LandzDown Forum

Miscellaneous => Suggestions and Site Feedback => Topic started by: Niecarrah on January 04, 2008, 01:56:16 AM

Title: We Need A Dumb Questions Section
Post by: Niecarrah on January 04, 2008, 01:56:16 AM
The other day I noticed a toolbar, in it reads:  http://www.infopacket...  Checking it out on Google it is some component to Outlook Express?  Upon clicking on it:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2Finfopacket.png&hash=08b372b3e7225f92a09fe457741275e0)
It is a toolbar without a entry in view.  It takes up web page space and I don't want it!
The day I plugged my new computer in, I removed anything I could, that had to do with Outlook Express!  :smash:
Anyone have any insight here?
Have I been infected?  :help: Or is this just a dumb question?
.liutilities.com/products/campaigns/affiliate/general/sp/   Uniblue?  Uniblue Systems Limited
Can't find anything a Site Advisor?
Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 04, 2008, 11:52:26 AM
Hey Niecarrah   :breakkie:

uniblue.com and liutilities.com are rated legit/green by McAfee SiteAdvisor > http://www.siteadvisor.com/sites/uniblue.com

SpeedUpMyPC3 looks to be a software utility program sold by Uniblue for $40 > http://www.liutilities.com/products/speedupmypc/

Are you saying you just got a new PC and this program is already installed, and there is a toolbar in your browser to access it?
I cannot see why this product would have any connection to Outlook Express, an email client from Microsoft.
My guess, if this is a new PC, is that it is a pre-installed trial software by the computer manufacturer.

Is there no uninstall option in Add/Remove for it?

Does a search on your computer for speedupmypc.exe bring up anything?

If you don't want it, not sure how you got it, and haven't been successful in removing it...I wouldn't place that in the dumb questions category.  We don't have a "Dumb Questions Section" at LandzDown because there are no dumb questions...
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 04, 2008, 12:30:45 PM
Hi, Niecarrah.  That URL pulls a 404 for me.  How about a HijackThis log and we'll take a peek.  In the meantime, do not click on that Instant Scan button 'cause ya just never know!  Please download HijackThis© from one of the following sites:  Note:  If you have used any anti-spyware applications, please shutdown/restart the computer before scanning with HijackThis©. 

At the download prompt, choose "Save" 
 
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 05, 2008, 01:36:36 AM
I will not press the button!  I must know where things came from and why and if I did it before I press buttons!  Although somewhere along the line I must have?  I have no explanation for this toolbar.  Unless perhaps it is from that Christmas card from my Aunt?  The 123 Greetings thingy?  I knew it was some kind of registry thingy?

@Ripley 
Are you saying you just got a new PC and this program is already installed, and there is a toolbar in your browser to access it?
No this is not a bundle software, my computer is older now.  I simply meant when it was new, sorry.
 I cannot locate it in A/R?  So....
My HJT Log to follow soon. :thanks:
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 05, 2008, 03:00:42 AM
Corrine here it is:  My guess is Toolbar no name?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:50 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HiJackThis.exe
C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Deborah Aungst
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ScriptSentry] C:\Program Files\Script Sentry\ScriptSentry.exe /check
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe
O4 - Global Startup: Comodo AntiSpam.lnk = C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162680397843
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166031567000
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10352 bytes
Title: Re: We Need A Dumb Questions Section
Post by: Vietnam Vet on January 05, 2008, 04:33:44 AM
Hello Niecarrah,

While you are waiting for Corrine, just a little bit of info for you.

Quote
My guess is Toolbar no name?
That toolbar entry is related to ImageShack Toolbar which is considered legit. Ring a bell?
http://www.castlecops.com/tk30171-ImageShack_Toolbar.html

You do have at least a couple of activex entries that are questionable(listed in IESpyAds restricted sites).

No suggestions from me, wait for Corrine's reply.
Best wishes,
VV
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 05, 2008, 12:26:16 PM
Hi, Deb.  Let's start here and if this doesn't work, we'll take a look with WinPatrol.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following and press "Fix Checked":

O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cabO16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -


Please download ATF Cleaner by Atribune from http://www.atribune.org/content/view/25/2/ (http://www.atribune.org/content/view/25/2/) .  Save it to your Desktop.

Run ATF Cleaner
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 05, 2008, 03:44:30 PM
Well Corrine...it is bad news!  I followed you instructions to the letter and the pesky thing is still here!
Now what?  :help:
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 05, 2008, 03:59:41 PM
Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
[/list]
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 05, 2008, 04:49:34 PM
Deckard's System Scanner v20071014.68
Run by Deborah Aungst on 2008-01-05 13:10:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
73: 2008-01-05 18:11:11 UTC - RP261 - Deckard's System Scanner Restore Point
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M CPU        410  @ 1.46GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 446.04 MiB / 77.41 MiB
Pagefile Memory (total/avail): 1054.61 MiB / 536.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.21 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 46.59 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD600BEAS-00KZT0 - 55.89 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: avast! antivirus 4.7.1098 [VPS 080104-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Deborah Aungst\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THESPROULTAVERN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Deborah Aungst
LOGONSERVER=\\THESPROULTAVERN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Bitvise Tunnelier
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp
USERDOMAIN=THESPROULTAVERN
USERNAME=Deborah Aungst
USERPROFILE=C:\Documents and Settings\Deborah Aungst
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Deborah Aungst (admin)
The Sproul Tavern (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1st Free Solitaire 1.6 --> "C:\Program Files\1st Free Solitaire\unins000.exe"
a-squared Free 2.1 --> "C:\Program Files\a-squared Free\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{FA065AE3-3D12-43C6-9986-734833E33481}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Beehive Solitaire 1.02 --> "C:\Program Files\NZP\Beehive Solitaire\uninstall.exe"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Colorizer 1.0.0.1 --> C:\PROGRA~1\COLORI~1\UNWISE.EXE C:\PROGRA~1\COLORI~1\INSTALL.LOG
Common Sense Calendar --> "C:\Program Files\Common Sense Calendar\Common Sense Calendar.exe" -u
Comodo AntiSpam Desktop Edition 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7C6BBE85-38E8-4007-B35B-259C56FB9EE8}
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Free Spider --> C:\PROGRA~1\FREESP~1\UNWISE.EXE C:\PROGRA~1\FREESP~1\INSTALL.LOG
GalleryPlayer Images --> C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
Google Pack Screensaver --> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6\uninstaller.exe"
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HyperLoad - Golf Range --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0172B82-9ED5-4C9F-8939-C0794BFBB297}\setup.exe" -l0x9  -uninst  -removeonly
HyperLoad - Mah Jongg --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98ED2AE5-800B-4CAA-B43C-0856FF4619D4}\setup.exe" -l0x9  -uninst  -removeonly
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lucky 13 Card Solitaire 1.01 --> "C:\Program Files\NZP\Lucky 13 Card Solitaire\uninstall.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.11) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9  -removeonly
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.EXE" -l0x9 REMOVE
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Script Sentry --> C:\Program Files\Script Sentry\uninstall.exe
Secunia PSI (BETA) --> MsiExec.exe /X{0A4DF5B0-983C-4691-9D4A-9FD1D4B2A69F}
SnagIt 7 --> MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sun Download Manager 2.0 (web) --> C:\WINDOWS\system32\javaws.exe -uninstall "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinPatrol 2007 Restore/Remove First --> C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe -remove
WinPatrol 2007 Step 2 --> MsiExec.exe /X{736CE9DD-F589-485B-ACFF-78C235A57066}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type3687 / Error
Event Submitted/Written: 01/05/2008 01:13:24 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type3685 / Warning
Event Submitted/Written: 01/05/2008 11:33:26 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}'

Event Record #/Type3684 / Warning
Event Submitted/Written: 01/05/2008 11:33:26 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main', component '{754DC844-047B-4AD7-ACD0-4CC04383D7A6}' failed.  The resource 'C:\Program Files\ATI Technologies\ATI.ACE\dsktop.shr' does not exist.

Event Record #/Type3682 / Warning
Event Submitted/Written: 01/05/2008 11:33:18 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}'

Event Record #/Type3681 / Warning
Event Submitted/Written: 01/05/2008 11:33:18 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main', component '{754DC844-047B-4AD7-ACD0-4CC04383D7A6}' failed.  The resource 'C:\Program Files\ATI Technologies\ATI.ACE\dsktop.shr' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type44043 / Error
Event Submitted/Written: 01/05/2008 11:25:35 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TuneUp Theme Extension service depends on the Themes service which failed to start because of the following error:
%%1058

Event Record #/Type44020 / Warning
Event Submitted/Written: 01/05/2008 11:18:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow.

For more information please see the following:
%THESPROULTAVERN275

   Scan ID: {37880161-3F1A-47F1-AE1A-3C2F822C8D33}

   User: THESPROULTAVERN\Deborah Aungst

   Name: %THESPROULTAVERN271

   ID: %THESPROULTAVERN272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %THESPROULTAVERN276

   Alert Type: %THESPROULTAVERN278

   Detection Type: 1.1.1593.02

Event Record #/Type44019 / Warning
Event Submitted/Written: 01/05/2008 11:18:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow.

For more information please see the following:
%THESPROULTAVERN275

   Scan ID: {CFEB27DA-BAEC-49C2-8275-E24A1CD5EC12}

   User: THESPROULTAVERN\Deborah Aungst

   Name: %THESPROULTAVERN271

   ID: %THESPROULTAVERN272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %THESPROULTAVERN276

   Alert Type: %THESPROULTAVERN278

   Detection Type: 1.1.1593.02

Event Record #/Type44018 / Warning
Event Submitted/Written: 01/05/2008 11:18:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow.

For more information please see the following:
%THESPROULTAVERN275

   Scan ID: {753B5976-7D97-4B32-B7A0-66113F4C60C9}

   User: THESPROULTAVERN\Deborah Aungst

   Name: %THESPROULTAVERN271

   ID: %THESPROULTAVERN272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %THESPROULTAVERN276

   Alert Type: %THESPROULTAVERN278

   Detection Type: 1.1.1593.02

Event Record #/Type44017 / Warning
Event Submitted/Written: 01/05/2008 11:18:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow.

For more information please see the following:
%THESPROULTAVERN275

   Scan ID: {3A359871-135F-41B3-972C-E8D45048EEEA}

   User: THESPROULTAVERN\Deborah Aungst

   Name: %THESPROULTAVERN271

   ID: %THESPROULTAVERN272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %THESPROULTAVERN276

   Alert Type: %THESPROULTAVERN278

   Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-01-05 13:14:46 ------------

72: 2008-01-05 00:10:18 UTC - RP260 - Software Distribution Service 3.0
71: 2008-01-04 17:39:19 UTC - RP259 - System Checkpoint
70: 2008-01-03 08:48:14 UTC - RP258 - System Checkpoint
69: 2008-01-02 07:48:11 UTC - RP257 - System Checkpoint


-- First Restore Point --
1: 2007-10-07 21:36:57 UTC - RP189 - Installed Security Update for QuickTime 7.2


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Deborah Aungst.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:15 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe
C:\Program Files\Secunia\PSI (BETA)\PSI.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\dss.exe
C:\DOCUME~1\DEBORA~1\MYDOCU~1\DOWNLO~1\Deborah Aungst.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Deborah Aungst
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ScriptSentry] C:\Program Files\Script Sentry\ScriptSentry.exe /check
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe
O4 - Global Startup: Comodo AntiSpam.lnk = C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162680397843
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166031567000
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{301F0FB4-180F-481E-864B-5DA1F2001D12}: NameServer = 65.196.203.193 65.196.203.194
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11003 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\DEBORA~1\MYDOCU~1\DOWNLO~1\backups\) --

backup-20070316-203414-145 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
backup-20070316-203414-241 O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
backup-20070316-203414-535 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
backup-20070316-203414-846 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
backup-20070316-203414-875 O15 - Trusted Zone: http://toolbar.imageshack.us
backup-20070316-203414-878 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
backup-20070327-013344-414 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
backup-20070327-013344-469 O2 - BHO: (no name) - rsion - (no file)
backup-20070327-013344-634 O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
backup-20080105-110142-648 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
backup-20080105-110142-730 O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file)
backup-20080105-110144-518 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cab
backup-20080105-110144-783 O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
backup-20080105-110145-298 O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
.reg - regfile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
.vbs - VBSFile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 O2Flash (O2Micro Flash Memory) - c:\windows\system32\o2flash.exe
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\4000388C30D41
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\4000388C30D41
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-01-05 11:28:10       330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-04 17:15:00       408 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-09-06 19:23:59       258 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job


-- Files created between 2007-12-05 and 2008-01-05 -----------------------------

2008-01-05 11:31:19         0 dr-h----- C:\Documents and Settings\Deborah Aungst\Recent
2008-01-05 09:06:30         0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-01-05 09:06:30         0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-05 09:05:20         0 d-------- C:\Program Files\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-30 09:58:32         0 d-------- C:\Program Files\Trustix
2007-12-30 08:39:51         0 d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2007-12-30 07:53:50         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Comodo
2007-12-30 07:53:45         0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-30 07:53:42         0 d-------- C:\Program Files\COMODO
2007-12-30 07:13:39         0 d-------- C:\Program Files\TechSmith
2007-12-29 21:32:59         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 13:03:44         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\AVG7
2007-12-28 13:03:30         0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-28 12:14:01         0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-27 16:03:08         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6
2007-12-20 00:31:49         0 d-------- C:\Program Files\Windows Live Safety Center


-- Find3M Report ---------------------------------------------------------------

2008-01-04 20:10:46         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\1st Free Solitaire
2008-01-04 11:42:51         0 d-------- C:\Program Files\a-squared Free
2007-12-29 21:32:59         0 d-------- C:\Program Files\Common Files
2007-12-27 21:00:56         0 d-------- C:\Program Files\SmileyPad
2007-12-27 20:59:03         0 d-------- C:\Program Files\Coupons
2007-12-27 20:57:33         0 d-------- C:\Program Files\Apple Software Update
2007-12-26 20:59:37         0 d-------- C:\Program Files\SpywareBlaster
2007-12-24 12:35:56         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Adobe
2007-12-24 12:34:28      8464 --a------ C:\WINDOWS\mozver.dat
2007-12-16 00:25:32         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Free Spider TreeCardGames
2007-11-26 08:48:50         0 d-------- C:\Program Files\Panda Security
2007-11-05 23:41:54         0 d-------- C:\Program Files\CCleaner
2007-10-11 09:55:10     88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-10-09 12:58:20     16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [02/27/2006 04:28 AM C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [10/26/2007 11:06 AM]
"ScriptSentry"="C:\Program Files\Script Sentry\ScriptSentry.exe" [07/04/2002 07:44 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/28/2007 11:09 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [12/30/2007 07:53 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [12/04/2007 04:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 04:43 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 03:46 PM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [11/22/2007 11:10 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Deborah Aungst\Start Menu\Programs\Startup\
Secunia PSI (BETA).lnk - C:\Program Files\Secunia\PSI (BETA)\PSI.exe [9/11/2007 7:55:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Comodo AntiSpam.lnk - C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe [8/2/2005 11:48:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoSharedDocuments"=00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pennswoods.net Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pennswoods.net Web Accelerator.lnk
backup=C:\WINDOWS\pss\Pennswoods.net Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"C:\Program Files\SlipStream Web Accelerator\slipcore.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XOSD]
C:\Program Files\XOSD\XOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Common Sense Calendar"="C:\Program Files\Common Sense Calendar\Common Sense Calendar.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ   CtServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1   babe.the-killer.bz
127.0.0.1   www.babe.the-killer.bz
127.0.0.1   babe.k-lined.com
127.0.0.1   www.babe.k-lined.com
127.0.0.1   did.i-used.cc
127.0.0.1   www.did.i-used.cc
127.0.0.1   coolwwwsearch.com
127.0.0.1   www.coolwwwsearch.com
127.0.0.1   hi.studioaperto.net
127.0.0.1   www.hi.studioaperto.net

7829 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-05 13:14:46 ------------

Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 05, 2008, 05:51:25 PM
It appears you have two firewalls enabled, the Windows Internal Firewall and COMODO.  You need to disable one of them, preferably the Windows Internal Firewall since you are operating Windows XP:

Windows Internal Firewall is enabled.
FW: COMODO Firewall Pro v3.0 (COMODO)


Quote
Real-Time Protection agent has detected changes.
I should have told you to disable real-time protection first.   Let's see if this makes a difference. 

Disable Teatimer
First step:Second step, For Either Version :AVG Anti-Spyware WinPatrol

Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot.

Windows Defender Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following and press "Fix Checked":

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cabO16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 05, 2008, 09:53:39 PM
Eeks! On the firewall   :smash: but I had trouble with my download and had already terminated my Old Firewall, then had to go back and try another link for Comodo.  So I figured Windows firewall was better than none when I had to go back on line?  Then I simply forgot to turn it off! :thanks:

Before I ran Deckard's I had disable all my protections.  But I did them as you instructed this time...and that freakin' thing is still there!!!  Although the things we cleared appear to be gone this time.
But this, this is still here!(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2Fstupidthing.png&hash=42a4f548613127c34d4290478a3c8967)

Thank You Corine for all the googling you probably had to do for me!
I'll keep poking around for answers?  :hug:  CRAZY?
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 05, 2008, 11:16:05 PM
If you look at the files created in the past month, there doesn't seem to be anything out of the ordinary.  The only "if-y" files are C:\Program Files\SmileyPad and C:\Program Files\Coupons.

2008-01-05 11:31:19         0 dr-h----- C:\Documents and Settings\Deborah Aungst\Recent
2008-01-05 09:06:30         0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-01-05 09:06:30         0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-05 09:05:20         0 d-------- C:\Program Files\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-30 09:58:32         0 d-------- C:\Program Files\Trustix
2007-12-30 08:39:51         0 d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2007-12-30 07:53:50         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Comodo
2007-12-30 07:53:45         0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-30 07:53:42         0 d-------- C:\Program Files\COMODO
2007-12-30 07:13:39         0 d-------- C:\Program Files\TechSmith
2007-12-29 21:32:59         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 13:03:44         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\AVG7
2007-12-28 13:03:30         0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-28 12:14:01         0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-27 16:03:08         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6
2007-12-20 00:31:49         0 d-------- C:\Program Files\Windows Live Safety Center

Since you use IE7, Click Tools > Manage Add-Ons  > Enable/Disable Add-Ons
Look at "Add-ons Currently Loaded in Internet Explorer" for anything unfamiliar or possibly (with luck) a name like InfoPacket.

If nothing there, I'd like to see a screen copy that includes not just the "toolbar" but the toolbar "in situ" on your browser.  I want to see how it "fits in".  Is it part of the Links toolbar? 
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 05, 2008, 11:20:09 PM
While you're at it, launch WinPatrol and take a look at IE Helpers and Startup
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 06, 2008, 05:01:43 AM
You know I hardly ever use IE!  Only to update Windows/Microsoft and a few other things that don't work proper on Firefox!
And now in checking...guess what it is only on Firefox!  I could not locate it on IE?
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 06, 2008, 11:42:07 AM
If it is on the bookmarks toolbar, right-click and select delete.  If that doesn't work, I would like to see a screen copy.  I've been looking for an IE hijack, not FF. 
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 08, 2008, 03:39:33 AM
Corrine, sorry it took so long, but I have been searching in every nook and cranny for how I got this? And what it is, but to no avail.
I've been looking too long, maybe I can't see anymore?
I had taken a close look at all my bookmarks before I even brought this to light? Here is as much detail I can provide:
http://www.liutilities.com/products/campaigns/affiliate/general/sp/  This is the complete addy.  And this is a screen shot with mouse over.
I HOPE THIS HELPS, IT IS MAKING ME CRAZY!  :tease:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2FPeskyThingy-1.png&hash=88ed576eed4213eea1ac526c439a99fe) 
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2FMSLOGO.gif&hash=ef11af3753fd360858ecd3c1050dc174) This is on the website if I go to the www.liutilities.com
The site appears legit.

In the mouse over:  http://www.infopackets.com/cgi-bin/click.cgi?id=310       ?
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 08, 2008, 11:09:25 AM
Right-click on (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2Fstupidthing.png&hash=42a4f548613127c34d4290478a3c8967) and select delete.  Next, right-click in the space to the right of "Help".  You should see a check mark next to Navigation Toolbar which is likely where the Yahoo and other shortcuts are located.  I believe if you UNcheck next to the Bookmarks Toolbar, the blank line will be gone, after deleting the bookmark for infopackets.

Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 08, 2008, 01:40:59 PM
  :thanks: :thanks:  :gwave: GO CORRINE!!!!! :gwave:   :oops: Yes that very simple thing took it away!   :(  But my Google Toolbar is gone also!!  Any fix for that?  Other than deal with a blank line? I can't do without my Google ! But you are my hero!   :gwave: :gwave:  That is one draw back of FF, you can't move and scrunch the toolbars around.    :smash:   Any insight as to why it suddenly appeared?
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 08, 2008, 03:41:34 PM
Don't know why it appeared but you may want to do a search for infopacket and delete it if it is found as a URL.  Could be the Bookmarks toolbar is where the Google thing goes.  I have no clue as I don't like toolbars cluttering my screen space.  Deleting the bookmark may have done the trick so see what happens when you right-click in the space to the right of "Help" and put a check-mark by the Bookmarks Toolbar.
Quote
That is one draw back of FF, you can't move and scrunch the toolbars around.
You most certainly can!!!  I have the top two "lines" in your screen copy combined in one row with File, Edit, View, etc. and the Address bar all together.  The next "line" is the Bookmarks Toolbar where I have bookmark folders and shortcuts. 
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 08, 2008, 09:49:23 PM
Now that I'm home, I can show you my one-line menu bar.  I use Tab Mix Plus which allows me to have the open tabs at the bottom of the screen (Display > Tab Bar > Bottom).  With Tiny Menu, I can consolidate the various menu options that I don't use regularly under "Menu" (and I can use keyboard commands to access the options). 

You'll see in the image that I expanded the bookmark folder labeled "1".  That is what is opened first.  Then I open other tabs from Folder "2" or from other folders.  Because I've used this system for so many years, I have no problem remembering what other bookmark folder will have what I'm looking for.  As you can see in the image, I have around 20 tabs open at the moment, although a bunch will be closed and other opened.  Yes, I can keep track of what is where primarily with the Favicons but could also refer to the drop-down arrow ("display as a list" option in TabMix Plus) next to the address bar.

I'm currently using the Liquifox Theme:  https://addons.mozilla.org/en-US/firefox/search?q=liquifox&status=4
Tiny Menu:  https://addons.mozilla.org/en-US/firefox/addon/1455

(Ok, time to restart my computer and get the Security Updates installed. :) )

[attachment deleted by admin]
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 09, 2008, 01:50:04 AM
When I came over from 98SE and briefly 2000(I gave up to a college student that needed a puter)XP was very different.  But after you said you could scrunch toolbars on FF, I did some poking around.   :oops: And guess what, I found how it works!  I have never really done much poking around, looking for things and how they work.  If it isn't obvious, oh well.  What a dumb a$$ I have been!!  I have my toolbars on IE, somewhat like you have.  I like them together also.  But your system seems a mystery to me, I am glad you know what your doing cause I would be lost!  Once again THANK YOU Corrine, for having the patience to deal with this dummy! I am glad to be rid of that toolbar and never looked beyond my big nose as to how it worked. Looked for the obvious, didn't see it, and thought I'd just have to learn to deal with all that space being eaten or deal without my toolbars? Dah, what a genius huh? And I take car of others puters...Scary isn't it? But I am more into security, scans, removal, and protections in general. I was trying to make something so simple too hard I guess?   This whole thing was a fiasco, but as Ripley says,  I've learned somethings through this pesky thingy.  It is gone, the toolbar is gone and my toolbar that is left is perfect! I dropped and dragged it till it suited me just fine, thanks to you!   You are a wonderful teacher and I think hanging around at Landzdown will broaden my horizons further!   So you guys are stuck with me!  And you dear lady, you are a pretty special gal! :rose: No wonder the awards!!!!  :rose:
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 09, 2008, 02:12:56 AM
@ Corrine,  BTW did a search on infopackets...only turned up the images I saved to use for you!  Good News! :gwave:
Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 12, 2008, 03:48:23 PM
For what it's worth, I searched my Fx bookmarks & found Infopacket as well.  It was a Windows Newsletter I had saved some time back: http://www.infopackets.com/
If you go there & hoover over the speedmypc advertisement, the url you had, will display in the lower left corner of your browser.  Now HOW you got the ad url in your Bookmarks Folder is a mystery to me too.  Maybe the Newsletter "subscribe" page will jog a past memory.

I haven't used the GoogleToolbar, but it appears to have "3 or 4 custom layout"" options.  Maybe when you uncked the bkmrks toolbar in Fx, you had the option of "Replace Firefox search box and hide Toolbar" cked in the Google toolbar preferences...it seems odd that deleting one url, & toggling the Fx Bookmarks Toolbar would remove the Google Toolbar.
One difference I see, bookmarks stored in Fx are saved locally on your puter...the ones saved thru GoogleToolbar are saved online at Google.

If you want to troubleshoot to get it back try Toolbar for Firefox Help Center (http://www.google.com/support/firefox/) and Google Toolbar for Firefox Help group (http://groups.google.com/group/FFToolbar-Group).  But an uninstall, clean re-install might be a quicker option.
Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 12, 2008, 04:07:37 PM
TIP:
In the default, native Fx browser, starting at the top, (also referred to in Mozilla speak as the "Chrome"):
Title bar
Menu bar
Navigation Toolbar
Bookmarks Toolbar <The only items that display here are urls/bookmarks saved in the Bookmarks Toolbar Folder (Links Folder on IE), which is where that infopackets seemed to be displaying.

The latter 2 can be toggled "off" any time thru "View."  Also, as you found out by "customize", (http://support.mozilla.com/kb/How+to+customize+the+toolbar) you can move the location (address) bar & search window up one level, change the size of the icons, drag/drop buttons, etc.  If you get in trouble, push the "Restore Default Set" option & start over.

I haven't use Firefox that long, but the first thing I started doing, after getting familiar with NoScript, was "editting the chrome" (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fartists%2Fmini%2Fconnie_mini_girlspin.gif&hash=81d5c95367b8a290054cc231b1d2a263)  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fartists%2Fconnie%2Fconnie_nutzo.gif&hash=1de4c20d12beaf7469e2a9d5cd32fa03)
Quickly sorted out that I should spend some time on learning how to Backup Your Profile  (http://support.mozilla.com/kb/Backing+up+your+information) and creating a new profile for those sort of things.  I curtailed my exuberance, & spent more time just learning the options in Fx w/o add-ons/toolbars, themes, etc, so I could be better informed on what I needed/wanted to customize.

In addition to the customizations Corrine shares, this article might be of interest.  Not so much for the advanced "edits" you can do, but the discussion in the comments section, some including screenshots for more ideas.  It's written for and by "powerusers" > http://lifehacker.com/software/firefox/geek-to-live-consolidate-firefoxs-chrome-210542.php

I have attached screenies with no "extras"/Fx add-ons/themes, w/ the exception of Personas  (http://labs.mozilla.com/2007/12/personas-for-firefox/)which is a foo-foo thing...adds backgrnd pics to the chrome. 
First is the customize mode showing where "spaces" can be added & moved areas, and the final look.

Bookmark favicons> Photobucket, Webmail, Gmail, LzD Chat, Lzd, Folder (similar links in drop down list) Weather, News, Scuba as examples.

[attachment deleted by admin]
Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 12, 2008, 04:15:35 PM
@Corrine, hummm, that your browser setup "in situ"?  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fhe_and_she%2Fgirl_to_take_umbrage.gif&hash=3c1c6a46a9dfe2ac98ee09f2f5be0e04)

I guess I have got a ways to go  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fhe_and_she%2Fgirl_to_take_umbrage2.gif&hash=b7f366cb371ab2510506107a9eafe3b4)

I get a hotflash just looking at that geeky looking browser masterpiece  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fuser%2FVala_16.gif&hash=e12135975c33d3e86175bf62b14192fb)   (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fartists%2Fmini%2Fconnie_mini_girlwinky.gif&hash=5622a7d674f3619eae61b372d2c1c017)

I am still sorting navigation/productivity tips.

Impressive indeed. 
I have looked at Tiny Menu, but just got interested in this Tab Mix Plus looking at your screenie...tabs at the bottom has some possiblities.
I just recently convinced the last family member to update to IE7 from 6.  It was a 3.5 hr process (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi71.photobucket.com%2Falbums%2Fi152%2Fripley2006%2F0e963f99.gif&hash=3ea85b7b2e244171188c7b0c90c3be59) that finally completed successfully.  I mentioned this new feature of tabbed browsing, and "you can have 20 tabs open at once."  Their response? 
"WHY would you want 20 open at the same time?"

Thanks.   A picture is worth a thousand words.
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 12, 2008, 05:50:45 PM
@Corrine, hummm, that your browser setup "in situ"
Yup, that was taken in situ.  I haven't made any changes to it in a long time but if I opted for more info in the one-line custom toolbar, I'd quickly dump search since I can select/right-click search and have a couple of search add-ons that I use.
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 13, 2008, 07:50:40 PM
Hey Ripley,  :thanks: for all the info., I will digest it slowly and let you know how it goes.

     (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2FMy%2520Favs%2FMySiggy-1.jpg&hash=552cce7c7bfc9d910b218f84b7fa28de)  Niecarrah

P.S.  I am in total  agreeance with you and Corrine's' "Creation", it scares me!   :hysterical:  But she is a whiz!  :rose:
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 13, 2008, 10:13:28 PM
All the better to have as much screen space as possible to keep a watchful eye on you two.  :lol: 
Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 13, 2008, 10:53:35 PM
Living and learning Niecarrah, that's my motto.

Quote from: Corrine
All the better to have as much screen space as possible to keep a watchful eye on you two.
                     (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi71.photobucket.com%2Falbums%2Fi152%2Fripley2006%2F8f45658f.gif&hash=d10746e408af455a46263609ad4d66c8)