I would like to start off with hello everyone.I recently found a Downloader.Tibs warninig from SpyBot and nothing from the McAfee Antivirus I am running presently on my laptop.
I hope someone would take the time to scan over my report and give me some input on my log.Thank you for your help.
ComboFix 08-02-21 - SAMMY SMITH 2008-02-25 21:44:32.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.431 [GMT -5:00]
Running from: C:\Users\SAMMY SMITH\Desktop\ComboFix.exe
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-25 19:53 . 2008-01-02 16:33 172,032 --a------ C:\Windows\System32\igfxres.dll
2008-02-15 14:22 . 2008-02-15 14:22 59,392 --a------ C:\Windows\System32\drivers\RTSTOR.sys
2008-02-14 18:03 . 2008-02-14 18:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 13:17 . 2008-02-14 13:17 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 09:56 . 2008-02-14 09:56 <DIR> d-------- C:\cabs
2008-02-13 22:16 . 2008-02-13 22:16 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 22:16 . 2008-02-13 22:16 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 22:09 . 2008-02-13 22:09 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 22:09 . 2008-02-13 22:09 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 22:09 . 2008-02-13 22:09 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 22:09 . 2008-02-13 22:09 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 22:09 . 2008-02-13 22:09 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 22:09 . 2008-02-13 22:09 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 22:09 . 2008-02-13 22:09 17,976 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 22:08 . 2008-02-13 22:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:08 . 2008-02-13 22:08 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 22:08 . 2008-02-13 22:08 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 22:08 . 2008-02-13 22:08 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 22:08 . 2008-02-13 22:08 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 22:08 . 2008-02-13 22:08 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 22:08 . 2008-02-13 22:08 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 22:03 . 2008-02-13 22:03 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-13 22:03 . 2008-02-13 22:03 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 22:03 . 2008-02-13 22:03 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-08 22:20 . 2008-02-08 22:20 <DIR> d-------- C:\Program Files\Haute Secure
2008-02-06 17:15 . 2008-02-06 17:15 411,720 --a------ C:\Windows\System32\drivers\ct.sys
2008-02-05 23:46 . 2008-02-05 23:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-05 20:38 . 2008-02-05 20:38 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-02-05 20:35 . 2008-02-05 20:35 <DIR> d-------- C:\Users\SAMMYS~1\AppData\Roaming\Ahead
2008-02-05 20:35 . 2008-02-05 20:35 <DIR> d-------- C:\Users\SAMMY SMITH\AppData\Roaming\Ahead
2008-02-05 20:24 . 2008-02-05 21:21 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-31 18:52 . 2008-01-31 18:52 <DIR> d-------- C:\Users\All Users\NetZero
2008-01-31 18:52 . 2008-01-31 18:52 <DIR> d-------- C:\PROGRA~2\NetZero
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 02:27 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Spare Backup
2008-02-25 02:27 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Spare Backup
2008-02-24 02:20 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-24 01:10 --------- d-----w C:\Program Files\NetZero
2008-02-18 17:42 --------- d-----w C:\Program Files\Gateway Games
2008-02-18 09:03 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-02-17 19:24 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-17 03:16 --------- d-----w C:\Program Files\McAfee
2008-02-14 03:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 03:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 03:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-06 05:39 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-02-06 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 00:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-02 02:20 --------- d-----w C:\PROGRA~2\Symantec
2008-01-25 13:46 106,496 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-01-25 02:49 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\WeatherWatcher
2008-01-25 02:49 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\WeatherWatcher
2008-01-20 17:42 --------- d-----w C:\Program Files\REALTEK USB Wireless LAN Driver
2008-01-20 17:42 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 17:42 --------- d-----w C:\Program Files\Google
2008-01-15 14:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 00:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 22:25 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 22:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 22:25 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 22:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 22:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 22:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 22:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 22:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 22:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 22:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 22:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 22:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 21:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 21:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 21:48 2,016,256 ----a-w C:\Windows\system32\drivers\igdkmd32.sys
2008-01-02 21:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
2008-01-02 21:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
2008-01-02 21:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 21:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 21:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 21:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 21:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 21:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 21:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 21:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 21:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 21:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 21:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-12-31 01:38 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-12-28 03:08 --------- d-----w C:\Program Files\Microsoft Small Business
2007-12-28 02:55 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-27 15:12 --------- d-----w C:\Program Files\MARS
2007-12-26 22:33 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-26 07:20 290,304 ----a-w C:\Windows\system32\drivers\RTL8187B.sys
2007-12-11 22:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-11 22:17 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 22:17 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-10-16 19:46 0 ----a-w C:\Users\SAMMYS~1\AppData\Roaming\wklnhst.dat
2007-10-16 19:46 0 ----a-w C:\Users\SAMMY SMITH\AppData\Roaming\wklnhst.dat
2007-10-09 21:59 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-02-06 17:15 71880 --a------ C:\Program Files\Haute Secure\CtBho.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 11:48 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
{7792546F-70AE-4ABC-B2B6-BE68E9410002}
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-02-06 17:15 1381576]
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Power2GoExpress"="" []
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2007-09-26 13:14 1629184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-23 21:34 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 15:37 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 04:38 865840]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-19 21:13 1840128]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-12 23:27 5252936]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 13:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 21:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-02-06 17:15 98504]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 14:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 19:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
R0 Ct;Ct;C:\Windows\system32\DRIVERS\ct.sys [2008-02-06 17:15]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 11:18]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 08:46]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 02:20]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 14:22]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 15:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-02-25 21:50:34
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2008-02-25 21:56:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 02:56:31
ComboFix2.txt 2008-02-25 02:23:25
.
2008-02-25 00:37:46 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:37 PM, on 3/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html[/url]
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NMBFI5JV\DB9172~1.SH! C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OED078C7\4B3C2D~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NMBFI5JV\DB9172~1.SH! C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OED078C7\4B3C2D~1.SH! (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - [url]https://membership.cyberlink.com/vista/prog/CLVistaGenie.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 8375 bytes
I hope this information is correct because I followed directions I read on a previous thread.
Thank you for taking the time to look over my report.