Caracoles
2010-09-28, 04:41
DDS (Ver_09-09-29.01) - NTFSx86
Run by MRomero at 17:40:42.97 on Mon 09/27/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.5981 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\svchost.exe -k svcboot_adpauwso
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\mqtgsvc.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\msconfig.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\My Other Me.MRomero-PC\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uDefault_Page_URL = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files (x86)\icu2\tbiCu1.dll
mURLSearchHooks: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files (x86)\icu2\tbiCu1.dll
mWinlogon: Userinit=userinit.exe
BHO: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files (x86)\icu2\tbiCu1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files (x86)\icu2\tbiCu1.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files (x86)\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\users\mromero\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\mromero\appdata\roaming\mozilla\firefox\profiles\qrjmueoc.default\
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files (x86)\mozilla firefox\components\1451257.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\default\appdata\local\huludesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: c:\users\mromero\appdata\roaming\mozilla\firefox\profiles\qrjmueoc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 nvstor64;nvstor64;c:\windows\system32\drivers\nvstor64.sys --> c:\windows\system32\drivers\nvstor64.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys --> c:\windows\system32\drivers\tmlwf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys --> c:\windows\system32\drivers\vwififlt.sys [?]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
R2 svcboot_adpauwso;svcboot_adpauwso;c:\windows\system32\svchost.exe -k svcboot_adpauwso [2009-7-13 20992]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys --> c:\windows\system32\drivers\tmpreflt.sys [?]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys --> c:\windows\system32\drivers\tmwfp.sys [?]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\drivers\lvpopf64.sys --> c:\windows\system32\drivers\lvpopf64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\lvpr2m64.sys --> c:\windows\system32\drivers\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys --> c:\windows\system32\drivers\lvrs64.sys [?]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\drivers\lvsels64.sys --> c:\windows\system32\drivers\lvsels64.sys [?]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\drivers\lvuvc64.sys --> c:\windows\system32\drivers\lvuvc64.sys [?]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ;c:\windows\system32\drivers\nvmf6264.sys --> c:\windows\system32\drivers\nvmf6264.sys [?]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-8-30 595960]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-8-30 917768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\watadminsvc.exe --> c:\windows\system32\wat\WatAdminSvc.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys --> c:\windows\system32\drivers\vwifimp.sys [?]
=============== Created Last 30 ================
2010-09-24 12:00 <DIR> --d----- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-09-24 02:44 <DIR> --d----- c:\program files (x86)\Conduit
2010-09-24 02:44 <DIR> --d----- c:\program files (x86)\iCu2
2010-09-24 02:44 <DIR> --d----- c:\programdata\LogiShrd
2010-09-23 19:36 <DIR> --d----- C:\2128d2bf08e326e819d7
2010-09-23 10:27 <DIR> --d----- c:\windows\pss
2010-09-23 08:20 3,288 -------- C:\bootsqm.dat
2010-09-22 21:20 <DIR> --d----- c:\programdata\Adobe
2010-09-22 21:20 <DIR> --d----- c:\programdata\McAfee
2010-09-22 21:20 <DIR> --d----- c:\program files (x86)\McAfee Security Scan
2010-09-22 21:20 <DIR> --d----- c:\programdata\NOS
2010-09-14 09:19 795,120 a------- c:\windows\system32\PerfStringBackup.INI
2010-09-14 09:17 <DIR> --d----- c:\windows\system32\BestPractices
2010-09-14 09:17 <DIR> --d----- C:\inetpub
2010-09-14 02:33 402 a------- c:\windows\system32\msxml4.inf
2010-09-14 02:33 <DIR> --d----- c:\windows\system32\sdsazjocd
2010-09-13 17:13 376 a------- c:\windows\ODBC.INI
2010-09-13 17:12 <DIR> --d----- c:\program files (x86)\Microsoft ActiveSync
2010-09-08 11:17 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 69,632 a------- c:\windows\system32\QuickTime.qts
2010-09-05 16:49 107,368 a------- c:\windows\system32\GEARAspi.dll
2010-09-05 16:48 <DIR> --d----- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-09-05 16:48 <DIR> --d----- c:\program files (x86)\iTunes
2010-09-05 16:48 <DIR> --d----- c:\progra~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-09-05 16:45 <DIR> --d----- c:\programdata\Apple Computer
2010-09-05 16:44 <DIR> --d----- c:\program files (x86)\Bonjour
2010-09-05 16:44 <DIR> --d----- c:\programdata\Apple
2010-08-31 18:02 <DIR> --d----- c:\program files (x86)\MSXML 4.0
2010-08-31 14:42 <DIR> --d----- c:\windows\system32\Wat
2010-08-31 14:37 257,024 a------- c:\windows\system32\msv1_0.dll
2010-08-31 14:33 1,130,824 a------- c:\windows\system32\dfshim.dll
2010-08-31 14:33 297,808 a------- c:\windows\system32\mscoree.dll
2010-08-31 14:33 295,264 a------- c:\windows\system32\PresentationHost.exe
2010-08-31 14:33 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2010-08-31 14:33 49,472 a------- c:\windows\system32\netfxperf.dll
2010-08-31 09:48 571,904 a------- c:\windows\system32\oleaut32.dll
2010-08-30 18:54 <DIR> --d--r-- C:\Unused Icons
2010-08-30 16:40 <DIR> --d----- c:\programdata\Trend Micro
2010-08-30 16:40 <DIR> --d----- c:\progra~3\Trend Micro
2010-08-30 14:46 <DIR> --d----- c:\programdata\Recovery
2010-08-30 14:46 <DIR> --d----- c:\progra~3\Recovery
2010-08-30 14:00 <DIR> --d----- c:\users\mromero\appdata\roaming\PictureMover
2010-08-30 13:59 172,032 a------- c:\windows\system32\wintrust.dll
2010-08-30 13:59 132,608 a------- c:\windows\system32\cabview.dll
2010-08-30 13:56 1,812 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_AY748AA-ABA p6320y_YC_0Pavi_Q3CR952_EA1NAv6PrA1_49_IVIOLET6_SPEGATRON CORPORATION_V6.01_B5.13_T091112_WUH0_L409_M7936_J1000_7AMD_8Phenom II X4 820_92.8_#100227_N10DE0760_Z_G10DE0847.MRK
2010-08-30 13:55 <DIR> --d----- c:\users\MRomero
==================== Find3M ====================
2010-07-28 23:30 82,944 a------- c:\windows\system32\iccvid.dll
2010-07-27 18:44 197,920 a------- c:\windows\system32\dnssdX.dll
2010-07-27 18:44 107,808 a------- c:\windows\system32\dns-sd.exe
2010-07-27 18:44 91,424 a------- c:\windows\system32\dnssd.dll
2010-07-27 18:44 75,040 a------- c:\windows\system32\jdns_sd.dll
2010-07-06 22:52 135,168 a------- c:\windows\apppatch\apppatch64\AcXtrnal.dll
2010-07-06 22:52 347,648 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2010-06-29 23:25 978,432 a------- c:\windows\system32\wininet.dll
2009-07-13 22:37 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-13 22:37 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-13 22:37 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-13 22:37 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-13 21:54 174 a--sh--- c:\program files (x86)\desktop.ini
2009-07-13 18:00 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-13 18:00 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-13 18:00 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-13 18:00 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 13:44 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2009-07-13 18:39 398,848 a--sh--- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-13 18:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 17:41:03.03 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/30/2010 1:55:56 PM
System Uptime: 9/27/2010 2:29:04 PM (3 hours ago)
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Phenom(tm) II X4 820 Processor | CPU 1 | 2800/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 921 GiB total, 858.347 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 0.65 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1000168C&REV_01\4&38244F3F&0&0098
Manufacturer: Atheros Communications Inc.
Name: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1000168C&REV_01\4&38244F3F&0&0098
Service: athr
==== System Restore Points ===================
RP25: 9/24/2010 12:00:12 PM - Windows Update
==== Installed Programs ======================
ActiveCheck component for HP Active Support Library
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
DVD Menu Pack for HP MediaSmart Video
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
iCu2 Toolbar
Junk Mail filter update
LabelPrint
LightScribe System Software
Logitech Vid
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
PictureMover
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for CAPICOM (KB931906)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
==== Event Viewer Messages From Past Week ========
9/27/2010 2:29:30 PM, Error: Service Control Manager [7003] - The Link-Layer Topology Discovery Mapper service depends the following service: lltdio. This service might not be installed.
9/26/2010 8:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
9/26/2010 7:44:35 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2010 7:42:54 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
9/25/2010 2:54:01 PM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting.
9/23/2010 6:48:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {7D1933CB-86F6-4A98-8628-01BE94C9A575} and APPID {F290BFB2-1864-45B1-8804-2654194A87E7} to the user MRomero-PC\My Other Me SID (S-1-5-21-2090777918-793303314-2881576463-1011) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/23/2010 2:21:46 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
9/23/2010 1:28:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
9/22/2010 9:22:26 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/22/2010 11:22:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool x64 - September 2010 (KB890830).
9/21/2010 9:29:56 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {DC0C2640-1415-4644-875C-6F4D769839BA}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\iTunes\iTunes.exe" -Embedding
9/21/2010 8:09:05 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {6BA70EAF-D5FF-4687-829A-A646EEC622F8}. The error: "786" Happened while starting this command: "c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe" -Embedding
==== End Of File ===========================
Run by MRomero at 17:40:42.97 on Mon 09/27/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.5981 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\svchost.exe -k svcboot_adpauwso
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\mqtgsvc.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\msconfig.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\My Other Me.MRomero-PC\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uDefault_Page_URL = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files (x86)\icu2\tbiCu1.dll
mURLSearchHooks: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files (x86)\icu2\tbiCu1.dll
mWinlogon: Userinit=userinit.exe
BHO: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files (x86)\icu2\tbiCu1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files (x86)\icu2\tbiCu1.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files (x86)\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\users\mromero\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\mromero\appdata\roaming\mozilla\firefox\profiles\qrjmueoc.default\
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files (x86)\mozilla firefox\components\1451257.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\default\appdata\local\huludesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: c:\users\mromero\appdata\roaming\mozilla\firefox\profiles\qrjmueoc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 nvstor64;nvstor64;c:\windows\system32\drivers\nvstor64.sys --> c:\windows\system32\drivers\nvstor64.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys --> c:\windows\system32\drivers\tmlwf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys --> c:\windows\system32\drivers\vwififlt.sys [?]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
R2 svcboot_adpauwso;svcboot_adpauwso;c:\windows\system32\svchost.exe -k svcboot_adpauwso [2009-7-13 20992]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys --> c:\windows\system32\drivers\tmpreflt.sys [?]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys --> c:\windows\system32\drivers\tmwfp.sys [?]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\drivers\lvpopf64.sys --> c:\windows\system32\drivers\lvpopf64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\lvpr2m64.sys --> c:\windows\system32\drivers\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys --> c:\windows\system32\drivers\lvrs64.sys [?]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\drivers\lvsels64.sys --> c:\windows\system32\drivers\lvsels64.sys [?]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\drivers\lvuvc64.sys --> c:\windows\system32\drivers\lvuvc64.sys [?]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ;c:\windows\system32\drivers\nvmf6264.sys --> c:\windows\system32\drivers\nvmf6264.sys [?]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-8-30 595960]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-8-30 917768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\watadminsvc.exe --> c:\windows\system32\wat\WatAdminSvc.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys --> c:\windows\system32\drivers\vwifimp.sys [?]
=============== Created Last 30 ================
2010-09-24 12:00 <DIR> --d----- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-09-24 02:44 <DIR> --d----- c:\program files (x86)\Conduit
2010-09-24 02:44 <DIR> --d----- c:\program files (x86)\iCu2
2010-09-24 02:44 <DIR> --d----- c:\programdata\LogiShrd
2010-09-23 19:36 <DIR> --d----- C:\2128d2bf08e326e819d7
2010-09-23 10:27 <DIR> --d----- c:\windows\pss
2010-09-23 08:20 3,288 -------- C:\bootsqm.dat
2010-09-22 21:20 <DIR> --d----- c:\programdata\Adobe
2010-09-22 21:20 <DIR> --d----- c:\programdata\McAfee
2010-09-22 21:20 <DIR> --d----- c:\program files (x86)\McAfee Security Scan
2010-09-22 21:20 <DIR> --d----- c:\programdata\NOS
2010-09-14 09:19 795,120 a------- c:\windows\system32\PerfStringBackup.INI
2010-09-14 09:17 <DIR> --d----- c:\windows\system32\BestPractices
2010-09-14 09:17 <DIR> --d----- C:\inetpub
2010-09-14 02:33 402 a------- c:\windows\system32\msxml4.inf
2010-09-14 02:33 <DIR> --d----- c:\windows\system32\sdsazjocd
2010-09-13 17:13 376 a------- c:\windows\ODBC.INI
2010-09-13 17:12 <DIR> --d----- c:\program files (x86)\Microsoft ActiveSync
2010-09-08 11:17 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 69,632 a------- c:\windows\system32\QuickTime.qts
2010-09-05 16:49 107,368 a------- c:\windows\system32\GEARAspi.dll
2010-09-05 16:48 <DIR> --d----- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-09-05 16:48 <DIR> --d----- c:\program files (x86)\iTunes
2010-09-05 16:48 <DIR> --d----- c:\progra~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-09-05 16:45 <DIR> --d----- c:\programdata\Apple Computer
2010-09-05 16:44 <DIR> --d----- c:\program files (x86)\Bonjour
2010-09-05 16:44 <DIR> --d----- c:\programdata\Apple
2010-08-31 18:02 <DIR> --d----- c:\program files (x86)\MSXML 4.0
2010-08-31 14:42 <DIR> --d----- c:\windows\system32\Wat
2010-08-31 14:37 257,024 a------- c:\windows\system32\msv1_0.dll
2010-08-31 14:33 1,130,824 a------- c:\windows\system32\dfshim.dll
2010-08-31 14:33 297,808 a------- c:\windows\system32\mscoree.dll
2010-08-31 14:33 295,264 a------- c:\windows\system32\PresentationHost.exe
2010-08-31 14:33 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2010-08-31 14:33 49,472 a------- c:\windows\system32\netfxperf.dll
2010-08-31 09:48 571,904 a------- c:\windows\system32\oleaut32.dll
2010-08-30 18:54 <DIR> --d--r-- C:\Unused Icons
2010-08-30 16:40 <DIR> --d----- c:\programdata\Trend Micro
2010-08-30 16:40 <DIR> --d----- c:\progra~3\Trend Micro
2010-08-30 14:46 <DIR> --d----- c:\programdata\Recovery
2010-08-30 14:46 <DIR> --d----- c:\progra~3\Recovery
2010-08-30 14:00 <DIR> --d----- c:\users\mromero\appdata\roaming\PictureMover
2010-08-30 13:59 172,032 a------- c:\windows\system32\wintrust.dll
2010-08-30 13:59 132,608 a------- c:\windows\system32\cabview.dll
2010-08-30 13:56 1,812 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_AY748AA-ABA p6320y_YC_0Pavi_Q3CR952_EA1NAv6PrA1_49_IVIOLET6_SPEGATRON CORPORATION_V6.01_B5.13_T091112_WUH0_L409_M7936_J1000_7AMD_8Phenom II X4 820_92.8_#100227_N10DE0760_Z_G10DE0847.MRK
2010-08-30 13:55 <DIR> --d----- c:\users\MRomero
==================== Find3M ====================
2010-07-28 23:30 82,944 a------- c:\windows\system32\iccvid.dll
2010-07-27 18:44 197,920 a------- c:\windows\system32\dnssdX.dll
2010-07-27 18:44 107,808 a------- c:\windows\system32\dns-sd.exe
2010-07-27 18:44 91,424 a------- c:\windows\system32\dnssd.dll
2010-07-27 18:44 75,040 a------- c:\windows\system32\jdns_sd.dll
2010-07-06 22:52 135,168 a------- c:\windows\apppatch\apppatch64\AcXtrnal.dll
2010-07-06 22:52 347,648 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2010-06-29 23:25 978,432 a------- c:\windows\system32\wininet.dll
2009-07-13 22:37 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-13 22:37 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-13 22:37 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-13 22:37 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-13 21:54 174 a--sh--- c:\program files (x86)\desktop.ini
2009-07-13 18:00 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-13 18:00 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-13 18:00 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-13 18:00 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 13:44 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2009-07-13 18:39 398,848 a--sh--- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-13 18:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 17:41:03.03 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/30/2010 1:55:56 PM
System Uptime: 9/27/2010 2:29:04 PM (3 hours ago)
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Phenom(tm) II X4 820 Processor | CPU 1 | 2800/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 921 GiB total, 858.347 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 0.65 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1000168C&REV_01\4&38244F3F&0&0098
Manufacturer: Atheros Communications Inc.
Name: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1000168C&REV_01\4&38244F3F&0&0098
Service: athr
==== System Restore Points ===================
RP25: 9/24/2010 12:00:12 PM - Windows Update
==== Installed Programs ======================
ActiveCheck component for HP Active Support Library
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
DVD Menu Pack for HP MediaSmart Video
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
iCu2 Toolbar
Junk Mail filter update
LabelPrint
LightScribe System Software
Logitech Vid
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
PictureMover
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for CAPICOM (KB931906)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
==== Event Viewer Messages From Past Week ========
9/27/2010 2:29:30 PM, Error: Service Control Manager [7003] - The Link-Layer Topology Discovery Mapper service depends the following service: lltdio. This service might not be installed.
9/26/2010 8:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
9/26/2010 7:44:35 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2010 7:42:54 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
9/25/2010 2:54:01 PM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting.
9/23/2010 6:48:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {7D1933CB-86F6-4A98-8628-01BE94C9A575} and APPID {F290BFB2-1864-45B1-8804-2654194A87E7} to the user MRomero-PC\My Other Me SID (S-1-5-21-2090777918-793303314-2881576463-1011) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/23/2010 2:21:46 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
9/23/2010 1:28:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
9/22/2010 9:22:26 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/22/2010 11:22:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool x64 - September 2010 (KB890830).
9/21/2010 9:29:56 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {DC0C2640-1415-4644-875C-6F4D769839BA}. The error: "786" Happened while starting this command: "C:\Program Files (x86)\iTunes\iTunes.exe" -Embedding
9/21/2010 8:09:05 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {6BA70EAF-D5FF-4687-829A-A646EEC622F8}. The error: "786" Happened while starting this command: "c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe" -Embedding
==== End Of File ===========================