removing tibs dialer!

[edevlin]

hello all, i'm having a hell of a time removing this websiteviewer business from my computer. i see that its a fairly common problem i guess...
anyway thus far i've run spybot and removed the problems it found. Then i ran AdAware and fixed those files. Then rebooted and the problem reappears.
i then ran hijackthis and here is the log it produced:


Logfile of HijackThis v1.98.2
Scan saved at 7:32:19 PM, on 2/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
F:\iTunesHelper.exe
C:\WINDOWS\System32\prvdi.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\bin\iPodService.exe
C:\Program Files\WebSiteViewer\127021.dlr
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Eric Devlin\Application Data\Mozilla\Profiles\default\nbdpmb73.slt\prefs.js)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B48F3D02-50CD-5883-AAE8-0AF628511B10} - C:\WINDOWS\system32\netkp32.dll (file missing)
O2 - BHO: STLinksCtrl Class - {B54BFA47-D897-49CA-9657-05EC9F80A32B} - C:\Program Files\STLinks\STLinks2.dll
O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)
O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATTBroadbandClient] C:\Program Files\AT&T\BBClient\Programs\RegCon.exe /admincheck
O4 - HKLM\..\Run: [ATTBroadbandUpdate] C:\Program Files\AT&T\BBClient\Programs\SAUpdate.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] F:\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [kljwdnhnblyy] C:\WINDOWS\System32\bftmcl.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)
O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/061-0848.20031022.TtzS4/iTunesSetup.exe
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab



thanks for any help!

 

[MFDnNC]

That HJT is an older version - http://www.majorgeeks.com/download3155.html

download http://www.mvps.org/winhelp2002/DelDomains.inf

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute then reboot your PC and post a fresh Hijack This log.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

Add/remove programs – remove wild Tangent

Print this and boot to safe mode
Fix these with HJT

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll

O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll

O2 - BHO: (no name) - {B48F3D02-50CD-5883-AAE8-0AF628511B10} - C:\WINDOWS\system32\netkp32.dll (file missing)

O2 - BHO: STLinksCtrl Class - {B54BFA47-D897-49CA-9657-05EC9F80A32B} - C:\Program Files\STLinks\STLinks2.dll

O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)

O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program
Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [kljwdnhnblyy] C:\WINDOWS\System32\bftmcl.exe

O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe

O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe

O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)

O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)

O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

C:\WINDOWS\System32\prvdi.exe
C:\WINDOWS\System32\bftmcl.exe
C:\WINDOWS\cerbmod.dll
C:\Program Files\WildTangent


Delete these folders

C:\Program Files\0CAT YellowPages
C:\Program Files\STHomePage
C:\Program Files\STLinks


START – RUN – key in %temp% - Edit – Select all – File – Delete
Empty the recycle bin
Boot and post a new log

 

[edevlin]

Ok i downloaded the newer HJT, installed the deldomains.inf.
Here is the new log:

Logfile of HijackThis v1.99.0
Scan saved at 8:38:45 PM, on 2/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
F:\iTunesHelper.exe
C:\WINDOWS\System32\prvdi.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\bin\iPodService.exe
C:\Program Files\WebSiteViewer\127021.dlr
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Eric Devlin\Application Data\Mozilla\Profiles\default\nbdpmb73.slt\prefs.js)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B48F3D02-50CD-5883-AAE8-0AF628511B10} - C:\WINDOWS\system32\netkp32.dll (file missing)
O2 - BHO: STLinksCtrl Class - {B54BFA47-D897-49CA-9657-05EC9F80A32B} - C:\Program Files\STLinks\STLinks2.dll
O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)
O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATTBroadbandClient] C:\Program Files\AT&T\BBClient\Programs\RegCon.exe /admincheck
O4 - HKLM\..\Run: [ATTBroadbandUpdate] C:\Program Files\AT&T\BBClient\Programs\SAUpdate.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] F:\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [kljwdnhnblyy] C:\WINDOWS\System32\bftmcl.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)
O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar2.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/061-0848.20031022.TtzS4/iTunesSetup.exe
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O23 - Service: iPod Service - Apple Computer, Inc. - F:\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

[edevlin]

Ok so booted to safe mode and fixed those files indicated with HJT. i have now rebooted and the problem still appears to exist. here is my new log:

Logfile of HijackThis v1.99.0
Scan saved at 9:29:51 PM, on 2/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
F:\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Eric Devlin\Application Data\Mozilla\Profiles\default\nbdpmb73.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATTBroadbandClient] C:\Program Files\AT&T\BBClient\Programs\RegCon.exe /admincheck
O4 - HKLM\..\Run: [ATTBroadbandUpdate] C:\Program Files\AT&T\BBClient\Programs\SAUpdate.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] F:\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/061-0848.20031022.TtzS4/iTunesSetup.exe
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O23 - Service: iPod Service - Apple Computer, Inc. - F:\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

[mobo]

First off your system is comp[letely vulnerable to attacks due to the fact that you are missing several windows updates so get those ASAP.

Other than that the log is clean.

 

[edevlin]

ok i will try to do that. thanks for the help!

 

[MFDnNC]

The log looks clean

Download http://www.intermute.com/spysubtract/cwshredder_download.html
Close all browser windows,
Open cwshredder.exe then click "Fix" and let it run.



Then restart your computer.