I am posting this log in hope someone can help me with my problem.I have followed several
directions on how to rid my laptop of this nasty bug with no good results.It continue to invade my registry and system even after removing several things.It would be a great help
if someone in the forum can guide or lead me into the correct directoin.I have a Gateway
Ml 6720 with vista home premium.Here is a copy of my log:
ComboFix 08-03-05.3 - SAMMY SMITH 2008-03-06 17:08:50.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.665 [GMT -5:00]
Running from: C:\Users\SAMMY SMITH\Desktop\ComboFix.exe
[B].
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_IDSVIX86
-------\LEGACY_NPF
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.
2008-03-02 19:32 . 2008-03-02 19:32 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-01 20:09 . 2008-03-01 20:09 <DIR> d-------- C:\Users\All Users\TEMP
2008-03-01 20:09 . 2008-03-01 20:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-01 20:09 . 2008-03-01 20:09 <DIR> d-------- C:\PROGRA~2\TEMP
2008-02-25 19:53 . 2008-01-02 16:33 172,032 --a------ C:\Windows\System32\igfxres.dll
2008-02-15 14:22 . 2008-02-15 14:22 59,392 --a------ C:\Windows\System32\drivers\RTSTOR.sys
2008-02-14 18:03 . 2008-02-14 18:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 13:17 . 2008-02-14 13:17 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 09:56 . 2008-02-14 09:56 <DIR> d-------- C:\cabs
2008-02-14 06:56 . 2008-02-14 06:56 118,784 --a------ C:\Windows\System32\drivers\Rtlh86.sys
2008-02-13 22:16 . 2008-02-13 22:16 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 22:16 . 2008-02-13 22:16 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 22:09 . 2008-02-13 22:09 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 22:09 . 2008-02-13 22:09 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 22:09 . 2008-02-13 22:09 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 22:09 . 2008-02-13 22:09 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 22:09 . 2008-02-13 22:09 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 22:09 . 2008-02-13 22:09 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 22:09 . 2008-02-13 22:09 17,976 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 22:08 . 2008-02-13 22:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:08 . 2008-02-13 22:08 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 22:08 . 2008-02-13 22:08 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 22:08 . 2008-02-13 22:08 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 22:08 . 2008-02-13 22:08 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 22:08 . 2008-02-13 22:08 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 22:08 . 2008-02-13 22:08 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 22:03 . 2008-02-13 22:03 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-13 22:03 . 2008-02-13 22:03 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 22:03 . 2008-02-13 22:03 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-08 22:20 . 2008-02-08 22:20 <DIR> d-------- C:\Program Files\Haute Secure
2008-02-06 17:15 . 2008-02-06 17:15 411,720 --a------ C:\Windows\System32\drivers\ct.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 03:21 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Spare Backup
2008-03-05 03:21 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Spare Backup
2008-03-01 17:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-24 01:10 --------- d-----w C:\Program Files\NetZero
2008-02-18 17:42 --------- d-----w C:\Program Files\Gateway Games
2008-02-18 09:03 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-02-17 19:24 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-17 03:16 --------- d-----w C:\Program Files\McAfee
2008-02-14 03:13 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-14 03:13 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 03:13 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 03:13 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-14 03:13 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-14 03:13 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-14 03:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-06 05:39 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-02-06 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 02:21 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-06 01:38 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-06 01:35 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Ahead
2008-02-06 01:35 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Ahead
2008-02-06 00:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-31 23:52 --------- d-----w C:\PROGRA~2\NetZero
2008-01-25 02:49 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\WeatherWatcher
2008-01-25 02:49 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\WeatherWatcher
2008-01-20 17:42 --------- d-----w C:\Program Files\REALTEK USB Wireless LAN Driver
2008-01-20 17:42 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 17:42 --------- d-----w C:\Program Files\Google
2008-01-10 00:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 22:25 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 22:25 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 22:25 --------- d-----w C:\Program Files\Windows Sidebar
2007-10-16 19:46 0 ----a-w C:\Users\SAMMYS~1\AppData\Roaming\wklnhst.dat
2007-10-16 19:46 0 ----a-w C:\Users\SAMMY SMITH\AppData\Roaming\wklnhst.dat
2007-10-09 21:59 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-02-06 17:15 71880 --a------ C:\Program Files\Haute Secure\CtBho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
{7792546F-70AE-4ABC-B2B6-BE68E9410002}
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-02-06 17:15 1381576]
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Power2GoExpress"="" []
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2007-09-26 13:14 1629184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 14:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 19:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-23 21:34 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 15:37 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 04:38 865840]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-19 21:13 1840128]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-12 23:27 5252936]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 13:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 21:51 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-02-06 17:15 98504]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [2007-07-25 18:10 111904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 14:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 19:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FC1A30B9-F6D6-4C6E-86F6-5B147A89A917}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{86296DA4-CFCA-48B2-AC32-1AAD317227EA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{81C8B1AF-6894-47CD-919D-6FD4939AE9D4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{326D3FD9-42DF-43C5-87F3-A9D5A0EF2523}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1E76C7F8-FC50-4BF5-A849-0B6D3C8ADFDF}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{14A6F506-4DDF-43CF-9863-10BE37606999}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AF71C16F-D583-4C25-9268-36D8A92855E7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8E39BF2B-C035-4281-83D3-4452D20E0F31}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent|Desc=McAfee Network Agent
"{80DEC18A-B6F3-465B-8F47-82F3E236B8BD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 Ct;Ct;C:\Windows\system32\DRIVERS\ct.sys [2008-02-06 17:15]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 14:22]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
S2 CtServ;CtServ;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46]
S2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 08:29]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-19 21:13]
S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 06:56]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 02:20]
S4 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\drivers\usbprint.sys [2006-11-02 04:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-03-06 17:15:22
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2008-03-06 17:17:25 - machine was rebooted [SAMMY SMITH]
ComboFix-quarantined-files.txt 2008-03-06 22:17:21
.
2008-03-06 03:04:59 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:19 PM, on 3/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NMBFI5JV\DB9172~1.SH! C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OED078C7\4B3C2D~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NMBFI5JV\DB9172~1.SH! C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OED078C7\4B3C2D~1.SH! (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - [url]https://membership.cyberlink.com/vista/prog/CLVistaGenie.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 8812 bytes[/B]
Thank you so much for looking over my log and helping me with my current problem.
Sam