Hi Maniac, here are the logs you requested. Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.10.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19328 Joe :: JOE-PC [administrator] 10/10/2012 8:15:24 AM mbam-log-2012-10-10 (08-15-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 189004 Time elapsed: 13 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------------------------------------------------------- aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-10 08:36:18 ----------------------------- 08:36:18.173 OS Version: Windows 6.0.6002 Service Pack 2 08:36:18.173 Number of processors: 2 586 0xE08 08:36:18.175 ComputerName: JOE-PC UserName: Joe 08:36:44.142 Initialize success 08:37:06.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 08:37:06.248 Disk 0 Vendor: ST9320325AS 0001SDM1 Size: 305245MB BusType: 3 08:37:06.262 Disk 0 MBR read successfully 08:37:06.264 Disk 0 MBR scan 08:37:06.266 Disk 0 unknown MBR code 08:37:06.268 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22285 MB offset 63 08:37:06.289 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 141941 MB offset 45640665 08:37:06.312 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141018 MB offset 336336840 08:37:06.317 Disk 0 scanning sectors +625142448 08:37:06.377 Disk 0 scanning C:\Windows\system32\drivers 08:37:24.334 Service scanning 08:37:45.179 Modules scanning 08:37:52.119 Disk 0 trace - called modules: 08:37:52.150 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 08:37:52.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866649d8] 08:37:52.157 3 CLASSPNP.SYS[8abb58b3] -> nt!IofCallDriver -> [0x85379020] 08:37:52.160 5 acpi.sys[82a9b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d18b98] 08:37:52.164 Scan finished successfully 08:38:03.776 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat" 08:38:03.784 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt" --------------------------------------------------------------------------------------------------------------------------------------- OTL logfile created on: 10/10/2012 8:40:03 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.20% Memory free 6.20 Gb Paging File | 5.17 Gb Available in Paging File | 83.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.61 Gb Total Space | 84.55 Gb Free Space | 60.99% Space Free | Partition Type: NTFS Drive D: | 137.71 Gb Total Space | 96.44 Gb Free Space | 70.03% Space Free | Partition Type: NTFS Drive E: | 2.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/10 08:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/09/19 16:29:48 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe PRC - [2011/09/15 10:26:02 | 000,166,864 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe PRC - [2011/09/15 10:25:52 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe PRC - [2011/09/14 16:09:04 | 000,218,992 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/09/14 16:08:08 | 000,804,720 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011/08/16 22:38:03 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Joe\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010/11/08 09:40:56 | 000,715,440 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe PRC - [2010/03/12 22:07:17 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe PRC - [2010/03/12 22:07:17 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe PRC - [2010/01/26 00:40:32 | 001,020,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006/12/01 11:34:16 | 000,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006/11/20 22:43:08 | 000,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006/11/19 23:13:00 | 004,018,176 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/11/16 17:35:18 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006/11/13 01:13:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ========== Modules (No Company Name) ========== MOD - [2012/10/10 08:11:17 | 000,379,904 | ---- | M] () -- C:\Users\Joe\AppData\Local\Temp\libsqlitejdbc-8175058078959342349.lib MOD - [2012/10/10 08:10:29 | 000,205,824 | ---- | M] () -- C:\Users\Joe\AppData\Local\Temp\WindowsAPI.dll1235610244091184470.lib MOD - [2012/09/09 09:01:04 | 000,354,304 | ---- | M] () -- C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll MOD - [2011/09/15 10:26:02 | 000,071,680 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll MOD - [2011/09/15 10:26:02 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll MOD - [2011/09/15 10:26:02 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll MOD - [2011/09/15 10:26:02 | 000,054,784 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll MOD - [2011/09/15 10:26:02 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll MOD - [2011/09/15 10:26:02 | 000,051,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll MOD - [2011/09/15 10:26:02 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll MOD - [2011/09/15 10:26:02 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll MOD - [2011/09/15 10:26:02 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll MOD - [2011/09/15 10:26:02 | 000,032,768 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll MOD - [2011/09/15 10:26:02 | 000,024,576 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll MOD - [2011/09/15 10:26:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll MOD - [2011/09/15 10:26:02 | 000,011,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libshift.dll MOD - [2011/09/15 10:26:00 | 000,163,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll MOD - [2011/09/15 10:26:00 | 000,150,528 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll MOD - [2011/09/15 10:26:00 | 000,149,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtdemux.dll MOD - [2011/09/15 10:26:00 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll MOD - [2011/09/15 10:26:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtmux.dll MOD - [2011/09/15 10:26:00 | 000,061,952 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll MOD - [2011/09/15 10:26:00 | 000,047,616 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll MOD - [2011/09/15 10:26:00 | 000,039,424 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll MOD - [2011/09/15 10:26:00 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstselector.dll MOD - [2011/09/15 10:26:00 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll MOD - [2011/09/15 10:26:00 | 000,035,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll MOD - [2011/09/15 10:26:00 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll MOD - [2011/09/15 10:26:00 | 000,032,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll MOD - [2011/09/15 10:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll MOD - [2011/09/15 10:26:00 | 000,025,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll MOD - [2011/09/15 10:26:00 | 000,025,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll MOD - [2011/09/15 10:26:00 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll MOD - [2011/09/15 10:26:00 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll MOD - [2011/09/15 10:26:00 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll MOD - [2011/09/15 10:25:58 | 000,531,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll MOD - [2011/09/15 10:25:58 | 000,119,296 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll MOD - [2011/09/15 10:25:58 | 000,074,240 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll MOD - [2011/09/15 10:25:58 | 000,037,888 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll MOD - [2011/09/15 10:25:58 | 000,029,696 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll MOD - [2011/09/15 10:25:54 | 002,009,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll MOD - [2011/09/15 10:25:54 | 001,694,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll MOD - [2011/09/15 10:25:54 | 001,563,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll MOD - [2011/09/15 10:25:54 | 001,520,128 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll MOD - [2011/09/15 10:25:54 | 001,396,736 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll MOD - [2011/09/15 10:25:54 | 001,376,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll MOD - [2011/09/15 10:25:54 | 000,682,496 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll MOD - [2011/09/15 10:25:54 | 000,563,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll MOD - [2011/09/15 10:25:54 | 000,363,008 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll MOD - [2011/09/15 10:25:54 | 000,276,992 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll MOD - [2011/09/15 10:25:54 | 000,248,352 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll MOD - [2011/09/15 10:25:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll MOD - [2011/09/15 10:25:54 | 000,190,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll MOD - [2011/09/15 10:25:54 | 000,187,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll MOD - [2011/09/15 10:25:54 | 000,179,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll MOD - [2011/09/15 10:25:54 | 000,162,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll MOD - [2011/09/15 10:25:54 | 000,125,440 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll MOD - [2011/09/15 10:25:54 | 000,123,947 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll MOD - [2011/09/15 10:25:54 | 000,122,880 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll MOD - [2011/09/15 10:25:54 | 000,122,368 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll MOD - [2011/09/15 10:25:54 | 000,091,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll MOD - [2011/09/15 10:25:54 | 000,088,064 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll MOD - [2011/09/15 10:25:54 | 000,085,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll MOD - [2011/09/15 10:25:54 | 000,083,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll MOD - [2011/09/15 10:25:54 | 000,079,872 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll MOD - [2011/09/15 10:25:54 | 000,078,336 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll MOD - [2011/09/15 10:25:54 | 000,073,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll MOD - [2011/09/15 10:25:54 | 000,070,144 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll MOD - [2011/09/15 10:25:54 | 000,067,584 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll MOD - [2011/09/15 10:25:54 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll MOD - [2011/09/15 10:25:54 | 000,048,640 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll MOD - [2011/09/15 10:25:54 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll MOD - [2011/09/15 10:25:54 | 000,038,912 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll MOD - [2011/09/15 10:25:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll MOD - [2011/09/15 10:25:54 | 000,036,864 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll MOD - [2011/09/15 10:25:54 | 000,033,280 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll MOD - [2011/09/15 10:25:54 | 000,030,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll MOD - [2011/09/15 10:25:54 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll MOD - [2011/09/15 10:25:54 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll MOD - [2011/09/15 10:25:54 | 000,026,624 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll MOD - [2011/09/15 10:25:54 | 000,023,552 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll MOD - [2011/09/15 10:25:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll MOD - [2011/09/15 10:25:54 | 000,019,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll MOD - [2011/09/15 10:25:54 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll MOD - [2011/09/15 10:25:54 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll MOD - [2011/09/15 10:25:54 | 000,017,920 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll MOD - [2011/09/15 10:25:54 | 000,016,896 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll MOD - [2011/09/15 10:25:54 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll MOD - [2011/09/15 10:25:54 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll MOD - [2011/09/15 10:25:54 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll MOD - [2011/09/15 10:25:54 | 000,011,776 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll MOD - [2011/09/15 10:25:54 | 000,008,192 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapp.dll MOD - [2011/09/15 10:25:52 | 000,331,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll MOD - [2011/09/15 10:25:52 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe MOD - [2011/09/15 10:25:52 | 000,199,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll MOD - [2011/09/15 10:25:52 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll MOD - [2011/09/15 10:25:52 | 000,108,544 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll MOD - [2011/09/15 10:25:52 | 000,053,760 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll MOD - [2011/09/15 10:25:52 | 000,038,400 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstapp-0.10.dll MOD - [2011/09/15 10:25:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll MOD - [2011/09/14 16:08:08 | 000,804,720 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2007/03/30 11:04:48 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService) SRV - File not found [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012/10/08 15:47:02 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/05 19:15:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/19 16:29:48 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2011/09/14 16:09:04 | 000,218,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2010/11/08 09:40:56 | 000,715,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2010/03/12 22:07:17 | 000,689,416 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV - [2010/03/12 22:07:17 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2009/07/20 10:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore) SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/31 15:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [On_Demand | Stopped] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController) SRV - [2006/12/01 11:34:16 | 000,131,072 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006/11/30 20:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006/11/20 22:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006/11/16 17:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006/11/13 01:13:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\xaudio.sys -- (XAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Joe\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/10/09 21:47:45 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight) DRV - [2011/07/12 03:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt) DRV - [2011/07/12 03:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt) DRV - [2011/07/12 03:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint) DRV - [2010/07/19 11:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon) DRV - [2010/07/19 11:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr) DRV - [2010/07/19 11:02:54 | 000,163,408 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm) DRV - [2010/03/12 22:07:25 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2006/11/22 00:29:00 | 004,455,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/11/02 01:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2006/11/02 00:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006/10/29 18:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006/10/24 23:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006/10/24 23:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006/10/24 23:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006/10/18 16:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com/ IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{5E3967A3-FFDB-427E-968D-3EE8486D14FE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_en IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Joe\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/09 20:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/10 13:29:02 | 000,000,000 | ---D | M] [2008/12/21 17:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions [2012/07/24 20:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions [2012/02/08 19:19:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/08 19:19:19 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\2020Player@2020Technologies.com [2012/02/08 19:19:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\moveplayer@movenetworks.com [2012/07/24 20:09:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/10/09 20:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/03/23 21:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/10/05 19:15:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2004/08/18 12:00:00 | 000,270,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\DCAENTU.dll [2004/08/18 12:00:00 | 001,294,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\DCARSA.dll [2004/08/18 12:00:00 | 000,348,160 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\GuiUtils.dll [2004/08/18 12:00:00 | 000,393,216 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDBsignWeb.dll [2011/02/02 19:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2004/08/18 12:00:00 | 000,122,880 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\mozilla firefox\plugins\nsldap32v30.dll [2012/10/05 19:15:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/05 19:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000..\Run: [Dropbox] C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll () O4 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk () O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A46013-805B-456C-91FF-75978ACDE10B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A95BCE07-1B66-4DFD-92B4-B94208B884FE}: DhcpNameServer = 10.61.32.1 4.2.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/01 23:15:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1cdaa7cf-84f3-11de-96cf-0016d467f43c}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe O33 - MountPoints2\{75ff7d10-75c6-11df-93c9-0014d11b3ffe}\Shell - "" = AutoRun O33 - MountPoints2\{75ff7d10-75c6-11df-93c9-0014d11b3ffe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{9d108e69-693f-11dc-af33-0016d467f43c}\Shell - "" = AutoRun O33 - MountPoints2\{9d108e69-693f-11dc-af33-0016d467f43c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{eeaa0b04-fa8c-11e1-8878-0016d467f43c}\Shell - "" = AutoRun O33 - MountPoints2\{eeaa0b04-fa8c-11e1-8878-0016d467f43c}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a O33 - MountPoints2\{fc2cddde-3c46-11e1-a0dd-0016d467f43c}\Shell - "" = AutoRun O33 - MountPoints2\{fc2cddde-3c46-11e1-a0dd-0016d467f43c}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a O33 - MountPoints2\{fc2cde07-3c46-11e1-a0dd-0016d467f43c}\Shell - "" = AutoRun O33 - MountPoints2\{fc2cde07-3c46-11e1-a0dd-0016d467f43c}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/10/10 08:38:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2012/10/10 08:33:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe [2012/10/10 07:22:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\dds.com [2012/10/09 22:00:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\dds.scr [2012/10/09 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\RK_Quarantine [2012/10/09 20:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/10/09 20:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/09/11 21:33:19 | 000,000,000 | ---D | C] -- C:\Dropbox [2012/09/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\My Cmaps [2012/09/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\CmapTools [2012/09/11 21:33:12 | 000,000,000 | ---D | C] -- C:\Users\Joe\CmapToolsLogs ========== Files - Modified Within 30 Days ========== [2012/10/10 08:46:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/10 08:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2012/10/10 08:38:03 | 000,000,512 | ---- | M] () -- C:\Users\Joe\Desktop\MBR.dat [2012/10/10 08:33:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe [2012/10/10 08:16:24 | 000,604,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/10/10 08:16:24 | 000,104,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/10/10 08:10:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/10 08:10:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/10 08:10:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/10 08:00:49 | 000,002,855 | ---- | M] () -- C:\Users\Joe\Desktop\dds.PIF [2012/10/10 07:22:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\dds.com [2012/10/09 22:00:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\dds.scr [2012/10/09 21:47:45 | 000,014,080 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/10/09 21:45:35 | 001,422,336 | ---- | M] () -- C:\Users\Joe\Desktop\RogueKiller.exe [2012/10/09 21:04:57 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/09 20:40:40 | 000,000,874 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/10/09 20:40:40 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/09/11 21:32:07 | 000,001,867 | ---- | M] () -- C:\Users\Joe\.powerupdate.user.properties ========== Files Created - No Company Name ========== [2012/10/10 08:38:03 | 000,000,512 | ---- | C] () -- C:\Users\Joe\Desktop\MBR.dat [2012/10/10 08:00:49 | 000,002,855 | ---- | C] () -- C:\Users\Joe\Desktop\dds.PIF [2012/10/09 22:00:54 | 001,422,336 | ---- | C] () -- C:\Users\Joe\Desktop\RogueKiller.exe [2012/10/09 21:47:45 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/10/09 21:04:57 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/11 21:32:07 | 000,001,867 | ---- | C] () -- C:\Users\Joe\.powerupdate.user.properties [2011/08/16 21:57:50 | 000,000,680 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d9caps.dat [2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll [2009/02/13 07:49:36 | 000,002,716 | -H-- | C] () -- C:\Users\Joe\.strange-eons-settings [2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Users\Joe\.strange-eons-editor-session [2009/02/13 07:49:16 | 000,000,000 | -H-- | C] () -- C:\Users\Joe\.strange-eons-user-dict [2007/02/18 20:20:45 | 000,000,552 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d8caps.dat [2007/02/15 20:41:11 | 000,099,328 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2012/02/08 13:19:59 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB38361$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N4P7ZWKR\t.cxt.ms\lso.swf\u.sol [2012/02/08 09:09:05 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB38361$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N4P7ZWKR\wbads.vo.llnwd.net\o25\u [2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2007/02/12 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Acer [2010/06/09 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Amazon [2010/08/24 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\AVICFeeds [2012/09/11 21:45:19 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\CmapTools [2012/10/10 08:10:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Dropbox [2011/12/02 22:23:38 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Electronic Arts [2009/01/04 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Flickr [2009/02/10 16:47:05 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FloodLightGames [2012/02/08 19:19:16 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FreeAudioPack [2007/02/12 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Leadertech [2012/10/10 08:12:02 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\MotoCast [2012/09/09 08:02:05 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Motorola [2007/05/19 20:32:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PureEdge [2011/04/25 17:18:20 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ScanSoft [2012/07/16 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Unity ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB38361$] -> Error: Cannot create file handle -> Unknown point type < End of report > ------------------------------------------------------------------------------------------------------------------------------------- OTL Extras logfile created on: 10/10/2012 8:40:03 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.20% Memory free 6.20 Gb Paging File | 5.17 Gb Available in Paging File | 83.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.61 Gb Total Space | 84.55 Gb Free Space | 60.99% Space Free | Partition Type: NTFS Drive D: | 137.71 Gb Total Space | 96.44 Gb Free Space | 70.03% Space Free | Partition Type: NTFS Drive E: | 2.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567 "55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568 "55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569 "55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570 "55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567 "55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570 "55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568 "55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569 "55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.) "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- () "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.) "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- () "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0689650B-C576-472B-A3BC-70E124B2EE02}" = lport=55566 | protocol=6 | dir=out | name=rosettastoneltdservices port 55566 | "{09E58C8A-D4CE-42DF-9DF0-F19A9D90F098}" = lport=2869 | protocol=6 | dir=in | app=system | "{15CEEB51-BDF4-4227-9E80-81E70040DE3F}" = lport=55570 | protocol=6 | dir=out | name=rosettastoneltdservices port 55570 | "{18D1CDCB-BB08-4903-9391-E34D3545E692}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1D677432-C2E1-429D-9674-94A606BE6645}" = lport=55569 | protocol=6 | dir=out | name=rosettastoneltdcontroller port 55569 | "{31C2A865-1DCE-4FF3-9BD1-BA558CA11D97}" = lport=55567 | protocol=6 | dir=out | name=rosettastoneltdservices port 55567 | "{40416435-F35B-4868-928F-8BE1383C8D4F}" = lport=10243 | protocol=6 | dir=in | app=system | "{49519BCF-5135-4742-90AF-48470C71ABD4}" = lport=55569 | protocol=6 | dir=in | name=rosettastoneltdcontroller port 55569 | "{56B32F68-26F2-490C-A4C9-EBCD30979A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{58DCC18D-7E06-4188-8BCE-F846F4853ED3}" = lport=55567 | protocol=6 | dir=in | name=rosettastoneltdservices port 55567 | "{690D2EB7-B944-468D-AA51-CE1C8A5F8847}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8465F3A1-5737-4028-8212-3E90FF15D09D}" = lport=55568 | protocol=6 | dir=out | name=rosettastoneltdserver port 55568 | "{87BF9FE7-A418-46EE-A0F0-3792E2992E59}" = rport=10243 | protocol=6 | dir=out | app=system | "{88C99F19-3F3C-4B9B-90AA-B44A3EFA7408}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A5009E28-65B2-47C6-A38A-CD3867CA44C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D659C140-9608-4CBA-9412-5DDB3708F1B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DAE12C66-097B-499D-907A-CF3479FC055C}" = lport=55568 | protocol=6 | dir=in | name=rosettastoneltdserver port 55568 | "{EE8C9053-A812-4492-B172-D3BEEEFC206D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F712A96A-4E52-47BB-AFC1-AD397FB45E85}" = lport=55566 | protocol=6 | dir=in | name=rosettastoneltdservices port 55566 | "{FB89B564-6614-42A0-9D3F-8638B800900E}" = lport=55570 | protocol=6 | dir=in | name=rosettastoneltdservices port 55570 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02409618-3ABD-468B-97C9-762B2C55FE44}" = protocol=6 | dir=out | app=system | "{07DC014F-7BF4-47E3-A78C-6F55F97819C5}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdserver.exe | "{0ABC62F1-B29E-4564-AC59-EFD3649C1865}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe | "{0F45AE59-9004-45D8-BE9C-158480CD42CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24834E4C-3087-4CB8-9737-1861FA19C972}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdcontroller.exe | "{300FC74B-2318-4D14-AC53-306200A8835E}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | "{3386C163-E6F4-438A-9882-E9A8FCF60B6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{40295A2A-3A92-4C66-ADB9-BA76F74DC7B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{47C39F74-3446-4FB4-B64D-B39E7559E330}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | "{4F8E4EAB-25F5-4C75-95FC-31EE6B7C5A64}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "{51590D0B-8961-443C-8915-44929F3ACA39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{51FD9217-0408-4F1D-A7B1-A65B22EB27F5}" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe | "{593C912D-576F-4E21-9543-B9250C0A28D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6A594B6A-1F8E-443D-901A-E7CAEE929B65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6D00E858-E1DA-49AC-B921-43501069DE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7248EE68-76C1-45C7-9C47-044DD681AC90}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7800F2C0-61EC-46EF-9BD3-FE42189A9553}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "{78402537-7529-404A-A2E9-A8D68697B596}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdcontroller.exe | "{7967405D-3F42-4CB4-B8B4-717F407013A2}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | "{8B06D77D-2F86-43A3-8B5B-39C2DF393B13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8C4DD988-5704-493D-8616-DEEFE1C614B6}" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe | "{9CE01A5F-513C-439F-BFE0-079DCF3FF552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9F893350-2C76-43AA-8588-ADD332EA2997}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A928FCD1-4276-4B12-AB94-4E638A5BE2A8}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe | "{B580988E-2F00-444E-BFE5-A9F39CC5966C}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe | "{C5FFB29A-8D5D-4F9E-BF6C-5121C513CAD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CCA16330-532E-471C-915C-9085BC35F2EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E101189B-4644-4E5F-952B-8AB20BBCB70A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E6F32A35-4EC1-4998-8D7C-B64A5B6B4133}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F3DCEC0F-2610-496D-AA55-0C1019D3EA55}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdserver.exe | "TCP Query User{3C00E1D7-9488-4F0C-B997-96697B48DD5E}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe | "TCP Query User{3F602C5D-0321-49B8-86D7-BBD05CC30B4E}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | "TCP Query User{408BF19B-BAEA-4348-8D3E-7637A4E9E0EF}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe | "TCP Query User{6B44D16D-3815-4904-9F50-D5DC011FF14C}C:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{8DC87BD9-9973-4197-B828-F4E96C536C3A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{9A200B56-DC7C-49F9-AF88-A982BCF87724}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{AA69FA27-C0D2-4568-8B25-0116AA4F2F3F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{ACBF0BBB-FA4E-4300-81DD-5AC39E4471B9}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe | "UDP Query User{24A8F7B3-9F00-4388-9A27-5210981D33CE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{607F7202-8CCA-4FF7-8019-3EA6FBD2BB92}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe | "UDP Query User{6E81629D-83BE-4EC7-9B82-D147F917E6D4}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe | "UDP Query User{7FE35512-8F91-4EAC-8465-FC9E1E2CC58A}C:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{90041FF3-0B93-4E7F-94C1-0B6348C61344}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{911C4B21-4A86-4BF8-A998-663AA5D06763}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{D3FB173B-531C-4C27-AED3-CFF3A5E4E5FE}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | "UDP Query User{D6667EE9-6CCF-41C4-9941-BEB978347864}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver "{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86 "{1D8BBD52-90D4-4B20-8C4C-2160C21A07DE}" = AVIC FEEDS "{20F8DC31-F965-4DD6-BC8A-2820C25A3ED0}" = ApproveIt Desktop 5.8.2 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2F6CF9E4-91EC-45BB-B5C5-9B31DACC429C}" = Motorola Mobile Drivers Installation 5.3.0 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK "{3960C3B3-4F51-47EA-815E-EC73AA525ADE}" = Sun Java System Connector for Microsoft Outlook 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11 "{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}" = Myst Masterpiece Edition "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5 "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}" = Rosetta Stone Ltd Services "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Acer Registration" = Acer Registration "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Agatha Christie - Death on the Nile" = Agatha Christie - Death on the Nile (remove only) "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10 "CCleaner" = CCleaner "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22 "Defraggler" = Defraggler "ENTERPRISER" = Microsoft Office Enterprise 2007 "HDMI" = Intel® Graphics Media Accelerator Driver "IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02 "Inspector Parker" = Inspector Parker "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MotoHelper" = MotoHelper 2.1.9 Driver 5.3.0 "Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Recuva" = Recuva "Speccy" = Speccy "STANDARDR" = Microsoft Office Standard 2007 Trial "StrangeEons" = Strange Eons "SynTPDeinstKey" = Synaptics Pointing Device Driver "VASSAL (3.1.15)" = VASSAL (3.1.15) "VUE" = VUE 3.1.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.2.0 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ ActivIdentity Events ] Error - 2/24/2010 12:32:13 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769 Description = No exchange account Error - 2/24/2010 12:38:21 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769 Description = No exchange account Error - 2/24/2010 1:19:23 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769 Description = No exchange account [ Application Events ] Error - 7/12/2012 5:43:07 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000 Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp 0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xaa4, application start time 0x01cd607751d62d90. Error - 7/13/2012 1:20:44 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000 Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp 0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xbf8, application start time 0x01cd611bd47c3509. Error - 7/13/2012 1:26:53 PM | Computer Name = Joe-PC | Source = MsiInstaller | ID = 11719 Description = Error - 7/13/2012 1:30:24 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000 Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp 0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xebc, application start time 0x01cd611d2c5ee223. Error - 7/13/2012 4:57:02 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000 Description = Faulting application POWERPNT.EXE, version 12.0.6600.1000, time stamp 0x4de50c7e, faulting module ppcore.dll, version 12.0.6654.5000, time stamp 0x4e8d280f, exception code 0xc0000005, fault offset 0x0000b2c3, process id 0x900, application start time 0x01cd611d0a141323. Error - 8/1/2012 10:35:49 PM | Computer Name = Joe-PC | Source = Perflib | ID = 1010 Description = Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013 Description = [ Media Center Events ] Error - 9/17/2009 11:54:45 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ OSession Events ] Error - 2/23/2011 4:26:33 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 232 seconds with 120 seconds of active time. This session ended with a crash. Error - 2/23/2011 4:28:49 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 115 seconds with 60 seconds of active time. This session ended with a crash. Error - 2/23/2011 4:31:05 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124 seconds with 60 seconds of active time. This session ended with a crash. Error - 2/23/2011 4:32:21 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash. Error - 9/2/2011 12:40:27 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash. Error - 9/10/2011 8:22:21 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 616 seconds with 600 seconds of active time. This session ended with a crash. Error - 12/22/2011 5:44:08 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/12/2012 5:43:07 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/13/2012 1:20:43 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/13/2012 1:30:24 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/10/2012 10:07:21 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 10:19:29 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:13:45 AM on 10/10/2012 was unexpected. Error - 10/10/2012 10:19:51 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 10:19:51 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 10:27:46 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:24:29 AM on 10/10/2012 was unexpected. Error - 10/10/2012 10:28:02 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 10:28:02 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 11:10:05 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:01:46 AM on 10/10/2012 was unexpected. Error - 10/10/2012 11:10:19 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 11:10:19 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > ----------------------------------------------------------------------------------- Thanks again for your help.