Downloader.Tibs check.....?

Expand Post »

I would like to start off with hello everyone.I recently found a Downloader.Tibs warninig from SpyBot and nothing from the McAfee Antivirus I am running presently on my laptop.
I hope someone would take the time to scan over my report and give me some input on my log.Thank you for your help.

ComboFix 08-02-21 - SAMMY SMITH 2008-02-25 21:44:32.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.431 [GMT -5:00]
Running from: C:\Users\SAMMY SMITH\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF

((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-25 19:53 . 2008-01-02 16:33 172,032 --a------ C:\Windows\System32\igfxres.dll
2008-02-15 14:22 . 2008-02-15 14:22 59,392 --a------ C:\Windows\System32\drivers\RTSTOR.sys
2008-02-14 18:03 . 2008-02-14 18:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 13:17 . 2008-02-14 13:17 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 09:56 . 2008-02-14 09:56 <DIR> d-------- C:\cabs
2008-02-13 22:16 . 2008-02-13 22:16 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 22:16 . 2008-02-13 22:16 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 22:09 . 2008-02-13 22:09 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 22:09 . 2008-02-13 22:09 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 22:09 . 2008-02-13 22:09 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 22:09 . 2008-02-13 22:09 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 22:09 . 2008-02-13 22:09 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 22:09 . 2008-02-13 22:09 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 22:09 . 2008-02-13 22:09 17,976 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 22:08 . 2008-02-13 22:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:08 . 2008-02-13 22:08 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 22:08 . 2008-02-13 22:08 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 22:08 . 2008-02-13 22:08 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 22:08 . 2008-02-13 22:08 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 22:08 . 2008-02-13 22:08 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 22:08 . 2008-02-13 22:08 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 22:03 . 2008-02-13 22:03 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-13 22:03 . 2008-02-13 22:03 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 22:03 . 2008-02-13 22:03 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-08 22:20 . 2008-02-08 22:20 <DIR> d-------- C:\Program Files\Haute Secure
2008-02-06 17:15 . 2008-02-06 17:15 411,720 --a------ C:\Windows\System32\drivers\ct.sys
2008-02-05 23:46 . 2008-02-05 23:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-05 20:38 . 2008-02-05 20:38 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-02-05 20:35 . 2008-02-05 20:35 <DIR> d-------- C:\Users\SAMMYS~1\AppData\Roaming\Ahead
2008-02-05 20:35 . 2008-02-05 20:35 <DIR> d-------- C:\Users\SAMMY SMITH\AppData\Roaming\Ahead
2008-02-05 20:24 . 2008-02-05 21:21 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-31 18:52 . 2008-01-31 18:52 <DIR> d-------- C:\Users\All Users\NetZero
2008-01-31 18:52 . 2008-01-31 18:52 <DIR> d-------- C:\PROGRA~2\NetZero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 02:27 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Spare Backup
2008-02-25 02:27 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Spare Backup
2008-02-24 02:20 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-24 01:10 --------- d-----w C:\Program Files\NetZero
2008-02-18 17:42 --------- d-----w C:\Program Files\Gateway Games
2008-02-18 09:03 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-02-17 19:24 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-17 03:16 --------- d-----w C:\Program Files\McAfee
2008-02-14 03:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 03:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 03:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-06 05:39 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-02-06 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 00:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-02 02:20 --------- d-----w C:\PROGRA~2\Symantec
2008-01-25 13:46 106,496 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-01-25 02:49 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\WeatherWatcher
2008-01-25 02:49 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\WeatherWatcher
2008-01-20 17:42 --------- d-----w C:\Program Files\REALTEK USB Wireless LAN Driver
2008-01-20 17:42 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 17:42 --------- d-----w C:\Program Files\Google
2008-01-15 14:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 00:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 22:25 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 22:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 22:25 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 22:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 22:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 22:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 22:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 22:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 22:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 22:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 22:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 22:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 21:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 21:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 21:48 2,016,256 ----a-w C:\Windows\system32\drivers\igdkmd32.sys
2008-01-02 21:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
2008-01-02 21:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
2008-01-02 21:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 21:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 21:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 21:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 21:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 21:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 21:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 21:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 21:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 21:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 21:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-12-31 01:38 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-12-28 03:08 --------- d-----w C:\Program Files\Microsoft Small Business
2007-12-28 02:55 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-27 15:12 --------- d-----w C:\Program Files\MARS
2007-12-26 22:33 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-26 07:20 290,304 ----a-w C:\Windows\system32\drivers\RTL8187B.sys
2007-12-11 22:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-11 22:17 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 22:17 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-10-16 19:46 0 ----a-w C:\Users\SAMMYS~1\AppData\Roaming\wklnhst.dat
2007-10-16 19:46 0 ----a-w C:\Users\SAMMY SMITH\AppData\Roaming\wklnhst.dat
2007-10-09 21:59 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-02-06 17:15 71880 --a------ C:\Program Files\Haute Secure\CtBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 11:48 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
{7792546F-70AE-4ABC-B2B6-BE68E9410002}

[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-02-06 17:15 1381576]

[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Power2GoExpress"="" []
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2007-09-26 13:14 1629184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-23 21:34 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 15:37 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 04:38 865840]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-19 21:13 1840128]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-12 23:27 5252936]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 13:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 21:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-02-06 17:15 98504]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 14:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 19:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R0 Ct;Ct;C:\Windows\system32\DRIVERS\ct.sys [2008-02-06 17:15]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 11:18]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 08:46]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 02:20]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 14:22]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 15:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 21:50:34
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2008-02-25 21:56:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 02:56:31
ComboFix2.txt 2008-02-25 02:23:25
.
2008-02-25 00:37:46 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:37 PM, on 3/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NMBFI5JV\DB9172~1.SH! C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OED078C7\4B3C2D~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\NMBFI5JV\DB9172~1.SH! C:\Users\SAMMYS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\OED078C7\4B3C2D~1.SH! (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - https://membership.cyberlink.com/vis...VistaGenie.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8375 bytes

I hope this information is correct because I followed directions I read on a previous thread.
Thank you for taking the time to look over my report.

Similar Threads

Downloader.Tibs Have Taken Over.... in Viruses, Spyware and other Nasties

Telmar#

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

5 posts
since Feb 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Windows Vista and Windows 7 Forum Timeline: this computers video card can't play themes"...but it use to??

Next Thread in Windows Vista and Windows 7 Forum Timeline: Vista lock ups,freezes,odd behavior

DaniWeb Message

Cancel Changes

User Name
Password