06-10 18:08 . 2009-06-10 18:08 61440 ----a-w- c:\windows\system32\winipsec.dll 2009-06-10 18:08 . 2009-06-10 18:08 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2009-06-10 18:08 . 2009-06-10 18:08 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2009-06-10 18:08 . 2009-06-10 18:08 272896 ----a-w- c:\windows\system32\polstore.dll 2009-06-10 18:07 . 2009-06-10 18:07 8192 ----a-w- c:\windows\system32\riched32.dll 2009-06-10 18:07 . 2009-06-10 18:07 48640 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2009-06-10 18:07 . 2009-06-10 18:07 20480 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2009-06-10 18:07 . 2009-06-10 18:07 77824 ----a-w- c:\windows\system32\rascfg.dll 2009-06-10 18:07 . 2009-06-10 18:07 61952 ----a-w- c:\windows\system32\drivers\wanarp.sys 2009-06-10 18:07 . 2009-06-10 18:07 52736 ----a-w- c:\windows\system32\rasdiag.dll 2009-06-10 18:07 . 2009-06-10 18:07 32768 ----a-w- c:\windows\system32\rasmxs.dll 2009-06-10 18:07 . 2009-06-10 18:07 22016 ----a-w- c:\windows\system32\rasser.dll 2009-06-10 18:06 . 2009-06-10 18:06 384000 ----a-w- c:\windows\system32\netcfgx.dll 2009-06-10 18:06 . 2009-06-10 18:06 286208 ----a-w- c:\windows\system32\ipnathlp.dll 2009-06-10 18:06 . 2009-06-10 18:06 13824 ----a-w- c:\windows\system32\icsunattend.exe 2009-06-10 18:06 . 2009-06-10 18:06 70144 ----a-w- c:\windows\system32\drivers\pacer.sys 2009-06-10 18:06 . 2009-06-10 18:06 33280 ----a-w- c:\windows\system32\traffic.dll 2009-06-10 18:06 . 2009-06-10 18:06 13824 ----a-w- c:\windows\system32\wshqos.dll 2009-06-10 18:06 . 2009-06-10 18:06 619008 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-06-10 18:06 . 2009-06-10 18:06 36864 ----a-w- c:\windows\system32\cdd.dll 2009-06-10 18:06 . 2009-06-10 18:06 15360 ----a-w- c:\windows\system32\pacerprf.dll 2009-06-10 18:06 . 2009-06-10 18:06 134656 ----a-w- c:\windows\system32\dps.dll 2009-06-10 18:05 . 2009-06-10 18:05 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-06-10 18:05 . 2009-06-10 18:05 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-06-10 18:05 . 2009-06-10 18:05 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-06-10 18:04 . 2009-06-10 18:04 87040 ----a-w- c:\windows\system32\msoert2.dll 2009-06-10 18:04 . 2009-06-10 18:04 39424 ----a-w- c:\windows\system32\ACCTRES.dll 2009-06-10 18:04 . 2009-06-10 18:04 205824 ----a-w- c:\windows\system32\msoeacct.dll 2009-06-10 18:02 . 2009-06-10 18:02 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr 2009-06-10 18:02 . 2009-06-10 18:02 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll 2009-06-10 18:02 . 2009-06-10 18:02 24064 ----a-w- c:\windows\system32\wtsapi32.dll 2009-06-10 18:02 . 2009-06-10 18:02 28344 ----a-w- c:\windows\system32\drivers\battc.sys 2009-06-10 18:02 . 2009-06-10 18:02 258232 ----a-w- c:\windows\system32\drivers\acpi.sys 2009-06-10 18:02 . 2009-06-10 18:02 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys 2009-06-10 18:02 . 2009-06-10 18:02 542720 ----a-w- c:\windows\system32\sysmain.dll 2009-06-10 18:02 . 2009-06-10 18:02 67584 ----a-w- c:\windows\system32\wlanhlp.dll 2009-06-10 18:02 . 2009-06-10 18:02 502784 ----a-w- c:\windows\system32\wlansvc.dll 2009-06-10 18:02 . 2009-06-10 18:02 47104 ----a-w- c:\windows\system32\wlanapi.dll 2009-06-10 18:02 . 2009-06-10 18:02 297984 ----a-w- c:\windows\system32\wlansec.dll 2009-06-10 18:02 . 2009-06-10 18:02 290816 ----a-w- c:\windows\system32\wlanmsm.dll 2009-06-10 18:00 . 2009-06-10 18:00 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2009-06-10 18:00 . 2009-06-10 18:00 194560 ----a-w- c:\windows\system32\WebClnt.dll 2009-06-10 17:59 . 2009-06-10 17:59 2028032 ----a-w- c:\windows\system32\win32k.sys 2009-06-10 17:58 . 2009-06-10 17:58 49664 ----a-w- c:\windows\system32\csrsrv.dll 2009-06-10 17:58 . 2009-06-10 17:58 376320 ----a-w- c:\windows\system32\winsrv.dll 2009-06-10 17:54 . 2009-06-10 17:54 376832 ----a-w- c:\windows\system32\winhttp.dll 2009-06-10 17:51 . 2009-06-10 17:51 297472 ----a-w- c:\windows\system32\gdi32.dll 2009-06-10 17:50 . 2009-06-10 17:50 41984 ----a-w- c:\windows\system32\drivers\monitor.sys 2009-06-10 17:50 . 2009-06-10 17:50 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-06-10 17:48 . 2009-06-10 17:48 -------- d-----w- c:\windows\system32\x64 2009-06-10 17:47 . 2009-06-10 17:47 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-06-10 17:46 . 2009-06-10 17:46 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2009-06-10 17:44 . 2009-06-10 17:44 500736 ----a-w- c:\windows\system32\msdtcprx.dll 2009-06-10 17:44 . 2009-06-10 17:44 30208 ----a-w- c:\windows\system32\xolehlp.dll 2009-06-10 17:43 . 2009-06-10 17:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-06-10 17:43 . 2009-06-10 17:43 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-06-10 17:43 . 2009-06-10 17:43 1687040 ----a-w- c:\windows\system32\gameux.dll 2009-06-10 17:41 . 2009-06-10 17:41 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2009-06-10 17:40 . 2009-06-10 17:40 2048 ----a-w- c:\windows\system32\msxml3r.dll 2009-06-10 17:40 . 2009-06-10 17:40 1194496 ----a-w- c:\windows\system32\msxml3.dll 2009-06-10 17:38 . 2009-06-10 17:38 414208 ----a-w- c:\windows\system32\msscp.dll 2009-06-10 17:37 . 2009-06-10 17:37 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll 2009-06-10 17:36 . 2009-06-10 17:36 86016 ----a-w- c:\windows\system32\icfupgd.dll 2009-06-10 17:36 . 2009-06-10 17:36 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys 2009-06-10 17:36 . 2009-06-10 17:36 396800 ----a-w- c:\windows\system32\MPSSVC.dll 2009-06-10 17:36 . 2009-06-10 17:36 392192 ----a-w- c:\windows\system32\FirewallAPI.dll 2009-06-10 17:36 . 2009-06-10 17:36 61952 ----a-w- c:\windows\system32\cmifw.dll 2009-06-10 17:36 . 2009-06-10 17:36 16896 ----a-w- c:\windows\system32\wfapigp.dll 2009-06-10 17:36 . 2009-06-10 17:36 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys 2009-06-10 17:36 . 2009-06-10 17:36 178688 ----a-w- c:\windows\system32\iphlpsvc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 18:15 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2009-06-10 18:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-06-10 18:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2009-06-10 18:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2009-06-10 18:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-06-10 17:09 . 2009-06-10 17:09 40960 ----a-w- c:\windows\system32\srclient.dll 2009-06-10 17:06 . 2009-06-10 17:06 549888 ----a-w- c:\windows\system32\rpcss.dll 2009-06-10 17:06 . 2009-06-10 17:06 3503584 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-06-10 17:06 . 2009-06-10 17:06 3469280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-06-10 17:06 . 2009-06-10 17:06 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-06-10 17:06 . 2009-06-10 17:06 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2009-06-10 17:06 . 2009-06-10 17:06 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-06-10 17:06 . 2009-06-10 17:06 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2009-06-10 17:06 . 2009-06-10 17:06 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-06-10 17:06 . 2009-06-10 17:06 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2009-06-10 17:06 . 2009-06-10 17:06 97280 ----a-w- c:\windows\system32\iasrecst.dll 2009-06-10 17:06 . 2009-06-10 17:06 53248 ----a-w- c:\windows\system32\iasads.dll 2009-06-10 17:06 . 2009-06-10 17:06 37888 ----a-w- c:\windows\system32\iasdatastore.dll 2009-06-10 17:06 . 2009-06-10 17:06 158720 ----a-w- c:\windows\system32\sdohlp.dll 2009-06-10 17:05 . 2009-06-10 17:05 72704 ----a-w- c:\windows\system32\admparse.dll 2009-06-10 17:05 . 2009-06-10 17:05 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-10 17:05 . 2009-06-10 17:05 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-10 17:05 . 2009-06-10 17:05 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-06-10 17:05 . 2009-06-10 17:05 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-06-10 17:05 . 2009-06-10 17:05 56320 ----a-w- c:\windows\system32\iesetup.dll 2009-06-10 17:02 . 2009-06-10 17:02 0 ----a-w- c:\windows\system32\drivers\EMACHINES_W3609__GCY7110063644.MRK 2009-06-10 15:21 . 2009-06-10 15:21 -------- d-----w- c:\users\Bob\AppData\Roaming\SampleView 2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Templates 2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Start Menu 2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Favorites 2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Documents 2009-06-10 15:17 . 2009-06-10 15:17 -------- d-sh--we c:\programdata\Desktop . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-11-02 303104] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] ="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3206373129-98774604-3863853047-1000] "EnableNotificationsRef"=dword:00000002 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3206373129-98774604-3863853047-500] "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3B7DEAAA-1CC5-4686-A134-28C43700D33E}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|Svc=DFSR:Allow inbound TCP traffic\| R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/14/2009 12:46 PM 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/14/2009 12:46 PM 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/14/2009 12:46 PM 51792] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184] --- Other Services/Drivers In Memory --- NewlyCreated - ASWFSBLK NewlyCreated - ASWMONFLT NewlyCreated - ASWRDR NewlyCreated - ASWSP NewlyCreated - ASWTDI [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . - - - - ORPHANS REMOVED - - - - HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://verizon.yahoo.com/ mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3609 uInternet Settings,ProxyOverride = DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-14 15:21 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-06-14 15:22 ComboFix-quarantined-files.txt 2009-06-14 20:22 Pre-Run: 80,566,763,520 bytes free Post-Run: 80,382,128,128 bytes free 267 --- E O F --- 2009-06-14 15:01 evilfantasy - I hope that is what you wanted. I must be the dumbest person you have ever tried to help . If I had known how much this would take I would never have STARTED. I would have called in a Geek. Thank you for your effort. I hope we finish soon. BobDelete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Folder:: c:\program files\Common Files\McAfee Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3B7DEAAA-1CC5-4686-A134-28C43700D33E}"=- 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze*evilfantasy - I could not get McAfee turned off and the panel said it might not run correctly. Sure enough it is running and I can not get it to stop. I even turned the computer off while I ate supper but when I turned it back on it is still going from CFScript and ComboFix. I checked, I still have McAfee. However a lot of space is back in D drive. It is now 2.79 GB free of 8.36 GB. Now if I could shut off the ComboFix and get rid of McAfee I would be happy. Bob evilfantasy - One other thing. I now have the desktop background that comes up when I take a full factory restart. I know this is true because I use other desktop backgrounds. BobWhat is the computer doing now? Are you saying you have reset it to factory settings?evilfantasy - The only thing I did was try to do the part where CFScript put stuff in ComboFix. You are suppose to turn off all your security. I got Avast turned off but I could not get McAfee turned off. The panel said run at my risk so I ran it. It never stopped running even while I ate supper. I turned the computer off and back on and the desktop background that is used when the computer is new and turned on came up. I would guess it WENT back to a restore point at the factory restart. The ComboFix never gave me a log. Then the computer quit working. The message was "can't DISPLAY page". I hit F when I turned it back on and "repair". It came back on. I of course have no idea what happened. I guess it is fixed. It seems to be working. Bobevilfantasy - I just discovered that if I scroll back up to the post where I was to get CFScript to put stuff into ComboFix that it is still doing that. How do I stop it? Bob evilfantasy - Shuting down for the night. At least you got more space in my D drive. I got a popup that said "perfact uninstall" could get rid of McAfee. Do you know them? Bob

Discussion

No Comment Found

Related InterviewSolutions