Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I keep getting redirected [RESOLVED]

Started by Charis1973 , Feb 04 2008 01:35 PM

  • This topic is locked This topic is locked

#16
Charis1973
Posted 10 February 2008 - 09:09 AM

Charis1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Unable to kill explorer.exe
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADUserMon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
File D:\Program Files\Iomega\AutoDisk\ADUserMon.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtiPTA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 90 days]
[Files/Folders - Modified Within 90 days]
File delete failed. D:\WINDOWS\Temp\ZLT0558f.TMP scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\Temp\ZLT055b6.TMP scheduled to be deleted on reboot.
[Empty Temp Folders]
File delete failed. D:\Documents and Settings\Sheila Joy\Local Settings\Temp\~DF4647.tmp scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Sheila Joy\Local Settings\Temp\~DF4060.tmp scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_120.dat scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\ZLT0558f.TMP scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\ZLT055b6.TMP scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta47 fix logfile created on 02102008_095756

thanks again for all your help but im still getting redirected to dodouble.
  • 0

Advertisements

#17
Rorschach112
Posted 10 February 2008 - 09:29 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt


Also can you post the link of the site you are getting redirected to
  • 0

#18
Charis1973
Posted 10 February 2008 - 01:31 PM

Charis1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Deckard's System Scanner v20071014.68
Run by Sheila Joy on 2008-02-10 14:10:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 1 Restore Point(s) --
1: 2008-02-10 19:10:53 UTC - RP102 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sheila Joy.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-10 14:13:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\SYSTEM32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\SYSTEM32\services.exe
D:\WINDOWS\SYSTEM32\lsass.exe
D:\WINDOWS\SYSTEM32\ati2evxx.exe
D:\WINDOWS\SYSTEM32\svchost.exe
D:\WINDOWS\SYSTEM32\svchost.exe
D:\WINDOWS\SYSTEM32\ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\SYSTEM32\spoolsv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb10.exe
D:\Program Files\ProcessGuard\pgaccount.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\ProcessGuard\procguard.exe
D:\Program Files\ProcessGuard\DCSUserProt.exe
D:\WINDOWS\SYSTEM32\ctfmon.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINDOWS\SYSTEM32\snmp.exe
D:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documents and Settings\Sheila Joy\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wlky.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O1 - Hosts: 216.119.23.61 L2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [!1_pgaccount] "D:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "D:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://l2.hopzone.net (HKCU)
O15 - Trusted Zone: http://www.veoh.com (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab57176.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198496957953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198854948453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupd...9439.1317361111
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ndwiat - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\SYSTEM32\wiascr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - D:\Program Files\ProcessGuard\DCSUserProt.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - D:\WINDOWS\SYSTEM32
O23 - Service: Iomega App Services - Unknown owner - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Unknown owner - D:\Program Files\Iomega\AutoDisk\ADService.exe


--
End of file - 9025 bytes

-- HijackThis Fixed Entries (D:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080130-151754-303 O20 - Winlogon Notify: awtroop - D:\WINDOWS\SYSTEM32\awtroop.dll
backup-20080130-151908-280 O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - D:\WINDOWS\system32\awtroop.dll
backup-20080130-152055-627 O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - D:\WINDOWS\system32\awtroop.dll
backup-20080130-221155-489 O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - D:\WINDOWS\system32\awtroop.dll
backup-20080130-221155-812 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
backup-20080130-221155-999 O20 - Winlogon Notify: awtroop - D:\WINDOWS\SYSTEM32\awtroop.dll

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - D:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.hlp - hlpfile - DefaultIcon - D:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - D:\WINDOWS\system32\migicons.exe,6
.reg - regfile - DefaultIcon - D:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - D:\WINDOWS\system32\migicons.exe,5


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - d:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R2 procguard - d:\windows\system32\drivers\procguard.sys

S1 atitray - d:\program files\radeon omega drivers\v3.8.421\ati tray tools\atitray.sys (file missing)
S3 catchme - d:\docume~1\sheila~1\locals~1\temp\catchme.sys (file missing)
S3 MS1000 - d:\windows\system32\drivers\ms1000.sys
S3 npkcrypt - d:\program files\lineage ii\system\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 npkcusb - d:\program files\lineage ii\system\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 TVICHW32 - d:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DCSPGSRV (DiamondCS Process Guard Service v3.000) - "d:\program files\processguard\dcsuserprot.exe" <Not Verified; DiamondCS; DiamondCS Usermode Aspect>

S2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "d:\program files\iomega\autodisk\adservice.exe" (file missing)
S2 AcrSch2Svc -
S2 TryAndDecideService -
S4 Iomega Activity Disk2 - ""
S4 Iomega App Services - "d:\progra~1\iomega\system32\appservices.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

D:\WINDOWS\explorer.exe (pid 1568)
2007-11-30 11:10:00 5120 --a------ D:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing LP; WinZip>
2007-09-04 18:55:30 129024 --a------ D:\Program Files\WinRAR\RarExt.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-02-10 09:05:04 366 --a------ D:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-02-08 19:03:02 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-06 23:00:04 502 --a------ D:\WINDOWS\Tasks\Tune-up Application Start.job


-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 09:55:44 50688 --a------ D:\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-02-09 17:04:10 0 d-------- D:\Program Files\SpywareBlaster
2008-02-09 17:03:07 0 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-09 14:49:59 10047 --a------ D:\WINDOWS\msvrc20.dll
2008-02-09 11:25:28 0 d-------- D:\Documents and Settings\Sheila Joy\DoctorWeb
2008-02-09 10:39:38 68096 --a------ D:\WINDOWS\system32\zip.exe
2008-02-09 10:39:38 98816 --a------ D:\WINDOWS\system32\sed.exe
2008-02-09 10:39:38 80412 --a------ D:\WINDOWS\system32\grep.exe
2008-02-09 10:39:38 73728 --a------ D:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-08 22:07:31 0 d-------- D:\Program Files\QuickTime
2008-02-08 22:07:12 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 19:04:10 0 d-------- D:\Documents and Settings\NetworkService\Application Data\Apple
2008-02-08 14:30:51 0 d-------- D:\WINDOWS\ERUNT
2008-02-08 10:27:30 0 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-08 10:27:27 0 d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-02-07 09:27:24 0 d-------- D:\Program Files\Lavasoft
2008-02-07 09:15:22 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 09:13:19 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 07:25:42 0 d-------- D:\WINDOWS\system32\ActiveScan
2008-02-04 22:48:05 0 d-------- D:\Program Files\Apple Software Update
2008-02-04 22:48:05 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple
2008-02-04 22:44:47 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Apple Computer
2008-02-04 20:42:55 0 d-------- D:\Program Files\Veoh Networks
2008-01-31 21:53:40 0 dr-h----- D:\Documents and Settings\Sheila Joy\Recent
2008-01-31 21:33:08 0 d-------- D:\Program Files\CCleaner
2008-01-30 20:23:49 0 d-------- D:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-30 15:50:16 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Grisoft
2008-01-30 15:47:24 0 d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 15:23:42 0 d-------- D:\VundoFix Backups
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\Templates
2008-01-30 14:37:52 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2008-01-30 14:37:52 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\Recent
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2008-01-30 14:37:52 2097152 --ah----- D:\Documents and Settings\Administrator\ntuser.dat
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2008-01-30 14:37:52 0 d-------- D:\Documents and Settings\Administrator\My Documents
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2008-01-30 14:37:52 0 d-------- D:\Documents and Settings\Administrator\Favorites
2008-01-30 14:37:52 0 d-------- D:\Documents and Settings\Administrator\Desktop
2008-01-30 14:37:52 0 d--hs---- D:\Documents and Settings\Administrator\Cookies
2008-01-30 14:37:52 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2008-01-30 14:37:52 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-29 14:48:51 0 d-------- D:\Documents and Settings\All Users\Application Data\ATI
2008-01-29 14:39:41 593920 -----n--- D:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-01-29 14:31:16 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-01-29 14:25:54 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\INAC
2008-01-29 14:25:54 0 d-------- D:\Documents and Settings\All Users\Application Data\INAC
2008-01-29 14:15:03 0 d-------- D:\Program Files\ATI Technologies
2008-01-29 12:28:47 67645 --a------ D:\WINDOWS\system32\drivers\pshook11.sys <Not Verified; TrekBlue, LLC; Anti-Virus Engine>
2008-01-29 12:27:25 0 d-------- D:\Program Files\INAC
2008-01-29 11:19:32 0 d-------- D:\WINDOWS\system32\drivers\INFUpdate
2008-01-29 11:18:15 0 d-------- D:\WINDOWS\system32\drivers\IAA
2008-01-29 01:33:57 0 d-------- D:\Program Files\Microsoft Silverlight
2008-01-28 22:01:31 106496 --a------ D:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-01-28 22:00:59 26784 -----n--- D:\WINDOWS\system32\drivers\incdpass.sys <Not Verified; Ahead Software; InCD>
2008-01-28 22:00:59 85360 -----n--- D:\WINDOWS\system32\drivers\incdfs.sys
2008-01-28 22:00:57 0 d-------- D:\WINDOWS\InCD
2008-01-28 22:00:36 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\NeroVision
2008-01-28 21:59:00 89184 -----n--- D:\WINDOWS\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
2008-01-28 21:58:28 38912 --a------ D:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-01-28 21:58:26 155648 --a------ D:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-28 21:58:26 544768 --a------ D:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-01-28 21:58:26 569344 --a------ D:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-01-28 20:51:15 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Nero
2008-01-28 20:47:27 0 d-------- D:\Program Files\Common Files\Nero
2008-01-28 20:47:27 0 d-------- D:\Documents and Settings\All Users\Application Data\Nero
2008-01-28 15:24:59 0 d-------- D:\Program Files\CamStudio
2008-01-25 20:42:26 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Motive
2008-01-25 20:40:38 0 d-------- D:\WINDOWS\Motive
2008-01-25 20:31:26 0 d-------- D:\Documents and Settings\All Users\Application Data\Motive
2008-01-25 20:31:23 589824 --a------ D:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2008-01-25 20:31:15 0 d-------- D:\Program Files\Common Files\Motive
2008-01-24 20:13:23 0 d-------- D:\Fraps
2008-01-22 10:01:31 0 d-------- D:\L2blaze
2008-01-16 05:13:20 0 d-------- D:\l2tc
2008-01-15 21:36:13 0 d-------- D:\Program Files\KeyScrambler
2008-01-14 21:16:51 0 d-------- D:\WINDOWS\pss
2008-01-14 07:52:00 81920 --a------ D:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-10 05:21:08 18172 --a------ D:\WINDOWS\system32\pguard.dat
2008-01-10 05:21:08 333104 --a------ D:\WINDOWS\system32\pghash.dat
2008-01-10 05:17:05 106496 --a------ D:\WINDOWS\system32\procguard.dll
2008-01-10 05:17:05 24911 --a------ D:\WINDOWS\system32\drivers\procguard.sys
2008-01-10 05:17:04 0 d-------- D:\Program Files\ProcessGuard


-- Find3M Report ---------------------------------------------------------------

2008-02-10 10:11:36 3397764 --ah----- D:\Documents and Settings\Sheila Joy\Application Data\IconCache.db
2008-02-09 14:43:34 71296 --a------ D:\Documents and Settings\Sheila Joy\Application Data\GDIPFONTCACHEV1.DAT
2008-02-04 00:14:08 10752 --a------ D:\Documents and Settings\Sheila Joy\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-03 11:08:28 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2008-01-09 08:04:04 0 d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-09 07:16:56 0 --a------ D:\WINDOWS\ativpsrm.bin
2008-01-08 09:22:00 0 d-------- D:\Program Files\Hewlett-Packard
2008-01-08 09:21:16 0 d-------- D:\Program Files\HP
2008-01-08 03:20:32 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\PCHealth
2008-01-08 03:18:46 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\WinZip E-Mail Companion
2008-01-08 00:48:28 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\.BitTornado
2008-01-07 02:29:38 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Active Disk
2008-01-06 13:21:30 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Google
2008-01-06 01:17:52 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Sun
2008-01-05 21:01:48 24990 --a------ D:\WINDOWS\system32\VFP6RUN.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®>
2008-01-05 21:01:46 876032 --a------ D:\WINDOWS\system32\VFP6RENU.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®>
2008-01-05 21:01:46 3370256 --a------ D:\WINDOWS\system32\VFP6R.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®>
2008-01-05 12:19:30 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Business Logic
2008-01-05 12:04:48 0 d-------- D:\Program Files\WinZip E-Mail Companion
2008-01-05 10:30:28 147456 --a------ D:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-01-05 10:03:46 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\LimeWire
2008-01-05 10:02:06 0 d-------- D:\Program Files\Java
2008-01-05 10:00:56 0 d-------- D:\Program Files\Common Files\Java
2008-01-05 08:57:42 0 d-------- D:\Program Files\Common Files\Adobe
2008-01-02 06:59:26 0 d-------- D:\Program Files\Microsoft Works
2008-01-02 06:56:16 0 d-------- D:\Program Files\Microsoft.NET
2008-01-02 06:56:16 0 d-------- D:\Program Files\Common Files\ODBC
2008-01-02 06:51:30 0 d-------- D:\Program Files\Microsoft SQL Server
2008-01-02 06:48:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Microsoft Help
2008-01-01 20:55:46 0 d-------- D:\Program Files\MSXML 4.0
2008-01-01 09:27:28 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\atitray
2008-01-01 09:13:14 0 d-------- D:\Program Files\MultiRes
2007-12-29 12:41:18 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\CyberLink
2007-12-29 12:36:54 0 d-------- D:\Program Files\CyberLink
2007-12-29 11:24:24 0 d-------- D:\Program Files\Windows Media Components
2007-12-29 03:03:32 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\ATI
2007-12-29 03:01:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Steam
2007-12-29 02:52:40 0 d-------- D:\Program Files\Common Files\InstallShield
2007-12-28 10:04:42 0 d-------- D:\Program Files\Microsoft SQL Server Compact Edition
2007-12-28 09:55:42 0 d--hs---- D:\Program Files\Common Files\WindowsLiveInstaller
2007-12-28 09:55:14 0 d-------- D:\Program Files\Windows Live
2007-12-27 19:15:32 0 d--h----- D:\Program Files\InstallShield Installation Information
2007-12-27 19:15:18 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\InstallShield
2007-12-25 19:19:10 0 d-------- D:\Program Files\IObit
2007-12-25 07:19:46 0 d-------- D:\Program Files\Lineage II
2007-12-25 01:53:24 0 d-------- D:\Program Files\Yahoo!
2007-12-25 00:15:28 0 d-------- D:\Program Files\MSXML 6.0
2007-12-24 21:36:36 0 d-------- D:\Program Files\Download Manager
2007-12-24 21:36:08 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\IGN_DLM
2007-12-24 09:28:52 0 d-------- D:\Program Files\MSBuild
2007-12-24 09:21:02 0 d-------- D:\Program Files\Reference Assemblies
2007-12-24 09:11:02 0 d-------- D:\Program Files\Windows Media Connect 2
2007-12-24 07:18:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\MailFrontier
2007-12-24 00:15:20 0 d-------- D:\Program Files\microsoft frontpage
2007-12-24 00:13:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\WinRAR
2007-12-24 00:13:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\teamspeak2
2007-12-24 00:13:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\ApplicationHistory
2007-12-24 00:13:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Ahead
2007-12-24 00:13:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Macromedia
2007-12-24 00:13:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Identities
2007-12-24 00:13:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Adobe
2007-12-24 00:11:36 208384 --a------ D:\WINDOWS\system32\migicons.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-24 00:08:32 0 d-------- D:\Program Files\Common Files\MSSoap
2007-12-24 00:07:14 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2007-12-24 00:06:32 0 d-------- D:\Program Files\Windows NT
2007-12-24 00:00:48 0 d-------- D:\Program Files\Common Files\SpeechEngines
2007-12-23 23:04:34 126714 ---h----- D:\WINDOWS\ShellIconCache
2007-12-23 22:24:58 0 d-------- D:\Program Files\Common Files\Ahead
2007-12-23 19:00:32 62 --ahs---- D:\Documents and Settings\Sheila Joy\Application Data\desktop.ini
2007-12-23 10:54:54 149 --a------ D:\WINDOWS\msrstr.dat
2007-12-23 09:49:38 1160 --a------ D:\Documents and Settings\Sheila Joy\Application Data\dw.log
2007-12-23 09:46:18 0 --a------ D:\WINDOWS\nsreg.dat
2007-12-23 06:54:34 0 d-------- D:\Program Files\Teamspeak2_RC2
2007-12-23 06:37:02 75 --a------ D:\Documents and Settings\Sheila Joy\Application Data\fusioncache.dat
2007-12-23 05:45:44 0 d-------- D:\Program Files\WindowsUpdate
2007-12-23 05:41:28 200736 -r-h----- D:\WINDOWS\HWINFO.DAT
2007-12-23 05:40:30 23357 ---h----- D:\Program Files\folder.htt
2007-12-23 05:40:30 271 ---hs---- D:\Program Files\desktop.ini
2007-12-23 05:38:44 6093 --ah----- D:\WINDOWS\ttfCache
2007-12-23 05:33:48 18939 --a------ D:\WINDOWS\SETVER.EXE
2007-12-23 05:32:26 0 d-------- D:\Program Files\MSN Gaming Zone
2007-12-23 05:29:44 0 d-------- D:\Program Files\Online Services
2007-12-23 05:20:46 0 d-------- D:\Program Files\Plus!
2007-12-23 05:20:46 0 d-------- D:\Program Files\Movie Maker
2007-12-23 05:20:46 0 d-------- D:\Program Files\Messenger
2007-12-23 05:20:46 0 d-------- D:\Program Files\Common Files
2007-12-23 05:20:46 0 d-------- D:\Program Files\Accessories
2007-11-29 16:50:20 4096 --a------ D:\WINDOWS\system32\sysres.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [03/14/2007 09:01 PM]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 10:46 AM]
"!1_pgaccount"="D:\Program Files\ProcessGuard\pgaccount.exe" [01/20/2005 02:14 PM]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"!1_ProcessGuard_Startup"="D:\Program Files\ProcessGuard\procguard.exe" [01/20/2005 02:24 PM]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 12:55 PM]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
D:\Program Files\Iomega\AutoDisk\ADUserMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Zone Labs Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
D:\WINDOWS\SYSTEM32\updcrl.exe -e -u D:\WINDOWS\SYSTEM\verisignpub1.crl



-- Hosts -----------------------------------------------------------------------

216.119.23.61 L2authd.lineage2.com


-- End of Deckard's System Scanner: finished at 2008-02-10 14:21:07 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1400MHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1023.48 MiB / 544.2 MiB
Pagefile Memory (total/avail): 2461.88 MiB / 2033.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.28 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 6.51 GiB total, 4.62 GiB free.
D: is Fixed (FAT32) - 93.14 GiB total, 73.1 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - WDC WD1000BB-00CAA0 - 93.16 GiB - 1 partition
\PARTITION0 - Unknown - 93.16 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD200EB-32CSF0 - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 6.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.462.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Sheila Joy\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=HOME1
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Sheila Joy
LOGONSERVER=\\HOME1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\COMMAND;D:\WINDOWS\system32\WBEM;"D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 0 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=000a
ProgramFiles=D:\Program Files
PROMPT=$p$g
QTJAVA=D:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\SHEILA~1\LOCALS~1\Temp
TMP=D:\DOCUME~1\SHEILA~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=HOME1
USERNAME=Sheila Joy
USERPROFILE=D:\Documents and Settings\Sheila Joy
winbootdir=D:\WINDOWS
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sheila Joy (admin)
Administrator.HOME1 (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Active Disk --> D:\WINDOWS\unvise32.exe D:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> D:\WINDOWS\SYSTEM32\MACROMED\FLASH\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Advanced WindowsCare 2.21 Professional --> "D:\Program Files\IObit\Advanced WindowsCare V2 Pro\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
DiamondCS ProcessGuard v3.150 --> "D:\Program Files\ProcessGuard\unins000.exe"
Download Manager 2.3.6 --> D:\Program Files\Download Manager\uninst.exe
Fraps (remove only) --> "D:\Fraps\uninstall.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HP Deskjet 3740 --> msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KeyScrambler --> D:\Program Files\KeyScrambler\uninstall.exe
Lineage II --> D:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "D:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial --> "D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultiRes (remove only) --> D:\Program Files\MultiRes\uninstal.exe
Panda ActiveScan --> D:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD Ultra --> "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Radeon Omega Drivers v3.8.421 Setup Files and Tools --> "D:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe" "/U:D:\Program Files\Radeon Omega Drivers\v3.8.421\Omega Uninstall.xml"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "D:\Program Files\SpywareBlaster\unins000.exe"
TeamSpeak 2 RC2 --> "D:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
VeohTV BETA --> D:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
Windows Imaging Component --> "D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WinZip E-Mail Companion --> "D:\Program Files\WinZip E-Mail Companion\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> D:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
ZoneAlarm Security Suite --> D:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1992 / Warning
Event Submitted/Written: 02/10/2008 01:57:20 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type1991 / Warning
Event Submitted/Written: 02/10/2008 01:57:20 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type1986 / Warning
Event Submitted/Written: 02/10/2008 01:35:48 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type1985 / Warning
Event Submitted/Written: 02/10/2008 01:35:48 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type1981 / Warning
Event Submitted/Written: 02/10/2008 09:59:53 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2066 / Error
Event Submitted/Written: 02/10/2008 01:57:58 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
atitray

Event Record #/Type2065 / Error
Event Submitted/Written: 02/10/2008 01:57:58 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Iomega Active Disk service depends on the Iomega App Services service which failed to start because of the following error:
%%1058

Event Record #/Type2064 / Error
Event Submitted/Written: 02/10/2008 01:57:58 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TryAndDecideService service failed to start due to the following error:
%%3

Event Record #/Type2063 / Error
Event Submitted/Written: 02/10/2008 01:57:58 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AcrSch2Svc service failed to start due to the following error:
%%3

Event Record #/Type2061 / Error
Event Submitted/Written: 02/10/2008 01:57:16 PM
Event ID/Source: 2505 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{C5D4FB00-F028-4353-ACE5-09A20F3AA369} because another computer on the network has the same name. The server could not start.



-- End of Deckard's System Scanner: finished at 2008-02-10 14:21:07 ------------

i go to this site http://www.l2-thecon...d.com/main.html and click on the hopzone button and it redirects me and several others who also try to http://www.dodouble.com/


Thanks for all the time you have spent helping me

Charis
  • 0

#19
Rorschach112
Posted 10 February 2008 - 01:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O1 - Hosts: 216.119.23.61 L2authd.lineage2.com
O15 - Trusted Zone: http://l2.hopzone.net (HKCU)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot your PC and post a new DSS Log and tell me if you are still getting redirected
  • 0

#20
Charis1973
Posted 10 February 2008 - 02:16 PM

Charis1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Deckard's System Scanner v20071014.68
Run by Sheila Joy on 2008-02-10 15:01:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 1 Restore Point(s) --
1: 2008-02-10 19:10:53 UTC - RP102 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sheila Joy.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-10 15:04:29
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\SYSTEM32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\SYSTEM32\services.exe
D:\WINDOWS\SYSTEM32\lsass.exe
D:\WINDOWS\SYSTEM32\ati2evxx.exe
D:\WINDOWS\SYSTEM32\svchost.exe
D:\WINDOWS\SYSTEM32\svchost.exe
D:\WINDOWS\SYSTEM32\ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\SYSTEM32\spoolsv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\ProcessGuard\pgaccount.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\ProcessGuard\procguard.exe
D:\WINDOWS\SYSTEM32\ctfmon.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\ProcessGuard\DCSUserProt.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINDOWS\SYSTEM32\snmp.exe
D:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
D:\WINDOWS\SYSTEM32\wuauclt.exe
D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
D:\Documents and Settings\Sheila Joy\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wlky.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [!1_pgaccount] "D:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "D:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.veoh.com (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab57176.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198496957953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198854948453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupd...9439.1317361111
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ndwiat - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\SYSTEM32\wiascr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - D:\Program Files\ProcessGuard\DCSUserProt.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - D:\WINDOWS\SYSTEM32
O23 - Service: Iomega App Services - Unknown owner - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Unknown owner - D:\Program Files\Iomega\AutoDisk\ADService.exe


--
End of file - 8776 bytes

-- HijackThis Fixed Entries (D:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080130-151754-303 O20 - Winlogon Notify: awtroop - D:\WINDOWS\SYSTEM32\awtroop.dll
backup-20080130-151908-280 O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - D:\WINDOWS\system32\awtroop.dll
backup-20080130-152055-627 O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - D:\WINDOWS\system32\awtroop.dll
backup-20080130-221155-489 O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - D:\WINDOWS\system32\awtroop.dll
backup-20080130-221155-812 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
backup-20080130-221155-999 O20 - Winlogon Notify: awtroop - D:\WINDOWS\SYSTEM32\awtroop.dll
backup-20080210-145723-681 O1 - Hosts: 216.119.23.61 L2authd.lineage2.com
backup-20080210-145723-352 O15 - Trusted Zone: http://l2.hopzone.net

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - D:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.hlp - hlpfile - DefaultIcon - D:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - D:\WINDOWS\system32\migicons.exe,6
.reg - regfile - DefaultIcon - D:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - D:\WINDOWS\system32\migicons.exe,5


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - d:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R2 procguard - d:\windows\system32\drivers\procguard.sys

S1 atitray - d:\program files\radeon omega drivers\v3.8.421\ati tray tools\atitray.sys (file missing)
S3 catchme - d:\docume~1\sheila~1\locals~1\temp\catchme.sys (file missing)
S3 MS1000 - d:\windows\system32\drivers\ms1000.sys
S3 npkcrypt - d:\program files\lineage ii\system\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 npkcusb - d:\program files\lineage ii\system\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 TVICHW32 - d:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DCSPGSRV (DiamondCS Process Guard Service v3.000) - "d:\program files\processguard\dcsuserprot.exe" <Not Verified; DiamondCS; DiamondCS Usermode Aspect>

S2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "d:\program files\iomega\autodisk\adservice.exe" (file missing)
S2 AcrSch2Svc -
S2 TryAndDecideService -
S4 Iomega Activity Disk2 - ""
S4 Iomega App Services - "d:\progra~1\iomega\system32\appservices.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

All modules okay.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-10 14:21:00 366 --a------ D:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-02-08 19:03:02 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-06 23:00:04 502 --a------ D:\WINDOWS\Tasks\Tune-up Application Start.job


-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 09:55:44 50688 --a------ D:\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-02-09 17:04:10 0 d-------- D:\Program Files\SpywareBlaster
2008-02-09 17:03:07 0 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-09 14:49:59 10047 --a------ D:\WINDOWS\msvrc20.dll
2008-02-09 11:25:28 0 d-------- D:\Documents and Settings\Sheila Joy\DoctorWeb
2008-02-09 10:39:38 68096 --a------ D:\WINDOWS\system32\zip.exe
2008-02-09 10:39:38 98816 --a------ D:\WINDOWS\system32\sed.exe
2008-02-09 10:39:38 80412 --a------ D:\WINDOWS\system32\grep.exe
2008-02-09 10:39:38 73728 --a------ D:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-08 22:07:31 0 d-------- D:\Program Files\QuickTime
2008-02-08 22:07:12 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 19:04:10 0 d-------- D:\Documents and Settings\NetworkService\Application Data\Apple
2008-02-08 14:30:51 0 d-------- D:\WINDOWS\ERUNT
2008-02-08 10:27:30 0 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-08 10:27:27 0 d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-02-07 09:27:24 0 d-------- D:\Program Files\Lavasoft
2008-02-07 09:15:22 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 09:13:19 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 07:25:42 0 d-------- D:\WINDOWS\system32\ActiveScan
2008-02-04 22:48:05 0 d-------- D:\Program Files\Apple Software Update
2008-02-04 22:48:05 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple
2008-02-04 22:44:47 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Apple Computer
2008-02-04 20:42:55 0 d-------- D:\Program Files\Veoh Networks
2008-01-31 21:53:40 0 dr-h----- D:\Documents and Settings\Sheila Joy\Recent
2008-01-31 21:33:08 0 d-------- D:\Program Files\CCleaner
2008-01-30 20:23:49 0 d-------- D:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-30 15:50:16 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Grisoft
2008-01-30 15:47:24 0 d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 15:23:42 0 d-------- D:\VundoFix Backups
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\Templates
2008-01-30 14:37:52 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2008-01-30 14:37:52 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\Recent
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2008-01-30 14:37:52 2097152 --ah----- D:\Documents and Settings\Administrator\ntuser.dat
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2008-01-30 14:37:52 0 d-------- D:\Documents and Settings\Administrator\My Documents
2008-01-30 14:37:52 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2008-01-30 14:37:52 0 d-------- D:\Documents and Settings\Administrator\Favorites
2008-01-30 14:37:52 0 d-------- D:\Documents and Settings\Administrator\Desktop
2008-01-30 14:37:52 0 d--hs---- D:\Documents and Settings\Administrator\Cookies
2008-01-30 14:37:52 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2008-01-30 14:37:52 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-29 14:48:51 0 d-------- D:\Documents and Settings\All Users\Application Data\ATI
2008-01-29 14:39:41 593920 -----n--- D:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-01-29 14:31:16 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-01-29 14:25:54 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\INAC
2008-01-29 14:25:54 0 d-------- D:\Documents and Settings\All Users\Application Data\INAC
2008-01-29 14:15:03 0 d-------- D:\Program Files\ATI Technologies
2008-01-29 12:28:47 67645 --a------ D:\WINDOWS\system32\drivers\pshook11.sys <Not Verified; TrekBlue, LLC; Anti-Virus Engine>
2008-01-29 12:27:25 0 d-------- D:\Program Files\INAC
2008-01-29 11:19:32 0 d-------- D:\WINDOWS\system32\drivers\INFUpdate
2008-01-29 11:18:15 0 d-------- D:\WINDOWS\system32\drivers\IAA
2008-01-29 01:33:57 0 d-------- D:\Program Files\Microsoft Silverlight
2008-01-28 22:01:31 106496 --a------ D:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-01-28 22:00:59 26784 -----n--- D:\WINDOWS\system32\drivers\incdpass.sys <Not Verified; Ahead Software; InCD>
2008-01-28 22:00:59 85360 -----n--- D:\WINDOWS\system32\drivers\incdfs.sys
2008-01-28 22:00:57 0 d-------- D:\WINDOWS\InCD
2008-01-28 22:00:36 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\NeroVision
2008-01-28 21:59:00 89184 -----n--- D:\WINDOWS\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
2008-01-28 21:58:28 38912 --a------ D:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-01-28 21:58:26 155648 --a------ D:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-28 21:58:26 544768 --a------ D:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-01-28 21:58:26 569344 --a------ D:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-01-28 20:51:15 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Nero
2008-01-28 20:47:27 0 d-------- D:\Program Files\Common Files\Nero
2008-01-28 20:47:27 0 d-------- D:\Documents and Settings\All Users\Application Data\Nero
2008-01-28 15:24:59 0 d-------- D:\Program Files\CamStudio
2008-01-25 20:42:26 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Motive
2008-01-25 20:40:38 0 d-------- D:\WINDOWS\Motive
2008-01-25 20:31:26 0 d-------- D:\Documents and Settings\All Users\Application Data\Motive
2008-01-25 20:31:23 589824 --a------ D:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2008-01-25 20:31:15 0 d-------- D:\Program Files\Common Files\Motive
2008-01-24 20:13:23 0 d-------- D:\Fraps
2008-01-22 10:01:31 0 d-------- D:\L2blaze
2008-01-16 05:13:20 0 d-------- D:\l2tc
2008-01-15 21:36:13 0 d-------- D:\Program Files\KeyScrambler
2008-01-14 21:16:51 0 d-------- D:\WINDOWS\pss
2008-01-14 07:52:00 81920 --a------ D:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-10 05:21:08 18172 --a------ D:\WINDOWS\system32\pguard.dat
2008-01-10 05:21:08 335396 --a------ D:\WINDOWS\system32\pghash.dat
2008-01-10 05:17:05 106496 --a------ D:\WINDOWS\system32\procguard.dll
2008-01-10 05:17:05 24911 --a------ D:\WINDOWS\system32\drivers\procguard.sys
2008-01-10 05:17:04 0 d-------- D:\Program Files\ProcessGuard


-- Find3M Report ---------------------------------------------------------------

2008-02-10 14:57:36 4827950 --ah----- D:\Documents and Settings\Sheila Joy\Application Data\IconCache.db
2008-02-09 14:43:34 71296 --a------ D:\Documents and Settings\Sheila Joy\Application Data\GDIPFONTCACHEV1.DAT
2008-02-04 00:14:08 10752 --a------ D:\Documents and Settings\Sheila Joy\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-03 11:08:28 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2008-01-09 08:04:04 0 d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-09 07:16:56 0 --a------ D:\WINDOWS\ativpsrm.bin
2008-01-08 09:22:00 0 d-------- D:\Program Files\Hewlett-Packard
2008-01-08 09:21:16 0 d-------- D:\Program Files\HP
2008-01-08 03:20:32 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\PCHealth
2008-01-08 03:18:46 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\WinZip E-Mail Companion
2008-01-08 00:48:28 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\.BitTornado
2008-01-07 02:29:38 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Active Disk
2008-01-06 13:21:30 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Google
2008-01-06 01:17:52 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Sun
2008-01-05 21:01:48 24990 --a------ D:\WINDOWS\system32\VFP6RUN.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®>
2008-01-05 21:01:46 876032 --a------ D:\WINDOWS\system32\VFP6RENU.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®>
2008-01-05 21:01:46 3370256 --a------ D:\WINDOWS\system32\VFP6R.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual FoxPro®>
2008-01-05 12:19:30 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Business Logic
2008-01-05 12:04:48 0 d-------- D:\Program Files\WinZip E-Mail Companion
2008-01-05 10:30:28 147456 --a------ D:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-01-05 10:03:46 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\LimeWire
2008-01-05 10:02:06 0 d-------- D:\Program Files\Java
2008-01-05 10:00:56 0 d-------- D:\Program Files\Common Files\Java
2008-01-05 08:57:42 0 d-------- D:\Program Files\Common Files\Adobe
2008-01-02 06:59:26 0 d-------- D:\Program Files\Microsoft Works
2008-01-02 06:56:16 0 d-------- D:\Program Files\Microsoft.NET
2008-01-02 06:56:16 0 d-------- D:\Program Files\Common Files\ODBC
2008-01-02 06:51:30 0 d-------- D:\Program Files\Microsoft SQL Server
2008-01-02 06:48:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Microsoft Help
2008-01-01 20:55:46 0 d-------- D:\Program Files\MSXML 4.0
2008-01-01 09:27:28 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\atitray
2008-01-01 09:13:14 0 d-------- D:\Program Files\MultiRes
2007-12-29 12:41:18 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\CyberLink
2007-12-29 12:36:54 0 d-------- D:\Program Files\CyberLink
2007-12-29 11:24:24 0 d-------- D:\Program Files\Windows Media Components
2007-12-29 03:03:32 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\ATI
2007-12-29 03:01:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Steam
2007-12-29 02:52:40 0 d-------- D:\Program Files\Common Files\InstallShield
2007-12-28 10:04:42 0 d-------- D:\Program Files\Microsoft SQL Server Compact Edition
2007-12-28 09:55:42 0 d--hs---- D:\Program Files\Common Files\WindowsLiveInstaller
2007-12-28 09:55:14 0 d-------- D:\Program Files\Windows Live
2007-12-27 19:15:32 0 d--h----- D:\Program Files\InstallShield Installation Information
2007-12-27 19:15:18 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\InstallShield
2007-12-25 19:19:10 0 d-------- D:\Program Files\IObit
2007-12-25 07:19:46 0 d-------- D:\Program Files\Lineage II
2007-12-25 01:53:24 0 d-------- D:\Program Files\Yahoo!
2007-12-25 00:15:28 0 d-------- D:\Program Files\MSXML 6.0
2007-12-24 21:36:36 0 d-------- D:\Program Files\Download Manager
2007-12-24 21:36:08 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\IGN_DLM
2007-12-24 09:28:52 0 d-------- D:\Program Files\MSBuild
2007-12-24 09:21:02 0 d-------- D:\Program Files\Reference Assemblies
2007-12-24 09:11:02 0 d-------- D:\Program Files\Windows Media Connect 2
2007-12-24 07:18:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\MailFrontier
2007-12-24 00:15:20 0 d-------- D:\Program Files\microsoft frontpage
2007-12-24 00:13:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\WinRAR
2007-12-24 00:13:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\teamspeak2
2007-12-24 00:13:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\ApplicationHistory
2007-12-24 00:13:42 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Ahead
2007-12-24 00:13:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Macromedia
2007-12-24 00:13:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Identities
2007-12-24 00:13:40 0 d-------- D:\Documents and Settings\Sheila Joy\Application Data\Adobe
2007-12-24 00:11:36 208384 --a------ D:\WINDOWS\system32\migicons.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-24 00:08:32 0 d-------- D:\Program Files\Common Files\MSSoap
2007-12-24 00:07:14 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2007-12-24 00:06:32 0 d-------- D:\Program Files\Windows NT
2007-12-24 00:00:48 0 d-------- D:\Program Files\Common Files\SpeechEngines
2007-12-23 23:04:34 126714 ---h----- D:\WINDOWS\ShellIconCache
2007-12-23 22:24:58 0 d-------- D:\Program Files\Common Files\Ahead
2007-12-23 19:00:32 62 --ahs---- D:\Documents and Settings\Sheila Joy\Application Data\desktop.ini
2007-12-23 10:54:54 149 --a------ D:\WINDOWS\msrstr.dat
2007-12-23 09:49:38 1160 --a------ D:\Documents and Settings\Sheila Joy\Application Data\dw.log
2007-12-23 09:46:18 0 --a------ D:\WINDOWS\nsreg.dat
2007-12-23 06:54:34 0 d-------- D:\Program Files\Teamspeak2_RC2
2007-12-23 06:37:02 75 --a------ D:\Documents and Settings\Sheila Joy\Application Data\fusioncache.dat
2007-12-23 05:45:44 0 d-------- D:\Program Files\WindowsUpdate
2007-12-23 05:41:28 200736 -r-h----- D:\WINDOWS\HWINFO.DAT
2007-12-23 05:40:30 23357 ---h----- D:\Program Files\folder.htt
2007-12-23 05:40:30 271 ---hs---- D:\Program Files\desktop.ini
2007-12-23 05:38:44 6093 --ah----- D:\WINDOWS\ttfCache
2007-12-23 05:33:48 18939 --a------ D:\WINDOWS\SETVER.EXE
2007-12-23 05:32:26 0 d-------- D:\Program Files\MSN Gaming Zone
2007-12-23 05:29:44 0 d-------- D:\Program Files\Online Services
2007-12-23 05:20:46 0 d-------- D:\Program Files\Plus!
2007-12-23 05:20:46 0 d-------- D:\Program Files\Movie Maker
2007-12-23 05:20:46 0 d-------- D:\Program Files\Messenger
2007-12-23 05:20:46 0 d-------- D:\Program Files\Common Files
2007-12-23 05:20:46 0 d-------- D:\Program Files\Accessories
2007-11-29 16:50:20 4096 --a------ D:\WINDOWS\system32\sysres.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [03/14/2007 09:01 PM]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/2004 10:46 AM]
"!1_pgaccount"="D:\Program Files\ProcessGuard\pgaccount.exe" [01/20/2005 02:14 PM]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"!1_ProcessGuard_Startup"="D:\Program Files\ProcessGuard\procguard.exe" [01/20/2005 02:24 PM]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 12:55 PM]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
D:\Program Files\Iomega\AutoDisk\ADUserMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Zone Labs Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
D:\WINDOWS\SYSTEM32\updcrl.exe -e -u D:\WINDOWS\SYSTEM\verisignpub1.crl



-- End of Deckard's System Scanner: finished at 2008-02-10 15:11:46 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1400MHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023.48 MiB / 562.35 MiB
Pagefile Memory (total/avail): 2461.88 MiB / 2090.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.28 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 6.51 GiB total, 4.62 GiB free.
D: is Fixed (FAT32) - 93.14 GiB total, 73.09 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - WDC WD1000BB-00CAA0 - 93.16 GiB - 1 partition
\PARTITION0 - Unknown - 93.16 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD200EB-32CSF0 - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 6.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.462.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Sheila Joy\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=HOME2
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Sheila Joy
LOGONSERVER=\\HOME2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\COMMAND;D:\WINDOWS\system32\WBEM;"D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 0 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=000a
ProgramFiles=D:\Program Files
PROMPT=$p$g
QTJAVA=D:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\SHEILA~1\LOCALS~1\Temp
TMP=D:\DOCUME~1\SHEILA~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=HOME2
USERNAME=Sheila Joy
USERPROFILE=D:\Documents and Settings\Sheila Joy
winbootdir=D:\WINDOWS
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sheila Joy (admin)
Administrator.HOME1 (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "D:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Active Disk --> D:\WINDOWS\unvise32.exe D:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> D:\WINDOWS\SYSTEM32\MACROMED\FLASH\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Advanced WindowsCare 2.21 Professional --> "D:\Program Files\IObit\Advanced WindowsCare V2 Pro\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
DiamondCS ProcessGuard v3.150 --> "D:\Program Files\ProcessGuard\unins000.exe"
Download Manager 2.3.6 --> D:\Program Files\Download Manager\uninst.exe
Fraps (remove only) --> "D:\Fraps\uninstall.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HP Deskjet 3740 --> msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KeyScrambler --> D:\Program Files\KeyScrambler\uninstall.exe
Lineage II --> D:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "D:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial --> "D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultiRes (remove only) --> D:\Program Files\MultiRes\uninstal.exe
Panda ActiveScan --> D:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD Ultra --> "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Radeon Omega Drivers v3.8.421 Setup Files and Tools --> "D:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe" "/U:D:\Program Files\Radeon Omega Drivers\v3.8.421\Omega Uninstall.xml"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "D:\Program Files\SpywareBlaster\unins000.exe"
TeamSpeak 2 RC2 --> "D:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
VeohTV BETA --> D:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
Windows Imaging Component --> "D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WinZip E-Mail Companion --> "D:\Program Files\WinZip E-Mail Companion\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> D:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
ZoneAlarm Security Suite --> D:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2021 / Warning
Event Submitted/Written: 02/10/2008 02:59:12 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type2020 / Warning
Event Submitted/Written: 02/10/2008 02:59:12 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type2004 / Warning
Event Submitted/Written: 02/10/2008 02:44:23 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type2003 / Warning
Event Submitted/Written: 02/10/2008 02:44:23 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type1998 / Warning
Event Submitted/Written: 02/10/2008 02:39:24 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2145 / Error
Event Submitted/Written: 02/10/2008 02:59:51 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
atitray

Event Record #/Type2144 / Error
Event Submitted/Written: 02/10/2008 02:59:51 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Iomega Active Disk service depends on the Iomega App Services service which failed to start because of the following error:
%%1058

Event Record #/Type2143 / Error
Event Submitted/Written: 02/10/2008 02:59:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TryAndDecideService service failed to start due to the following error:
%%3

Event Record #/Type2142 / Error
Event Submitted/Written: 02/10/2008 02:59:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AcrSch2Svc service failed to start due to the following error:
%%3

Event Record #/Type2140 / Error
Event Submitted/Written: 02/10/2008 02:58:34 PM / 02/10/2008 02:59:05 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type



-- End of Deckard's System Scanner: finished at 2008-02-10 15:11:46 ------------


Still getting redirected to same site as before
  • 0

#21
Rorschach112
Posted 10 February 2008 - 02:22 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

So you only get redirected when you go to this site http://www.l2-thecon...d.com/main.html and click on the hopzone button ?

It doesn't happen any other time ?
  • 0

#22
Charis1973
Posted 10 February 2008 - 02:29 PM

Charis1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
No it happens when ever i go to vote for a server on hopzone i have tried several sites that have buttons to vote for their server on hopzone and it always sends me to the same site. I have even tryed just typeing in the link for the vote site and still it redirects me to dodouble.

Im not the only one who has this problem several of my friends who play L2 on this server get the same redirect.

Any other site i can bring up just fine.
  • 0

#23
Rorschach112
Posted 10 February 2008 - 02:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok well this is a problem with the site, not malware related so there is nothing I can do

This probably won't work but try anyway

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


If it doesn't then there is nothing we can do unfortunately
  • 0

#24
Charis1973
Posted 10 February 2008 - 02:48 PM

Charis1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Well Rorschach112 it didn't work but I would still like to thank you for all your time. And hey atleast we did get rid of some of the harmful things on my pc some i didn't even know they were there. Plus now its running alot faster than it did before. I am beginning to think that the vote buttons may just be gliched or corrupt and need to be replaced.

Again thanks for all your effort in helping me I do really appericate it.


Charis 1973
  • 0

#25
Rorschach112
Posted 10 February 2008 - 03:00 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sorry bout that, just need to do a few things

Run WinPFind35U, click Cleanup! at the top and accept any prompts


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

Advertisements

#26
Charis1973
Posted 15 February 2008 - 12:11 AM

Charis1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Just wanted to post a quick update with spywareguard i am finally able to vote for my server again thanks so much

Charis1973
  • 0

#27
Rorschach112
Posted 15 February 2008 - 07:20 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP