sportdman1
2010-07-07, 09:16
To the Guru it may concern,
Blade81 helped me out last month regarding a google search re-direct issue. The re-direct issue is resolved. http://forums.spybot.info/showthread.php?p=375750#post375750
However, now my computer is super slow (hanging for minutes at a time) and I getting a Winpatrol DLL change warning about every 20 minutes. I have selected no to the change because I don't know what the DLL change is all about. I have attached a screan shot of the Winpatrol warning as well as the DDS logs. Also when I use explore to look for files I get a windows error right after I close the explore window on occasion (1 in 4 times). Thanks for the help in advance.
Sportdman
DDS (Ver_10-03-17.01) - NTFSx86
Run by JonMarlowe at 23:04:41.06 on Tue 07/06/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.444 [GMT -7:00]
============== Running Processes ===============
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Flip Video\FlipShare\FlipShareService.exe
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
D:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\WINDOWS\system32\WDBtnMgr.exe
D:\Program Files\OpenVPN\bin\openvpn-gui.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\JonMarlowe\Desktop\dds.scr
============== Pseudo HJT Report ===============
mSearch Bar = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer presented by Comcast
mStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mCustomizeSearch = about:blank
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - d:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [UpdateMedia] d:\program files\mediaupdate\UpdateMedia.exe
mRun: [ShStatEXE] "d:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "d:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [tgcmd] "d:\program files\support.com\bin\tgcmd.exe" /server
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [openvpn-gui] d:\program files\openvpn\bin\openvpn-gui.exe
mRun: [WinPatrol] d:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: d:\docume~1\jonmar~1\startm~1\programs\startup\erunta~1.lnk - d:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - d:\program files\yahoo!\common\yiesrvc.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - d:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\jonmar~1\applic~1\mozilla\firefox\profiles\r03wfihw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - plugin: d:\documents and settings\jonmarlowe\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: d:\documents and settings\jonmarlowe\application data\mozilla\firefox\profiles\r03wfihw.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll
FF - plugin: d:\documents and settings\jonmarlowe\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 $sys$cor;$sys$cor;d:\windows\system32\drivers\$sys$cor.sys [2004-10-6 18432]
R1 $sys$crater;$sys$crater;d:\windows\system32\$sys$filesystem\crater.sys [2004-10-7 11904]
R2 FlashNT;FlashNT;d:\windows\system32\drivers\flashnt.sys [2002-12-23 72784]
R2 McAfeeFramework;McAfee Framework Service;d:\program files\network associates\common framework\FrameworkService.exe [2004-9-12 106586]
R2 McShield;Network Associates McShield;d:\program files\network associates\virusscan\mcshield.exe [2003-9-29 237657]
R2 McTaskManager;Network Associates Task Manager;d:\program files\network associates\virusscan\vstskmgr.exe [2003-9-29 69706]
R2 Sdselect;Sdselect;d:\windows\system32\drivers\sdselect.sys [2002-12-23 73296]
R3 NaiAvFilter1;NaiAvFilter1;d:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
R3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 rcp_service;ReaConverter scheduler service;d:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
=============== Created Last 30 ================
2010-06-22 05:19:18 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-06-22 05:19:17 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-06-10 18:12:30 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
==================== Find3M ====================
2010-07-06 08:22:47 1744 ----a-w- d:\windows\system32\d3d9caps.dat
2010-07-01 06:11:45 74288 ----a-w- d:\docume~1\jonmar~1\applic~1\GDIPFONTCACHEV1.DAT
2010-06-26 06:27:19 1632 ----a-w- d:\windows\system32\d3d8caps.dat
2010-05-02 05:22:50 1851264 ----a-w- d:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- d:\windows\system32\atmfd.dll
2004-07-24 05:25:12 49570 ----a-w- d:\program files\common files\Nina Card.STO
2003-08-16 03:10:21 3000704 ----a-w- d:\program files\PokerStarsInstall.exe
2003-08-13 03:54:46 1291040 ----a-w- d:\program files\WindowsXP-KB823980-x86-ENU.exe
2003-07-17 03:00:16 301500 ----a-w- d:\program files\PPAL.EXE
2003-07-16 04:49:31 5282816 ----a-w- d:\program files\ParadisePokerSetup.exe
2003-07-09 06:56:49 11646328 ----a-w- d:\program files\acdsee.exe
2001-08-23 12:00:00 94784 --sh--w- d:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- d:\windows\twain_32.dll
2008-04-14 00:11:56 1028096 --sha-w- d:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sha-w- d:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- d:\windows\system32\msvcp60.dll
2008-04-14 00:12:02 551936 --sh--w- d:\windows\system32\oleaut32.dll
2008-04-14 00:12:32 11776 --sha-w- d:\windows\system32\regsvr32.exe
============= FINISH: 23:06:09.20 ===============
Blade81 helped me out last month regarding a google search re-direct issue. The re-direct issue is resolved. http://forums.spybot.info/showthread.php?p=375750#post375750
However, now my computer is super slow (hanging for minutes at a time) and I getting a Winpatrol DLL change warning about every 20 minutes. I have selected no to the change because I don't know what the DLL change is all about. I have attached a screan shot of the Winpatrol warning as well as the DDS logs. Also when I use explore to look for files I get a windows error right after I close the explore window on occasion (1 in 4 times). Thanks for the help in advance.
Sportdman
DDS (Ver_10-03-17.01) - NTFSx86
Run by JonMarlowe at 23:04:41.06 on Tue 07/06/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.444 [GMT -7:00]
============== Running Processes ===============
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Flip Video\FlipShare\FlipShareService.exe
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
D:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\WINDOWS\system32\WDBtnMgr.exe
D:\Program Files\OpenVPN\bin\openvpn-gui.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\JonMarlowe\Desktop\dds.scr
============== Pseudo HJT Report ===============
mSearch Bar = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer presented by Comcast
mStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mCustomizeSearch = about:blank
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - d:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [UpdateMedia] d:\program files\mediaupdate\UpdateMedia.exe
mRun: [ShStatEXE] "d:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "d:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [tgcmd] "d:\program files\support.com\bin\tgcmd.exe" /server
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [openvpn-gui] d:\program files\openvpn\bin\openvpn-gui.exe
mRun: [WinPatrol] d:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: d:\docume~1\jonmar~1\startm~1\programs\startup\erunta~1.lnk - d:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - d:\program files\yahoo!\common\yiesrvc.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - d:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\jonmar~1\applic~1\mozilla\firefox\profiles\r03wfihw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - plugin: d:\documents and settings\jonmarlowe\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: d:\documents and settings\jonmarlowe\application data\mozilla\firefox\profiles\r03wfihw.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll
FF - plugin: d:\documents and settings\jonmarlowe\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 $sys$cor;$sys$cor;d:\windows\system32\drivers\$sys$cor.sys [2004-10-6 18432]
R1 $sys$crater;$sys$crater;d:\windows\system32\$sys$filesystem\crater.sys [2004-10-7 11904]
R2 FlashNT;FlashNT;d:\windows\system32\drivers\flashnt.sys [2002-12-23 72784]
R2 McAfeeFramework;McAfee Framework Service;d:\program files\network associates\common framework\FrameworkService.exe [2004-9-12 106586]
R2 McShield;Network Associates McShield;d:\program files\network associates\virusscan\mcshield.exe [2003-9-29 237657]
R2 McTaskManager;Network Associates Task Manager;d:\program files\network associates\virusscan\vstskmgr.exe [2003-9-29 69706]
R2 Sdselect;Sdselect;d:\windows\system32\drivers\sdselect.sys [2002-12-23 73296]
R3 NaiAvFilter1;NaiAvFilter1;d:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
R3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 rcp_service;ReaConverter scheduler service;d:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
=============== Created Last 30 ================
2010-06-22 05:19:18 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-06-22 05:19:17 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-06-10 18:12:30 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
==================== Find3M ====================
2010-07-06 08:22:47 1744 ----a-w- d:\windows\system32\d3d9caps.dat
2010-07-01 06:11:45 74288 ----a-w- d:\docume~1\jonmar~1\applic~1\GDIPFONTCACHEV1.DAT
2010-06-26 06:27:19 1632 ----a-w- d:\windows\system32\d3d8caps.dat
2010-05-02 05:22:50 1851264 ----a-w- d:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- d:\windows\system32\atmfd.dll
2004-07-24 05:25:12 49570 ----a-w- d:\program files\common files\Nina Card.STO
2003-08-16 03:10:21 3000704 ----a-w- d:\program files\PokerStarsInstall.exe
2003-08-13 03:54:46 1291040 ----a-w- d:\program files\WindowsXP-KB823980-x86-ENU.exe
2003-07-17 03:00:16 301500 ----a-w- d:\program files\PPAL.EXE
2003-07-16 04:49:31 5282816 ----a-w- d:\program files\ParadisePokerSetup.exe
2003-07-09 06:56:49 11646328 ----a-w- d:\program files\acdsee.exe
2001-08-23 12:00:00 94784 --sh--w- d:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- d:\windows\twain_32.dll
2008-04-14 00:11:56 1028096 --sha-w- d:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sha-w- d:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- d:\windows\system32\msvcp60.dll
2008-04-14 00:12:02 551936 --sh--w- d:\windows\system32\oleaut32.dll
2008-04-14 00:12:32 11776 --sha-w- d:\windows\system32\regsvr32.exe
============= FINISH: 23:06:09.20 ===============