# LandzDown Forum

## Miscellaneous => Suggestions and Site Feedback => Topic started by: Niecarrah on January 04, 2008, 01:56:16 AM

Title: We Need A Dumb Questions Section
Post by: Niecarrah on January 04, 2008, 01:56:16 AM
The other day I noticed a toolbar, in it reads:  http://www.infopacket...  Checking it out on Google it is some component to Outlook Express?  Upon clicking on it:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2Finfopacket.png&hash=ccb6820f82cb5e04fca598f35c1ba4cf56169a6c)
It is a toolbar without a entry in view.  It takes up web page space and I don't want it!
The day I plugged my new computer in, I removed anything I could, that had to do with Outlook Express!  :smash:
Anyone have any insight here?
Have I been infected?  :help: Or is this just a dumb question?
.liutilities.com/products/campaigns/affiliate/general/sp/   Uniblue?  Uniblue Systems Limited
Can't find anything a Site Advisor?
Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 04, 2008, 11:52:26 AM
Hey Niecarrah   :breakkie:

SpeedUpMyPC3 looks to be a software utility program sold by Uniblue for $40 > http://www.liutilities.com/products/speedupmypc/ Are you saying you just got a new PC and this program is already installed, and there is a toolbar in your browser to access it? I cannot see why this product would have any connection to Outlook Express, an email client from Microsoft. My guess, if this is a new PC, is that it is a pre-installed trial software by the computer manufacturer. Is there no uninstall option in Add/Remove for it? Does a search on your computer for speedupmypc.exe bring up anything? If you don't want it, not sure how you got it, and haven't been successful in removing it...I wouldn't place that in the dumb questions category. We don't have a "Dumb Questions Section" at LandzDown because there are no dumb questions... Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 04, 2008, 12:30:45 PM Hi, Niecarrah. That URL pulls a 404 for me. How about a HijackThis log and we'll take a peek. In the meantime, do not click on that Instant Scan button 'cause ya just never know! Please download HijackThis© from one of the following sites: • http://downloads.malwareremoval.com/HJTInstall.exe • http://aumha.org/downloads/hijackthis.exe • http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe Note: If you have used any anti-spyware applications, please shutdown/restart the computer before scanning with HijackThis©. At the download prompt, choose "Save" • Navigate to the saved file and double-click the installer, HJTsetup.exe • By default, HijackThis© will be installed on your computer at C:\Program Files\Trend Micro\HijackThis, making an entry in the Start menu and also providing a Desktop shortcut • When the installation is complete, double-click the HijackThis icon on your desktop • Select "Do a system scan and save the Logfile" • When the scan is completed, Notepad will launch with the log. Please UNcheck Word Wrap in Notepad (Click Format > UNcheck Word Wrap) • Do not fix anything that you see in the log. (Scanning will not make any changes to your computer. Most of what is found is harmless or even required.) • Copy/Paste the log as a reply (Select Edit > Select All > Edit Copy) • Close HijackThis and Notepad Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 05, 2008, 01:36:36 AM I will not press the button! I must know where things came from and why and if I did it before I press buttons! Although somewhere along the line I must have? I have no explanation for this toolbar. Unless perhaps it is from that Christmas card from my Aunt? The 123 Greetings thingy? I knew it was some kind of registry thingy? @Ripley Are you saying you just got a new PC and this program is already installed, and there is a toolbar in your browser to access it? No this is not a bundle software, my computer is older now. I simply meant when it was new, sorry. I cannot locate it in A/R? So.... My HJT Log to follow soon. :thanks: Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 05, 2008, 03:00:42 AM Corrine here it is: My guess is Toolbar no name? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:50 PM, on 1/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HiJackThis.exe C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Deborah Aungst O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [ScriptSentry] C:\Program Files\Script Sentry\ScriptSentry.exe /check O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe O4 - Global Startup: Comodo AntiSpam.lnk = C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162680397843 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166031567000 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10352 bytes Title: Re: We Need A Dumb Questions Section Post by: Vietnam Vet on January 05, 2008, 04:33:44 AM Hello Niecarrah, While you are waiting for Corrine, just a little bit of info for you. Quote My guess is Toolbar no name? That toolbar entry is related to ImageShack Toolbar which is considered legit. Ring a bell? http://www.castlecops.com/tk30171-ImageShack_Toolbar.html You do have at least a couple of activex entries that are questionable(listed in IESpyAds restricted sites). No suggestions from me, wait for Corrine's reply. Best wishes, VV Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 05, 2008, 12:26:16 PM Hi, Deb. Let's start here and if this doesn't work, we'll take a look with WinPatrol. Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following and press "Fix Checked": O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file) O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cabO16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - Please download ATF Cleaner by Atribune from http://www.atribune.org/content/view/25/2/ (http://www.atribune.org/content/view/25/2/) . Save it to your Desktop. Run ATF Cleaner • Double-click ATF-Cleaner.exe to run the program. • Click Select All found at the bottom of the list. • Click the Empty Selected button. • Click Exit on the Main menu to close the program. • Shutdown/restart the computer. Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 05, 2008, 03:44:30 PM Well Corrine...it is bad news! I followed you instructions to the letter and the pesky thing is still here! Now what? :help: Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 05, 2008, 03:59:41 PM Instead of WinPatrol, let's see a DSS log. Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges. • Close all applications and windows. • Double-click on dss.exe to run it, and follow the prompts. • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply [/list] Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 05, 2008, 04:49:34 PM Deckard's System Scanner v20071014.68 Run by Deborah Aungst on 2008-01-05 13:10:51 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 73: 2008-01-05 18:11:11 UTC - RP261 - Deckard's System Scanner Restore Point Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz Percentage of Memory in Use: 82% Physical Memory (total/avail): 446.04 MiB / 77.41 MiB Pagefile Memory (total/avail): 1054.61 MiB / 536.36 MiB Virtual Memory (total/avail): 2047.88 MiB / 1924.21 MiB C: is Fixed (NTFS) - 55.88 GiB total, 46.59 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD600BEAS-00KZT0 - 55.89 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 55.88 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: COMODO Firewall Pro v3.0 (COMODO) AV: AVG 7.5.516 v7.5.516 (Grisoft) AV: avast! antivirus 4.7.1098 [VPS 080104-0] v4.7.1098 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Deborah Aungst\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=THESPROULTAVERN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Deborah Aungst LOGONSERVER=\\THESPROULTAVERN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Bitvise Tunnelier PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e08 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp TMP=C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp USERDOMAIN=THESPROULTAVERN USERNAME=Deborah Aungst USERPROFILE=C:\Documents and Settings\Deborah Aungst windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Deborah Aungst (admin) The Sproul Tavern (admin) Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 1st Free Solitaire 1.6 --> "C:\Program Files\1st Free Solitaire\unins000.exe" a-squared Free 2.1 --> "C:\Program Files\a-squared Free\unins000.exe" Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log AIM 6 --> C:\Program Files\AIM6\uninst.exe ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{FA065AE3-3D12-43C6-9986-734833E33481} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257} AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe" avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Beehive Solitaire 1.02 --> "C:\Program Files\NZP\Beehive Solitaire\uninstall.exe" Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Colorizer 1.0.0.1 --> C:\PROGRA~1\COLORI~1\UNWISE.EXE C:\PROGRA~1\COLORI~1\INSTALL.LOG Common Sense Calendar --> "C:\Program Files\Common Sense Calendar\Common Sense Calendar.exe" -u Comodo AntiSpam Desktop Edition 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7C6BBE85-38E8-4007-B35B-259C56FB9EE8} COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe" Free Spider --> C:\PROGRA~1\FREESP~1\UNWISE.EXE C:\PROGRA~1\FREESP~1\INSTALL.LOG GalleryPlayer Images --> C:\WINDOWS\GalleryPlayer Images Uninstaller.exe Google Pack Screensaver --> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2 --> "C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" HouseCall 6.6 --> "C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6\uninstaller.exe" HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3} HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Premier Software 6.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HyperLoad - Golf Range --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0172B82-9ED5-4C9F-8939-C0794BFBB297}\setup.exe" -l0x9 -uninst -removeonly HyperLoad - Mah Jongg --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98ED2AE5-800B-4CAA-B43C-0856FF4619D4}\setup.exe" -l0x9 -uninst -removeonly Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Lucky 13 Card Solitaire 1.01 --> "C:\Program Files\NZP\Lucky 13 Card Solitaire\uninstall.exe" McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Motorola SM56 Data Fax Modem --> rundll32.exe sm56co.dll,SM56UnInstaller Mozilla Firefox (2.0.0.11) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2 REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.EXE" -l0x9 REMOVE Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe" Script Sentry --> C:\Program Files\Script Sentry\uninstall.exe Secunia PSI (BETA) --> MsiExec.exe /X{0A4DF5B0-983C-4691-9D4A-9FD1D4B2A69F} SnagIt 7 --> MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B} Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Sun Download Manager 2.0 (web) --> C:\WINDOWS\system32\javaws.exe -uninstall "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp" Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55} Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0 WinPatrol 2007 Restore/Remove First --> C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe -remove WinPatrol 2007 Step 2 --> MsiExec.exe /X{736CE9DD-F589-485B-ACFF-78C235A57066} XML Paper Specification Shared Components Pack 1.0 --> Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG -- Application Event Log ------------------------------------------------------- Event Record #/Type3687 / Error Event Submitted/Written: 01/05/2008 01:13:24 PM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Event Record #/Type3685 / Warning Event Submitted/Written: 01/05/2008 11:33:26 AM Event ID/Source: 1001 / MsiInstaller Event Description: Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}' Event Record #/Type3684 / Warning Event Submitted/Written: 01/05/2008 11:33:26 AM Event ID/Source: 1004 / MsiInstaller Event Description: Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main', component '{754DC844-047B-4AD7-ACD0-4CC04383D7A6}' failed. The resource 'C:\Program Files\ATI Technologies\ATI.ACE\dsktop.shr' does not exist. Event Record #/Type3682 / Warning Event Submitted/Written: 01/05/2008 11:33:18 AM Event ID/Source: 1001 / MsiInstaller Event Description: Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}' Event Record #/Type3681 / Warning Event Submitted/Written: 01/05/2008 11:33:18 AM Event ID/Source: 1004 / MsiInstaller Event Description: Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main', component '{754DC844-047B-4AD7-ACD0-4CC04383D7A6}' failed. The resource 'C:\Program Files\ATI Technologies\ATI.ACE\dsktop.shr' does not exist. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type44043 / Error Event Submitted/Written: 01/05/2008 11:25:35 AM Event ID/Source: 7001 / Service Control Manager Event Description: The TuneUp Theme Extension service depends on the Themes service which failed to start because of the following error: %%1058 Event Record #/Type44020 / Warning Event Submitted/Written: 01/05/2008 11:18:41 AM Event ID/Source: 3004 / WinDefend Event Description: %THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow. For more information please see the following: %THESPROULTAVERN275 Scan ID: {37880161-3F1A-47F1-AE1A-3C2F822C8D33} User: THESPROULTAVERN\Deborah Aungst Name: %THESPROULTAVERN271 ID: %THESPROULTAVERN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %THESPROULTAVERN276 Alert Type: %THESPROULTAVERN278 Detection Type: 1.1.1593.02 Event Record #/Type44019 / Warning Event Submitted/Written: 01/05/2008 11:18:41 AM Event ID/Source: 3004 / WinDefend Event Description: %THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow. For more information please see the following: %THESPROULTAVERN275 Scan ID: {CFEB27DA-BAEC-49C2-8275-E24A1CD5EC12} User: THESPROULTAVERN\Deborah Aungst Name: %THESPROULTAVERN271 ID: %THESPROULTAVERN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %THESPROULTAVERN276 Alert Type: %THESPROULTAVERN278 Detection Type: 1.1.1593.02 Event Record #/Type44018 / Warning Event Submitted/Written: 01/05/2008 11:18:41 AM Event ID/Source: 3004 / WinDefend Event Description: %THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow. For more information please see the following: %THESPROULTAVERN275 Scan ID: {753B5976-7D97-4B32-B7A0-66113F4C60C9} User: THESPROULTAVERN\Deborah Aungst Name: %THESPROULTAVERN271 ID: %THESPROULTAVERN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %THESPROULTAVERN276 Alert Type: %THESPROULTAVERN278 Detection Type: 1.1.1593.02 Event Record #/Type44017 / Warning Event Submitted/Written: 01/05/2008 11:18:41 AM Event ID/Source: 3004 / WinDefend Event Description: %THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow. For more information please see the following: %THESPROULTAVERN275 Scan ID: {3A359871-135F-41B3-972C-E8D45048EEEA} User: THESPROULTAVERN\Deborah Aungst Name: %THESPROULTAVERN271 ID: %THESPROULTAVERN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %THESPROULTAVERN276 Alert Type: %THESPROULTAVERN278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2008-01-05 13:14:46 ------------ 72: 2008-01-05 00:10:18 UTC - RP260 - Software Distribution Service 3.0 71: 2008-01-04 17:39:19 UTC - RP259 - System Checkpoint 70: 2008-01-03 08:48:14 UTC - RP258 - System Checkpoint 69: 2008-01-02 07:48:11 UTC - RP257 - System Checkpoint -- First Restore Point -- 1: 2007-10-07 21:36:57 UTC - RP189 - Installed Security Update for QuickTime 7.2 Backed up registry hives. Performed disk cleanup. Percentage of Memory in Use: 78% (more than 75%). Total Physical Memory: 447 MiB (512 MiB recommended). -- HijackThis (run as Deborah Aungst.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:13:15 PM, on 1/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe C:\Program Files\Secunia\PSI (BETA)\PSI.exe C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\dss.exe C:\DOCUME~1\DEBORA~1\MYDOCU~1\DOWNLO~1\Deborah Aungst.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Deborah Aungst O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [ScriptSentry] C:\Program Files\Script Sentry\ScriptSentry.exe /check O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe O4 - Global Startup: Comodo AntiSpam.lnk = C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162680397843 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166031567000 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - O17 - HKLM\System\CCS\Services\Tcpip\..\{301F0FB4-180F-481E-864B-5DA1F2001D12}: NameServer = 65.196.203.193 65.196.203.194 O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe -- End of file - 11003 bytes -- HijackThis Fixed Entries (C:\DOCUME~1\DEBORA~1\MYDOCU~1\DOWNLO~1\backups\) -- backup-20070316-203414-145 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 backup-20070316-203414-241 O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004 backup-20070316-203414-535 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 backup-20070316-203414-846 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 backup-20070316-203414-875 O15 - Trusted Zone: http://toolbar.imageshack.us backup-20070316-203414-878 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 backup-20070327-013344-414 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) backup-20070327-013344-469 O2 - BHO: (no name) - rsion - (no file) backup-20070327-013344-634 O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file) backup-20080105-110142-648 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab backup-20080105-110142-730 O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file) backup-20080105-110144-518 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cab backup-20080105-110144-783 O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - backup-20080105-110145-298 O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - -- File Associations ----------------------------------------------------------- .js - JSFile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %* .reg - regfile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %* .vbs - VBSFile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys R3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector> S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 O2Flash (O2Micro Flash Memory) - c:\windows\system32\o2flash.exe R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service> S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\4000388C30D41 Manufacturer: Microsoft Name: 1394 Net Adapter #2 PNP Device ID: V1394\NIC1394\4000388C30D41 Service: NIC1394 -- Scheduled Tasks ------------------------------------------------------------- 2008-01-05 11:28:10 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-01-04 17:15:00 408 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job 2007-09-06 19:23:59 258 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job -- Files created between 2007-12-05 and 2008-01-05 ----------------------------- 2008-01-05 11:31:19 0 dr-h----- C:\Documents and Settings\Deborah Aungst\Recent 2008-01-05 09:06:30 0 d-------- C:\Documents and Settings\LocalService\Desktop 2008-01-05 09:06:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2008-01-05 09:05:20 0 d-------- C:\Program Files\SiteAdvisor 2008-01-03 23:00:20 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\SiteAdvisor 2008-01-03 23:00:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-01-03 23:00:20 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-30 09:58:32 0 d-------- C:\Program Files\Trustix 2007-12-30 08:39:51 0 d-------- C:\Documents and Settings\All Users\Application DataTechSmith 2007-12-30 07:53:50 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Comodo 2007-12-30 07:53:45 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo 2007-12-30 07:53:42 0 d-------- C:\Program Files\COMODO 2007-12-30 07:13:39 0 d-------- C:\Program Files\TechSmith 2007-12-29 21:32:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-28 13:03:44 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\AVG7 2007-12-28 13:03:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-28 12:14:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-27 16:03:08 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6 2007-12-20 00:31:49 0 d-------- C:\Program Files\Windows Live Safety Center -- Find3M Report --------------------------------------------------------------- 2008-01-04 20:10:46 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\1st Free Solitaire 2008-01-04 11:42:51 0 d-------- C:\Program Files\a-squared Free 2007-12-29 21:32:59 0 d-------- C:\Program Files\Common Files 2007-12-27 21:00:56 0 d-------- C:\Program Files\SmileyPad 2007-12-27 20:59:03 0 d-------- C:\Program Files\Coupons 2007-12-27 20:57:33 0 d-------- C:\Program Files\Apple Software Update 2007-12-26 20:59:37 0 d-------- C:\Program Files\SpywareBlaster 2007-12-24 12:35:56 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Adobe 2007-12-24 12:34:28 8464 --a------ C:\WINDOWS\mozver.dat 2007-12-16 00:25:32 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Free Spider TreeCardGames 2007-11-26 08:48:50 0 d-------- C:\Program Files\Panda Security 2007-11-05 23:41:54 0 d-------- C:\Program Files\CCleaner 2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework> 2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [02/27/2006 04:28 AM C:\WINDOWS\RTHDCPL.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [10/26/2007 11:06 AM] "ScriptSentry"="C:\Program Files\Script Sentry\ScriptSentry.exe" [07/04/2002 07:44 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/28/2007 11:09 PM] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [12/30/2007 07:53 AM] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [12/04/2007 04:03 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 04:43 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 03:46 PM] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [11/22/2007 11:10 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\Deborah Aungst\Start Menu\Programs\Startup\ Secunia PSI (BETA).lnk - C:\Program Files\Secunia\PSI (BETA)\PSI.exe [9/11/2007 7:55:40 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Comodo AntiSpam.lnk - C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe [8/2/2005 11:48:54 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoSharedDocuments"=00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= C:\WINDOWS\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pennswoods.net Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pennswoods.net Web Accelerator.lnk backup=C:\WINDOWS\pss\Pennswoods.net Web Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream] "C:\Program Files\SlipStream Web Accelerator\slipcore.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XOSD] C:\Program Files\XOSD\XOSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Common Sense Calendar"="C:\Program Files\Common Sense Calendar\Common Sense Calendar.exe" -r [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] CtServ CtServ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp -- Hosts ----------------------------------------------------------------------- 127.0.0.1 babe.the-killer.bz 127.0.0.1 www.babe.the-killer.bz 127.0.0.1 babe.k-lined.com 127.0.0.1 www.babe.k-lined.com 127.0.0.1 did.i-used.cc 127.0.0.1 www.did.i-used.cc 127.0.0.1 coolwwwsearch.com 127.0.0.1 www.coolwwwsearch.com 127.0.0.1 hi.studioaperto.net 127.0.0.1 www.hi.studioaperto.net 7829 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-01-05 13:14:46 ------------ Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 05, 2008, 05:51:25 PM It appears you have two firewalls enabled, the Windows Internal Firewall and COMODO. You need to disable one of them, preferably the Windows Internal Firewall since you are operating Windows XP: Windows Internal Firewall is enabled. FW: COMODO Firewall Pro v3.0 (COMODO) Quote Real-Time Protection agent has detected changes. I should have told you to disable real-time protection first. Let's see if this makes a difference. Disable Teatimer First step: • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol) • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless. • If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : • Open Spybot S&D • Click Mode, choose Advanced Mode • Go To the bottom of the Vertical Panel on the Left, Click Tools • then, also in left panel, click Resident shows a red/white shield. • If your firewall raises a question, say OK • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active • OK any prompts. • Use File, Exit to terminate Spybot • Reboot your machine for the changes to take effect. AVG Anti-Spyware • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray. • In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'. • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield". • Reply 'no' and set it to 'inactive' for the duration of your cleanup. 2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'. • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield". • Reply 'no' and set it to 'inactive' for the duration of your cleanup. WinPatrol Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot. Windows Defender • Click on "Tools" • Click on "General Settings" • Scroll down to "Real-time protection options" • Uncheck "Turn on Real-time protection (recommended)" • Click "Save" Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following and press "Fix Checked": O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cabO16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 05, 2008, 09:53:39 PM Eeks! On the firewall :smash: but I had trouble with my download and had already terminated my Old Firewall, then had to go back and try another link for Comodo. So I figured Windows firewall was better than none when I had to go back on line? Then I simply forgot to turn it off! :thanks: Before I ran Deckard's I had disable all my protections. But I did them as you instructed this time...and that freakin' thing is still there!!! Although the things we cleared appear to be gone this time. But this, this is still here!(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2Fstupidthing.png&hash=d14a8c737052be5e2bd692602f221874e58a41a7) Thank You Corine for all the googling you probably had to do for me! I'll keep poking around for answers? :hug: CRAZY? Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 05, 2008, 11:16:05 PM If you look at the files created in the past month, there doesn't seem to be anything out of the ordinary. The only "if-y" files are C:\Program Files\SmileyPad and C:\Program Files\Coupons. 2008-01-05 11:31:19 0 dr-h----- C:\Documents and Settings\Deborah Aungst\Recent 2008-01-05 09:06:30 0 d-------- C:\Documents and Settings\LocalService\Desktop 2008-01-05 09:06:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2008-01-05 09:05:20 0 d-------- C:\Program Files\SiteAdvisor 2008-01-03 23:00:20 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\SiteAdvisor 2008-01-03 23:00:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-01-03 23:00:20 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-30 09:58:32 0 d-------- C:\Program Files\Trustix 2007-12-30 08:39:51 0 d-------- C:\Documents and Settings\All Users\Application DataTechSmith 2007-12-30 07:53:50 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Comodo 2007-12-30 07:53:45 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo 2007-12-30 07:53:42 0 d-------- C:\Program Files\COMODO 2007-12-30 07:13:39 0 d-------- C:\Program Files\TechSmith 2007-12-29 21:32:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-28 13:03:44 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\AVG7 2007-12-28 13:03:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-28 12:14:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-27 16:03:08 0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6 2007-12-20 00:31:49 0 d-------- C:\Program Files\Windows Live Safety Center Since you use IE7, Click Tools > Manage Add-Ons > Enable/Disable Add-Ons Look at "Add-ons Currently Loaded in Internet Explorer" for anything unfamiliar or possibly (with luck) a name like InfoPacket. If nothing there, I'd like to see a screen copy that includes not just the "toolbar" but the toolbar "in situ" on your browser. I want to see how it "fits in". Is it part of the Links toolbar? Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 05, 2008, 11:20:09 PM While you're at it, launch WinPatrol and take a look at IE Helpers and Startup Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 06, 2008, 05:01:43 AM You know I hardly ever use IE! Only to update Windows/Microsoft and a few other things that don't work proper on Firefox! And now in checking...guess what it is only on Firefox! I could not locate it on IE? Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 06, 2008, 11:42:07 AM If it is on the bookmarks toolbar, right-click and select delete. If that doesn't work, I would like to see a screen copy. I've been looking for an IE hijack, not FF. Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 08, 2008, 03:39:33 AM Corrine, sorry it took so long, but I have been searching in every nook and cranny for how I got this? And what it is, but to no avail. I've been looking too long, maybe I can't see anymore? I had taken a close look at all my bookmarks before I even brought this to light? Here is as much detail I can provide: http://www.liutilities.com/products/campaigns/affiliate/general/sp/ This is the complete addy. And this is a screen shot with mouse over. I HOPE THIS HELPS, IT IS MAKING ME CRAZY! :tease: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2FPeskyThingy-1.png&hash=f037ae223897ee348f885b7427a5d190bf5017a1) (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2FMSLOGO.gif&hash=db977b511582f557a83577993db795300d57de93) This is on the website if I go to the www.liutilities.com The site appears legit. In the mouse over: http://www.infopackets.com/cgi-bin/click.cgi?id=310 ? Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 08, 2008, 11:09:25 AM Right-click on (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi177.photobucket.com%2Falbums%2Fw232%2FNiecarrah%2Fstupidthing.png&hash=d14a8c737052be5e2bd692602f221874e58a41a7) and select delete. Next, right-click in the space to the right of "Help". You should see a check mark next to Navigation Toolbar which is likely where the Yahoo and other shortcuts are located. I believe if you UNcheck next to the Bookmarks Toolbar, the blank line will be gone, after deleting the bookmark for infopackets. Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 08, 2008, 01:40:59 PM :thanks: :thanks: :gwave: GO CORRINE!!!!! :gwave: :oops: Yes that very simple thing took it away! :( But my Google Toolbar is gone also!! Any fix for that? Other than deal with a blank line? I can't do without my Google ! But you are my hero! :gwave: :gwave: That is one draw back of FF, you can't move and scrunch the toolbars around. :smash: Any insight as to why it suddenly appeared? Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 08, 2008, 03:41:34 PM Don't know why it appeared but you may want to do a search for infopacket and delete it if it is found as a URL. Could be the Bookmarks toolbar is where the Google thing goes. I have no clue as I don't like toolbars cluttering my screen space. Deleting the bookmark may have done the trick so see what happens when you right-click in the space to the right of "Help" and put a check-mark by the Bookmarks Toolbar. Quote That is one draw back of FF, you can't move and scrunch the toolbars around. You most certainly can!!! I have the top two "lines" in your screen copy combined in one row with File, Edit, View, etc. and the Address bar all together. The next "line" is the Bookmarks Toolbar where I have bookmark folders and shortcuts. Title: Re: We Need A Dumb Questions Section Post by: Corrine on January 08, 2008, 09:49:23 PM Now that I'm home, I can show you my one-line menu bar. I use Tab Mix Plus which allows me to have the open tabs at the bottom of the screen (Display > Tab Bar > Bottom). With Tiny Menu, I can consolidate the various menu options that I don't use regularly under "Menu" (and I can use keyboard commands to access the options). You'll see in the image that I expanded the bookmark folder labeled "1". That is what is opened first. Then I open other tabs from Folder "2" or from other folders. Because I've used this system for so many years, I have no problem remembering what other bookmark folder will have what I'm looking for. As you can see in the image, I have around 20 tabs open at the moment, although a bunch will be closed and other opened. Yes, I can keep track of what is where primarily with the Favicons but could also refer to the drop-down arrow ("display as a list" option in TabMix Plus) next to the address bar. I'm currently using the Liquifox Theme: https://addons.mozilla.org/en-US/firefox/search?q=liquifox&status=4 Tiny Menu: https://addons.mozilla.org/en-US/firefox/addon/1455 (Ok, time to restart my computer and get the Security Updates installed. :) ) [attachment deleted by admin] Title: Re: We Need A Dumb Questions Section Post by: Niecarrah on January 09, 2008, 01:50:04 AM When I came over from 98SE and briefly 2000(I gave up to a college student that needed a puter)XP was very different. But after you said you could scrunch toolbars on FF, I did some poking around. :oops: And guess what, I found how it works! I have never really done much poking around, looking for things and how they work. If it isn't obvious, oh well. What a dumb a$\$ I have been!!  I have my toolbars on IE, somewhat like you have.  I like them together also.  But your system seems a mystery to me, I am glad you know what your doing cause I would be lost!  Once again THANK YOU Corrine, for having the patience to deal with this dummy! I am glad to be rid of that toolbar and never looked beyond my big nose as to how it worked. Looked for the obvious, didn't see it, and thought I'd just have to learn to deal with all that space being eaten or deal without my toolbars? Dah, what a genius huh? And I take car of others puters...Scary isn't it? But I am more into security, scans, removal, and protections in general. I was trying to make something so simple too hard I guess?   This whole thing was a fiasco, but as Ripley says,  I've learned somethings through this pesky thingy.  It is gone, the toolbar is gone and my toolbar that is left is perfect! I dropped and dragged it till it suited me just fine, thanks to you!   You are a wonderful teacher and I think hanging around at Landzdown will broaden my horizons further!   So you guys are stuck with me!  And you dear lady, you are a pretty special gal! :rose: No wonder the awards!!!!  :rose:
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 09, 2008, 02:12:56 AM
@ Corrine,  BTW did a search on infopackets...only turned up the images I saved to use for you!  Good News! :gwave:
Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 12, 2008, 03:48:23 PM
For what it's worth, I searched my Fx bookmarks & found Infopacket as well.  It was a Windows Newsletter I had saved some time back: http://www.infopackets.com/
If you go there & hoover over the speedmypc advertisement, the url you had, will display in the lower left corner of your browser.  Now HOW you got the ad url in your Bookmarks Folder is a mystery to me too.  Maybe the Newsletter "subscribe" page will jog a past memory.

I haven't used the GoogleToolbar, but it appears to have "3 or 4 custom layout"" options.  Maybe when you uncked the bkmrks toolbar in Fx, you had the option of "Replace Firefox search box and hide Toolbar" cked in the Google toolbar preferences...it seems odd that deleting one url, & toggling the Fx Bookmarks Toolbar would remove the Google Toolbar.
One difference I see, bookmarks stored in Fx are saved locally on your puter...the ones saved thru GoogleToolbar are saved online at Google.

If you want to troubleshoot to get it back try Toolbar for Firefox Help Center (http://www.google.com/support/firefox/) and Google Toolbar for Firefox Help group (http://groups.google.com/group/FFToolbar-Group).  But an uninstall, clean re-install might be a quicker option.
Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 12, 2008, 04:07:37 PM
TIP:
In the default, native Fx browser, starting at the top, (also referred to in Mozilla speak as the "Chrome"):
Title bar
Bookmarks Toolbar <The only items that display here are urls/bookmarks saved in the Bookmarks Toolbar Folder (Links Folder on IE), which is where that infopackets seemed to be displaying.

The latter 2 can be toggled "off" any time thru "View."  Also, as you found out by "customize", (http://support.mozilla.com/kb/How+to+customize+the+toolbar) you can move the location (address) bar & search window up one level, change the size of the icons, drag/drop buttons, etc.  If you get in trouble, push the "Restore Default Set" option & start over.

I haven't use Firefox that long, but the first thing I started doing, after getting familiar with NoScript, was "editting the chrome" (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fartists%2Fmini%2Fconnie_mini_girlspin.gif&hash=3107011c3c2f9d5b48146983a6495e251f088ebb)  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fartists%2Fconnie%2Fconnie_nutzo.gif&hash=72bac5b7cf44e90d961a269ac5ecb71e0f0a2bf0)
Quickly sorted out that I should spend some time on learning how to Backup Your Profile  (http://support.mozilla.com/kb/Backing+up+your+information) and creating a new profile for those sort of things.  I curtailed my exuberance, & spent more time just learning the options in Fx w/o add-ons/toolbars, themes, etc, so I could be better informed on what I needed/wanted to customize.

In addition to the customizations Corrine shares, this article might be of interest.  Not so much for the advanced "edits" you can do, but the discussion in the comments section, some including screenshots for more ideas.  It's written for and by "powerusers" > http://lifehacker.com/software/firefox/geek-to-live-consolidate-firefoxs-chrome-210542.php

I have attached screenies with no "extras"/Fx add-ons/themes, w/ the exception of Personas  (http://labs.mozilla.com/2007/12/personas-for-firefox/)which is a foo-foo thing...adds backgrnd pics to the chrome.
First is the customize mode showing where "spaces" can be added & moved areas, and the final look.

Bookmark favicons> Photobucket, Webmail, Gmail, LzD Chat, Lzd, Folder (similar links in drop down list) Weather, News, Scuba as examples.

Title: Re: We Need A Dumb Questions Section
Post by: Ripley on January 12, 2008, 04:15:35 PM
@Corrine, hummm, that your browser setup "in situ"?  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fhe_and_she%2Fgirl_to_take_umbrage.gif&hash=5d6d6ef862683cb67dc79495603430fd416ddd24)

I guess I have got a ways to go  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fhe_and_she%2Fgirl_to_take_umbrage2.gif&hash=9f93531bf4b9b6e2344adf78e95801df1d10816c)

I get a hotflash just looking at that geeky looking browser masterpiece  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fuser%2FVala_16.gif&hash=d2d3e89f32a2604e6f2f2c8d5cbdd28746e62798)   (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fartists%2Fmini%2Fconnie_mini_girlwinky.gif&hash=94d97a186b9280f5ae1b4d4ff957be075f11df16)

I am still sorting navigation/productivity tips.

Impressive indeed.
I have looked at Tiny Menu, but just got interested in this Tab Mix Plus looking at your screenie...tabs at the bottom has some possiblities.
I just recently convinced the last family member to update to IE7 from 6.  It was a 3.5 hr process (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi71.photobucket.com%2Falbums%2Fi152%2Fripley2006%2F0e963f99.gif&hash=8eeed98f21226c395163da032fe0d7160403124b) that finally completed successfully.  I mentioned this new feature of tabbed browsing, and "you can have 20 tabs open at once."  Their response?
"WHY would you want 20 open at the same time?"

Thanks.   A picture is worth a thousand words.
Title: Re: We Need A Dumb Questions Section
Post by: Corrine on January 12, 2008, 05:50:45 PM
@Corrine, hummm, that your browser setup "in situ"
Yup, that was taken in situ.  I haven't made any changes to it in a long time but if I opted for more info in the one-line custom toolbar, I'd quickly dump search since I can select/right-click search and have a couple of search add-ons that I use.
Title: Re: We Need A Dumb Questions Section
Post by: Niecarrah on January 13, 2008, 07:50:40 PM
Hey Ripley,  :thanks: for all the info., I will digest it slowly and let you know how it goes.