Author Topic: We Need A Dumb Questions Section  (Read 22468 times)

0 Members and 1 Guest are viewing this topic.

Offline Niecarrah

  • Hero Member
  • *****
  • Posts: 8290
  • An Armed Society Is A POLITE Society!
    • View Profile
We Need A Dumb Questions Section
« on: January 04, 2008, 01:56:16 AM »
The other day I noticed a toolbar, in it reads:  http://www.infopacket...  Checking it out on Google it is some component to Outlook Express?  Upon clicking on it:

It is a toolbar without a entry in view.  It takes up web page space and I don't want it!
The day I plugged my new computer in, I removed anything I could, that had to do with Outlook Express!  :smash:
Anyone have any insight here?
Have I been infected?  :help: Or is this just a dumb question?
.liutilities.com/products/campaigns/affiliate/general/sp/   Uniblue?  Uniblue Systems Limited
Can't find anything a Site Advisor?
I can't know...?
 NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"

Offline Ripley

  • Hero Member
  • *****
  • Posts: 2565
    • View Profile
Re: We Need A Dumb Questions Section
« Reply #1 on: January 04, 2008, 11:52:26 AM »
Hey Niecarrah   :breakkie:

uniblue.com and liutilities.com are rated legit/green by McAfee SiteAdvisor > http://www.siteadvisor.com/sites/uniblue.com

SpeedUpMyPC3 looks to be a software utility program sold by Uniblue for $40 > http://www.liutilities.com/products/speedupmypc/

Are you saying you just got a new PC and this program is already installed, and there is a toolbar in your browser to access it?
I cannot see why this product would have any connection to Outlook Express, an email client from Microsoft.
My guess, if this is a new PC, is that it is a pre-installed trial software by the computer manufacturer.

Is there no uninstall option in Add/Remove for it?

Does a search on your computer for speedupmypc.exe bring up anything?

If you don't want it, not sure how you got it, and haven't been successful in removing it...I wouldn't place that in the dumb questions category.  We don't have a "Dumb Questions Section" at LandzDown because there are no dumb questions...

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19601
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: We Need A Dumb Questions Section
« Reply #2 on: January 04, 2008, 12:30:45 PM »
Hi, Niecarrah.  That URL pulls a 404 for me.  How about a HijackThis log and we'll take a peek.  In the meantime, do not click on that Instant Scan button 'cause ya just never know!  Please download HijackThis© from one of the following sites:  Note:  If you have used any anti-spyware applications, please shutdown/restart the computer before scanning with HijackThis©. 

At the download prompt, choose "Save" 
  • Navigate to the saved file and double-click the installer, HJTsetup.exe
  • By default, HijackThis© will be installed on your computer at C:\Program Files\Trend Micro\HijackThis, making an entry in the Start menu and also providing a Desktop shortcut
  • When the installation is complete, double-click the HijackThis icon on your desktop
  • Select "Do a system scan and save the Logfile"
  • When the scan is completed, Notepad will launch with the log.   Please UNcheck Word Wrap in Notepad (Click Format > UNcheck Word Wrap)
  • Do not fix anything that you see in the log. (Scanning will not make any changes to your computer.  Most of what is found is harmless or even required.)
  • Copy/Paste the log as a reply  (Select Edit > Select All > Edit Copy)
  • Close HijackThis and Notepad

 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Niecarrah

  • Hero Member
  • *****
  • Posts: 8290
  • An Armed Society Is A POLITE Society!
    • View Profile
Re: We Need A Dumb Questions Section
« Reply #3 on: January 05, 2008, 01:36:36 AM »
I will not press the button!  I must know where things came from and why and if I did it before I press buttons!  Although somewhere along the line I must have?  I have no explanation for this toolbar.  Unless perhaps it is from that Christmas card from my Aunt?  The 123 Greetings thingy?  I knew it was some kind of registry thingy?

@Ripley 
Are you saying you just got a new PC and this program is already installed, and there is a toolbar in your browser to access it?
No this is not a bundle software, my computer is older now.  I simply meant when it was new, sorry.
 I cannot locate it in A/R?  So....
My HJT Log to follow soon. :thanks:
I can't know...?
 NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"

Offline Niecarrah

  • Hero Member
  • *****
  • Posts: 8290
  • An Armed Society Is A POLITE Society!
    • View Profile
Re: We Need A Dumb Questions Section
« Reply #4 on: January 05, 2008, 03:00:42 AM »
Corrine here it is:  My guess is Toolbar no name?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:50 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HiJackThis.exe
C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Deborah Aungst
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ScriptSentry] C:\Program Files\Script Sentry\ScriptSentry.exe /check
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe
O4 - Global Startup: Comodo AntiSpam.lnk = C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162680397843
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166031567000
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10352 bytes
I can't know...?
 NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"

Offline Vietnam Vet

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: We Need A Dumb Questions Section
« Reply #5 on: January 05, 2008, 04:33:44 AM »
Hello Niecarrah,

While you are waiting for Corrine, just a little bit of info for you.

Quote
My guess is Toolbar no name?
That toolbar entry is related to ImageShack Toolbar which is considered legit. Ring a bell?
http://www.castlecops.com/tk30171-ImageShack_Toolbar.html

You do have at least a couple of activex entries that are questionable(listed in IESpyAds restricted sites).

No suggestions from me, wait for Corrine's reply.
Best wishes,
VV

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19601
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: We Need A Dumb Questions Section
« Reply #6 on: January 05, 2008, 12:26:16 PM »
Hi, Deb.  Let's start here and if this doesn't work, we'll take a look with WinPatrol.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following and press "Fix Checked":

O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cabO16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -


Please download ATF Cleaner by Atribune from http://www.atribune.org/content/view/25/2/ .  Save it to your Desktop.

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Click Exit on the Main menu to close the program.
  • Shutdown/restart the computer.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Niecarrah

  • Hero Member
  • *****
  • Posts: 8290
  • An Armed Society Is A POLITE Society!
    • View Profile
Re: We Need A Dumb Questions Section
« Reply #7 on: January 05, 2008, 03:44:30 PM »
Well Corrine...it is bad news!  I followed you instructions to the letter and the pesky thing is still here!
Now what?  :help:
I can't know...?
 NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19601
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: We Need A Dumb Questions Section
« Reply #8 on: January 05, 2008, 03:59:41 PM »
    Instead of WinPatrol, let's see a DSS log.  Download
Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
[/list]


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Niecarrah

  • Hero Member
  • *****
  • Posts: 8290
  • An Armed Society Is A POLITE Society!
    • View Profile
Re: We Need A Dumb Questions Section
« Reply #9 on: January 05, 2008, 04:49:34 PM »
Deckard's System Scanner v20071014.68
Run by Deborah Aungst on 2008-01-05 13:10:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
73: 2008-01-05 18:11:11 UTC - RP261 - Deckard's System Scanner Restore Point
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M CPU        410  @ 1.46GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 446.04 MiB / 77.41 MiB
Pagefile Memory (total/avail): 1054.61 MiB / 536.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.21 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 46.59 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD600BEAS-00KZT0 - 55.89 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: avast! antivirus 4.7.1098 [VPS 080104-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Deborah Aungst\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THESPROULTAVERN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Deborah Aungst
LOGONSERVER=\\THESPROULTAVERN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Bitvise Tunnelier
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp
USERDOMAIN=THESPROULTAVERN
USERNAME=Deborah Aungst
USERPROFILE=C:\Documents and Settings\Deborah Aungst
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Deborah Aungst (admin)
The Sproul Tavern (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1st Free Solitaire 1.6 --> "C:\Program Files\1st Free Solitaire\unins000.exe"
a-squared Free 2.1 --> "C:\Program Files\a-squared Free\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{FA065AE3-3D12-43C6-9986-734833E33481}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Beehive Solitaire 1.02 --> "C:\Program Files\NZP\Beehive Solitaire\uninstall.exe"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Colorizer 1.0.0.1 --> C:\PROGRA~1\COLORI~1\UNWISE.EXE C:\PROGRA~1\COLORI~1\INSTALL.LOG
Common Sense Calendar --> "C:\Program Files\Common Sense Calendar\Common Sense Calendar.exe" -u
Comodo AntiSpam Desktop Edition 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7C6BBE85-38E8-4007-B35B-259C56FB9EE8}
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Free Spider --> C:\PROGRA~1\FREESP~1\UNWISE.EXE C:\PROGRA~1\FREESP~1\INSTALL.LOG
GalleryPlayer Images --> C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
Google Pack Screensaver --> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6\uninstaller.exe"
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HyperLoad - Golf Range --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0172B82-9ED5-4C9F-8939-C0794BFBB297}\setup.exe" -l0x9  -uninst  -removeonly
HyperLoad - Mah Jongg --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98ED2AE5-800B-4CAA-B43C-0856FF4619D4}\setup.exe" -l0x9  -uninst  -removeonly
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lucky 13 Card Solitaire 1.01 --> "C:\Program Files\NZP\Lucky 13 Card Solitaire\uninstall.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.11) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9  -removeonly
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.EXE" -l0x9 REMOVE
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Script Sentry --> C:\Program Files\Script Sentry\uninstall.exe
Secunia PSI (BETA) --> MsiExec.exe /X{0A4DF5B0-983C-4691-9D4A-9FD1D4B2A69F}
SnagIt 7 --> MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sun Download Manager 2.0 (web) --> C:\WINDOWS\system32\javaws.exe -uninstall "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinPatrol 2007 Restore/Remove First --> C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe -remove
WinPatrol 2007 Step 2 --> MsiExec.exe /X{736CE9DD-F589-485B-ACFF-78C235A57066}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type3687 / Error
Event Submitted/Written: 01/05/2008 01:13:24 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type3685 / Warning
Event Submitted/Written: 01/05/2008 11:33:26 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}'

Event Record #/Type3684 / Warning
Event Submitted/Written: 01/05/2008 11:33:26 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main', component '{754DC844-047B-4AD7-ACD0-4CC04383D7A6}' failed.  The resource 'C:\Program Files\ATI Technologies\ATI.ACE\dsktop.shr' does not exist.

Event Record #/Type3682 / Warning
Event Submitted/Written: 01/05/2008 11:33:18 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}'

Event Record #/Type3681 / Warning
Event Submitted/Written: 01/05/2008 11:33:18 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{FA065AE3-3D12-43C6-9986-734833E33481}', feature 'Main', component '{754DC844-047B-4AD7-ACD0-4CC04383D7A6}' failed.  The resource 'C:\Program Files\ATI Technologies\ATI.ACE\dsktop.shr' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type44043 / Error
Event Submitted/Written: 01/05/2008 11:25:35 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TuneUp Theme Extension service depends on the Themes service which failed to start because of the following error:
%%1058

Event Record #/Type44020 / Warning
Event Submitted/Written: 01/05/2008 11:18:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow.

For more information please see the following:
%THESPROULTAVERN275

   Scan ID: {37880161-3F1A-47F1-AE1A-3C2F822C8D33}

   User: THESPROULTAVERN\Deborah Aungst

   Name: %THESPROULTAVERN271

   ID: %THESPROULTAVERN272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %THESPROULTAVERN276

   Alert Type: %THESPROULTAVERN278

   Detection Type: 1.1.1593.02

Event Record #/Type44019 / Warning
Event Submitted/Written: 01/05/2008 11:18:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow.

For more information please see the following:
%THESPROULTAVERN275

   Scan ID: {CFEB27DA-BAEC-49C2-8275-E24A1CD5EC12}

   User: THESPROULTAVERN\Deborah Aungst

   Name: %THESPROULTAVERN271

   ID: %THESPROULTAVERN272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %THESPROULTAVERN276

   Alert Type: %THESPROULTAVERN278

   Detection Type: 1.1.1593.02

Event Record #/Type44018 / Warning
Event Submitted/Written: 01/05/2008 11:18:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow.

For more information please see the following:
%THESPROULTAVERN275

   Scan ID: {753B5976-7D97-4B32-B7A0-66113F4C60C9}

   User: THESPROULTAVERN\Deborah Aungst

   Name: %THESPROULTAVERN271

   ID: %THESPROULTAVERN272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %THESPROULTAVERN276

   Alert Type: %THESPROULTAVERN278

   Detection Type: 1.1.1593.02

Event Record #/Type44017 / Warning
Event Submitted/Written: 01/05/2008 11:18:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%THESPROULTAVERN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %THESPROULTAVERN27 can't undo changes that you allow.

For more information please see the following:
%THESPROULTAVERN275

   Scan ID: {3A359871-135F-41B3-972C-E8D45048EEEA}

   User: THESPROULTAVERN\Deborah Aungst

   Name: %THESPROULTAVERN271

   ID: %THESPROULTAVERN272

   Severity: 1.1.1593.05

   Category: 1.1.1593.06

   Path Found: %THESPROULTAVERN276

   Alert Type: %THESPROULTAVERN278

   Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-01-05 13:14:46 ------------

72: 2008-01-05 00:10:18 UTC - RP260 - Software Distribution Service 3.0
71: 2008-01-04 17:39:19 UTC - RP259 - System Checkpoint
70: 2008-01-03 08:48:14 UTC - RP258 - System Checkpoint
69: 2008-01-02 07:48:11 UTC - RP257 - System Checkpoint


-- First Restore Point --
1: 2007-10-07 21:36:57 UTC - RP189 - Installed Security Update for QuickTime 7.2


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Deborah Aungst.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:15 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe
C:\Program Files\Secunia\PSI (BETA)\PSI.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Documents and Settings\Deborah Aungst\My Documents\Downloads\dss.exe
C:\DOCUME~1\DEBORA~1\MYDOCU~1\DOWNLO~1\Deborah Aungst.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Deborah Aungst
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ScriptSentry] C:\Program Files\Script Sentry\ScriptSentry.exe /check
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe
O4 - Global Startup: Comodo AntiSpam.lnk = C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162680397843
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166031567000
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{301F0FB4-180F-481E-864B-5DA1F2001D12}: NameServer = 65.196.203.193 65.196.203.194
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11003 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\DEBORA~1\MYDOCU~1\DOWNLO~1\backups\) --

backup-20070316-203414-145 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
backup-20070316-203414-241 O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
backup-20070316-203414-535 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
backup-20070316-203414-846 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
backup-20070316-203414-875 O15 - Trusted Zone: http://toolbar.imageshack.us
backup-20070316-203414-878 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
backup-20070327-013344-414 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
backup-20070327-013344-469 O2 - BHO: (no name) - rsion - (no file)
backup-20070327-013344-634 O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
backup-20080105-110142-648 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
backup-20080105-110142-730 O3 - Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - (no file)
backup-20080105-110144-518 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cab
backup-20080105-110144-783 O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
backup-20080105-110145-298 O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
.reg - regfile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
.vbs - VBSFile - shell\open\command - C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 O2Flash (O2Micro Flash Memory) - c:\windows\system32\o2flash.exe
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\4000388C30D41
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\4000388C30D41
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-01-05 11:28:10       330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-04 17:15:00       408 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-09-06 19:23:59       258 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job


-- Files created between 2007-12-05 and 2008-01-05 -----------------------------

2008-01-05 11:31:19         0 dr-h----- C:\Documents and Settings\Deborah Aungst\Recent
2008-01-05 09:06:30         0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-01-05 09:06:30         0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-05 09:05:20         0 d-------- C:\Program Files\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-30 09:58:32         0 d-------- C:\Program Files\Trustix
2007-12-30 08:39:51         0 d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2007-12-30 07:53:50         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Comodo
2007-12-30 07:53:45         0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-30 07:53:42         0 d-------- C:\Program Files\COMODO
2007-12-30 07:13:39         0 d-------- C:\Program Files\TechSmith
2007-12-29 21:32:59         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 13:03:44         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\AVG7
2007-12-28 13:03:30         0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-28 12:14:01         0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-27 16:03:08         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6
2007-12-20 00:31:49         0 d-------- C:\Program Files\Windows Live Safety Center


-- Find3M Report ---------------------------------------------------------------

2008-01-04 20:10:46         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\1st Free Solitaire
2008-01-04 11:42:51         0 d-------- C:\Program Files\a-squared Free
2007-12-29 21:32:59         0 d-------- C:\Program Files\Common Files
2007-12-27 21:00:56         0 d-------- C:\Program Files\SmileyPad
2007-12-27 20:59:03         0 d-------- C:\Program Files\Coupons
2007-12-27 20:57:33         0 d-------- C:\Program Files\Apple Software Update
2007-12-26 20:59:37         0 d-------- C:\Program Files\SpywareBlaster
2007-12-24 12:35:56         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Adobe
2007-12-24 12:34:28      8464 --a------ C:\WINDOWS\mozver.dat
2007-12-16 00:25:32         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Free Spider TreeCardGames
2007-11-26 08:48:50         0 d-------- C:\Program Files\Panda Security
2007-11-05 23:41:54         0 d-------- C:\Program Files\CCleaner
2007-10-11 09:55:10     88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-10-09 12:58:20     16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [02/27/2006 04:28 AM C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [10/26/2007 11:06 AM]
"ScriptSentry"="C:\Program Files\Script Sentry\ScriptSentry.exe" [07/04/2002 07:44 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/28/2007 11:09 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [12/30/2007 07:53 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [12/04/2007 04:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 04:43 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 03:46 PM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [11/22/2007 11:10 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Deborah Aungst\Start Menu\Programs\Startup\
Secunia PSI (BETA).lnk - C:\Program Files\Secunia\PSI (BETA)\PSI.exe [9/11/2007 7:55:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Comodo AntiSpam.lnk - C:\Program Files\COMODO\Comodo AntiSpam\CAS32.exe [8/2/2005 11:48:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoSharedDocuments"=00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pennswoods.net Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pennswoods.net Web Accelerator.lnk
backup=C:\WINDOWS\pss\Pennswoods.net Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"C:\Program Files\SlipStream Web Accelerator\slipcore.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XOSD]
C:\Program Files\XOSD\XOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Common Sense Calendar"="C:\Program Files\Common Sense Calendar\Common Sense Calendar.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ   CtServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1   babe.the-killer.bz
127.0.0.1   www.babe.the-killer.bz
127.0.0.1   babe.k-lined.com
127.0.0.1   www.babe.k-lined.com
127.0.0.1   did.i-used.cc
127.0.0.1   www.did.i-used.cc
127.0.0.1   coolwwwsearch.com
127.0.0.1   www.coolwwwsearch.com
127.0.0.1   hi.studioaperto.net
127.0.0.1   www.hi.studioaperto.net

7829 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-05 13:14:46 ------------

I can't know...?
 NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19601
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: We Need A Dumb Questions Section
« Reply #10 on: January 05, 2008, 05:51:25 PM »
It appears you have two firewalls enabled, the Windows Internal Firewall and COMODO.  You need to disable one of them, preferably the Windows Internal Firewall since you are operating Windows XP:

Windows Internal Firewall is enabled.
FW: COMODO Firewall Pro v3.0 (COMODO)


Quote
Real-Time Protection agent has detected changes.
I should have told you to disable real-time protection first.   Let's see if this makes a difference. 

Disable Teatimer
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked.  The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
AVG Anti-Spyware
  •   Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
  •   In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
  •   If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
  •   Reply 'no' and set it to 'inactive' for the duration of your cleanup.  2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
  •   If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
  •   Reply 'no' and set it to 'inactive' for the duration of your cleanup.
WinPatrol

Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot.

Windows Defender
  •   Click on "Tools"
  •   Click on "General Settings"
  •   Scroll down to "Real-time protection options"
  •   Uncheck "Turn on Real-time protection (recommended)"
  •   Click "Save"
Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following and press "Fix Checked":

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Conagra/Coupons.cabO16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Niecarrah

  • Hero Member
  • *****
  • Posts: 8290
  • An Armed Society Is A POLITE Society!
    • View Profile
Re: We Need A Dumb Questions Section
« Reply #11 on: January 05, 2008, 09:53:39 PM »
Eeks! On the firewall   :smash: but I had trouble with my download and had already terminated my Old Firewall, then had to go back and try another link for Comodo.  So I figured Windows firewall was better than none when I had to go back on line?  Then I simply forgot to turn it off! :thanks:

Before I ran Deckard's I had disable all my protections.  But I did them as you instructed this time...and that freakin' thing is still there!!!  Although the things we cleared appear to be gone this time.
But this, this is still here!

Thank You Corine for all the googling you probably had to do for me!
I'll keep poking around for answers?  :hug:  CRAZY?
I can't know...?
 NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19601
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: We Need A Dumb Questions Section
« Reply #12 on: January 05, 2008, 11:16:05 PM »
If you look at the files created in the past month, there doesn't seem to be anything out of the ordinary.  The only "if-y" files are C:\Program Files\SmileyPad and C:\Program Files\Coupons.

2008-01-05 11:31:19         0 dr-h----- C:\Documents and Settings\Deborah Aungst\Recent
2008-01-05 09:06:30         0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-01-05 09:06:30         0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-05 09:05:20         0 d-------- C:\Program Files\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-03 23:00:20         0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-30 09:58:32         0 d-------- C:\Program Files\Trustix
2007-12-30 08:39:51         0 d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2007-12-30 07:53:50         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\Comodo
2007-12-30 07:53:45         0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-30 07:53:42         0 d-------- C:\Program Files\COMODO
2007-12-30 07:13:39         0 d-------- C:\Program Files\TechSmith
2007-12-29 21:32:59         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 13:03:44         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\AVG7
2007-12-28 13:03:30         0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-28 12:14:01         0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-27 16:03:08         0 d-------- C:\Documents and Settings\Deborah Aungst\Application Data\HouseCall 6.6
2007-12-20 00:31:49         0 d-------- C:\Program Files\Windows Live Safety Center

Since you use IE7, Click Tools > Manage Add-Ons  > Enable/Disable Add-Ons
Look at "Add-ons Currently Loaded in Internet Explorer" for anything unfamiliar or possibly (with luck) a name like InfoPacket.

If nothing there, I'd like to see a screen copy that includes not just the "toolbar" but the toolbar "in situ" on your browser.  I want to see how it "fits in".  Is it part of the Links toolbar? 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19601
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: We Need A Dumb Questions Section
« Reply #13 on: January 05, 2008, 11:20:09 PM »
While you're at it, launch WinPatrol and take a look at IE Helpers and Startup


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Niecarrah

  • Hero Member
  • *****
  • Posts: 8290
  • An Armed Society Is A POLITE Society!
    • View Profile
Re: We Need A Dumb Questions Section
« Reply #14 on: January 06, 2008, 05:01:43 AM »
You know I hardly ever use IE!  Only to update Windows/Microsoft and a few other things that don't work proper on Firefox!
And now in checking...guess what it is only on Firefox!  I could not locate it on IE?
I can't know...?
 NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"