Hijack This Log for s2.bestmanage.org redirect

  1. 12-07-2007  #1
    eddiep
    eddiep is offline Newbie

    Hijack This Log for s2.bestmanage.org redirect

    I've got some ghost in my machine. I get Trend telling me that I'm trying to open a dangerous web site (http://s2.bestmanage.org/?pid) and my Task Manager has been "disabled by my administrator".

    Here's the HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 645 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microtek\ScanWizard 5\LANServer.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide.exe
    C:\WINDOWS\mgrs.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Trend Micro\PCC2006US_1410_1023\Setup\Module\pccmain.exe
    C:\Program Files\Microtek\ScanWizard 5\MsgRpr.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LANServer] C:\Program Files\Microtek\ScanWizard 5\LANServer.exe
    O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Main Console.lnk = C:\Program Files\Trend Micro\PCC2006US_1410_1023\Setup\Module\pccmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
    O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwlb.ops.placeware.com/etc/...uicksilver.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137462006281
    O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe

    Thanks for any help anyone can provide!!!
  2. 12-07-2007  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
    • Open the extracted folder and double click RunThis.bat to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.




    Let us see/review what is loaded on your PC:
    • Run HijackThis and Click ‘Open the Misc Tools section’ button.
    • Then click the ‘Open Uninstall Manager…’ button.
    • Click the ‘Save list…’ button. Save uninstall_list to your desktop.

    • Open the Uninstall list file and post in your next reply please.
  3. 12-07-2007  #3
    eddiep
    eddiep is offline Newbie
    OK. I followed the directions and here are the results:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:28:34 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PccGuide.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microtek\ScanWizard 5\LANServer.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Microtek\ScanWizard 5\MsgRpr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LANServer] C:\Program Files\Microtek\ScanWizard 5\LANServer.exe
    O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Main Console.lnk = C:\Program Files\Trend Micro\PCC2006US_1410_1023\Setup\Module\pccmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
    O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwlb.ops.placeware.com/etc/...uicksilver.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137462006281
    O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe


    2Wire Wireless Client Manager V3.02
    Ad-Aware SE Plus
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Download Manager 1.2 (Remove Only)
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Photoshop CS
    Adobe Photoshop Elements 2.0
    Adobe Reader 8.1.0
    ALPS Touch Pad Driver
    ArcSoft Camera Suite
    BCM V.92 56K Modem
    Broadcom 440x 10/100 Integrated Controller
    Broadcom Advanced Control Suite
    Business Contact Manager for Outlook 2003
    Canon Camera Support Core Library
    Canon Camera Window for ZoomBrowser EX
    Canon i9900
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint
    Canon Utilities Easy-PhotoPrint Plus
    Canon Utilities File Viewer Utility 1.3
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture 2.7
    Canon Utilities ZoomBrowser EX
    Corel Painter Essentials 2
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell ResourceCD
    Dell Solution Center
    Dell Support
    DivX
    DivX Converter
    DivX Player
    DivX Web Player
    DVDSentry
    ffdshow
    Google Desktop Search
    Google Toolbar for Internet Explorer
    HijackThis 1.99.1
    Intel(R) PROSet
    Internet Explorer Default Page
    IPhoto ICC inspect
    ixla Digital Camera Suite
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8 Dell Edition
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_06
    Learn2 Player (Uninstall Only)
    LiveUpdate 2.6 (Symantec Corporation)
    Lizardtech DjVu Control (autoinstall)
    Logitech Print Service
    Logitech QuickCam
    Logitech® Camera Driver
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Merriam-Webster Online Toolbar
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft AntiSpyware
    Microsoft Data Access Components KB870669
    Microsoft FrontPage 2000
    Microsoft Image Composer 1.5
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office Live Meeting
    Microsoft Office Professional Edition 2003
    Microtek LAN Wizard
    Midisport 2x2 1.0.1.0
    MINITAB 13
    Modem Helper
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    Musicmatch® Jukebox
    Musicware PIANO Course 1 for Windows95 and NT 4.0
    Musicware PIANO Course 2 for Windows95 and NT 4.0
    My Sirius Studio
    nik Color Efex Pro 2.0 IE
    Norton WMI Update
    NVIDIA Drivers
    Opera
    Piano Discovery System (PDS) 3.0 FIX (1.0) for Windows XP
    PowerDVD
    PrintServer Utilities
    RealPlayer
    SBC Yahoo! Applications
    SBC Yahoo! DSL Home Networking Installer
    SBC Yahoo! Messenger Explorer Bar
    ScanWizard 5
    Secure Delivery
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917537)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926247)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB939373)
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Spectrophotometer Drivers
    SpywareBlaster v3.5.1
    SpywareGuard v2.2
    StuffIt Standard
    ToolCrib v4.1
    Trend Micro PC-cillin Internet Security 2007
    Trend Micro PC-cillin Internet Security 2007
    TrueSwitch Wizard SBC
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB936357)
    Viewpoint Manager (Remove Only)
    VX2 Cleaner plug-in for Ad-Aware SE
    Wacom Tablet
    WebEx
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888240
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinZip
    Wireless
    Yahoo! Anti-Spy
    Yahoo! Messenger


    SDFix: Version 1.90

    Run by Edward G. Pariser on Wed 07/11/2007 at 11:03 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\DOCUME~1\EDWARD~1.PAR\Desktop\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\APPQA.DLL - Deleted
    C:\WINDOWS\SYSTEM32\SYSTEM32.DLL - Deleted
    C:\svchost.exe - Deleted
    C:\WINDOWS\mgrs.exe - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microtek\\ScanWizard 5\\LANServer.exe"="C:\\Program Files\\Microtek\\ScanWizard 5\\LANServer.exe:*isabled:LAN Server"
    "C:\\Program Files\\Microtek\\ScanWizard 5\\MsgRpr.exe"="C:\\Program Files\\Microtek\\ScanWizard 5\\MsgRpr.exe:*isabled:MsgReplier"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yah oo! Messenger"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:Re alPlayer"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*isabled:Windows Messenger"
    "C:\\WINDOWS\\SYSTEM32\\mmc.exe"="C:\\WINDOWS\\SYS TEM32\\mmc.exe:*isabled:Microsoft Management Console"
    "C:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"="C:\\WIN DOWS\\SYSTEM32\\USMT\\migwiz.exe:*isabled:Files and Settings Transfer Wizard"
    "C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\trueplay.exe:*:Enabled:Re alPlayer"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

    Remaining Files:
    ---------------

    Backups Folder: - C:\DOCUME~1\EDWARD~1.PAR\Desktop\SDFix\backups\bac kups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\Edward G. Pariser\NetHood\ftp.qg.com\Desktop.ini
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\Program Files\MTBWIN\Mtb12.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Edward G. Pariser\Application Data\Microsoft\Word\~WRL0005.tmp
    C:\Documents and Settings\Edward G. Pariser\Application Data\Microsoft\Word\~WRL0243.tmp
    C:\Documents and Settings\Edward G. Pariser\Application Data\Microsoft\Word\~WRL0597.tmp
    C:\Documents and Settings\Edward G. Pariser\Application Data\Microsoft\Word\~WRL1337.tmp
    C:\Documents and Settings\Edward G. Pariser\Application Data\Microsoft\Word\~WRL1377.tmp
    C:\Documents and Settings\Edward G. Pariser\Application Data\Microsoft\Word\~WRL2166.tmp
    C:\Documents and Settings\Edward G. Pariser\Application Data\Microsoft\Word\~WRL2817.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\~WRL0004.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\~WRL1302.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\~WRL2000.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\~WRL3635.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\~WRL3717.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\~WRL4052.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\Quad Graphics\~WRL2339.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\Quad Graphics\~WRL2407.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL0165.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL0540.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL0823.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL1093.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL1123.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL1443.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL1484.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL1635.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL1873.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL2629.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL2809.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL2842.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL3653.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL4040.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Consulting Info\RRD Info\Color Control Project\~WRL4048.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Life Stuff\RIT INFO\CorpCommunications\~WRL0283.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Life Stuff\RIT INFO\CorpCommunications\~WRL2830.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Life Stuff\RIT INFO\CorpCommunications\~WRL3654.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\Life Stuff\RIT INFO\CorpCommunications\~WRL3727.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\EdPariser\Elgin\~WRL0003.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\EdPariser\Elgin\~WRL0004.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\EdPariser\Elgin\~WRL0331.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\EdPariser\Elgin\~WRL1860.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\EdPariser\Elgin\~WRL1958.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\EdPariser\Elgin\~WRL3938.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Elgin\~WRL0003.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Elgin\~WRL0004.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Elgin\~WRL0331.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Elgin\~WRL1860.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Elgin\~WRL1958.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Elgin\~WRL3938.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Sixsigma\EdPariser\Elgin\~WRL0003.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Sixsigma\EdPariser\Elgin\~WRL0004.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Sixsigma\EdPariser\Elgin\~WRL0331.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Sixsigma\EdPariser\Elgin\~WRL1860.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Sixsigma\EdPariser\Elgin\~WRL1958.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\RRD Stuff\Sixsigma\EdPariser\Elgin\~WRL3938.tmp
    C:\Documents and Settings\Edward G. Pariser\Desktop\WrightPlus\trainingdocs\~WRL2025.t mp

    Finished


    Thanks again.

    Ed
  4. 12-07-2007  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Read over the following directions. Ask if anything appears unclear to you.



    Clean out TEMPORARY FILES procedures:
    To clean your temp folder, recycle bin, etc..please download this free tool:

    CCleaner http://www.ccleaner.com/downloadbuilds.asp

    Install Options:
    • Don't install any Toolbars, or other programs, should it ask you!
    • Just uncheck the option of installing the Yahoo toolbar.

    It will put a shortcut on your Desktop.

    Do not run CCleaner until requested later.




    We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O4 - HKLM\..\Run: [MSAVSC.EXE] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKLM\..\Run: [MSSCAN.EXE] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKLM\..\Run: [MSIEMON.EXE] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKLM\..\Run: [MSFW.EXE] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKLM\..\Run: [MSCTRL.EXE] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [MSCTRL.EXE] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [MSAVSC.EXE] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [MSSCAN.EXE] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [MSIEMON.EXE] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [MSFW.EXE] C:\Program Files\Microsoft Security Adviser\msfw.exe

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

    SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



    Delete TEMPORARY FILES: Now, use CCleaner to hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

    Run CCleaner .

    FIRST-TIME USE:
    Select the ‘Options’ BUTTON option (top LEFT), ‘Advanced’ BUTTON, and then UNCHECK the ‘Only delete files in Windows Temp Folders older than 48 hours’.

    Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.
    • Uncheck ‘Cookies’ option (advisable)
    • Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
    • Click the ‘Analyse’ button.
    • Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

    ***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


    DELETE FILES:

    *.TMP (possible additional hidden clutter files as identified by SDFIX)




    DELETE FOLDERS:

    C:\Program Files\Microsoft Security Adviser



    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
+ Reply to Thread
« res: shdoclc.dll/dnserror.htm error.....what do i do?? | Hijack this log, ie popups »