[Brandy Thompson]

Please help!

My computer has been extremely slow, the thinking circle comes on every 5-10 seconds and takes forever to load anything.The computer quits responding (even to task manager) and freezes up. I have seen a sequence of little black dots on my desktop a couple of times also. It won't install the Microsoft security patch update. I've run my virus scan, malicious software tool as well as the Microsoft fix tool with no result. I ran the OTL scan from your forum and here's what I got, I've attached the result. Thanks for any help!


Brandy
OTL logfile created on: 1/22/2012 8:41:34 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.68% Memory free
6.15 Gb Paging File | 4.67 Gb Available in Paging File | 75.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 71.45 Gb Free Space | 53.18% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.51 Gb Free Space | 58.11% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 08:40:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2012/01/15 08:33:21 | 000,647,184 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/02 10:39:26 | 015,201,376 | ---- | M] (Sharpcast, Inc.) -- C:\ProgramData\WRData\PKG\WRSyncManager.exe
PRC - [2011/12/02 10:05:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/30 17:46:06 | 001,721,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/03/30 17:43:14 | 000,636,776 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/19 14:05:08 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/17 14:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 14:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010/03/17 14:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/12/11 13:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 15:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 11:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/12/14 21:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/14 21:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/14 21:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 15:40:14 | 000,076,800 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\extensions\{397bbe0f-dc3d-4ccd-8c4a-c6456399d7df}\components\RadioWMPCoreGecko8.dll
MOD - [2012/01/02 10:39:26 | 007,446,528 | ---- | M] () -- C:\ProgramData\WRData\PKG\QtGui4.dll
MOD - [2012/01/02 10:39:26 | 002,027,520 | ---- | M] () -- C:\ProgramData\WRData\PKG\QtCore4.dll
MOD - [2012/01/02 10:39:26 | 000,671,744 | ---- | M] () -- C:\ProgramData\WRData\PKG\QtNetwork4.dll
MOD - [2012/01/02 10:39:26 | 000,364,544 | ---- | M] () -- C:\ProgramData\WRData\PKG\QtXml4.dll
MOD - [2011/12/04 20:15:13 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/02 10:05:19 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/14 05:18:59 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/17 14:20:30 | 000,139,264 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2010/02/10 17:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010/02/10 17:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2007/01/11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SupportSoft RemoteAssist)
SRV - [2012/01/15 08:33:21 | 000,647,184 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/03/11 21:31:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/14 21:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/14 21:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2004/02/20 12:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device)


========== Driver Services (SafeList) ==========

DRV - [2012/01/22 08:18:47 | 000,109,072 | ---- | M] (Webroot) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\okYTCiWj.sys -- (okYTCiWj)
DRV - [2012/01/15 17:59:55 | 000,109,072 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2011/04/03 15:10:52 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/12/22 03:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/14 21:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 19:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 C0 B8 B6 63 2E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Free_online_games Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Free_online_games Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}:1.74.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {397bbe0f-dc3d-4ccd-8c4a-c6456399d7df}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...0&gct=&gc=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 21:24:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/22 00:16:43 | 000,000,000 | ---D | M]

[2009/05/29 23:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/01/21 23:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\extensions
[2011/10/30 09:17:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/21 23:59:09 | 000,000,000 | ---D | M] (Free_online_games Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\extensions\{397bbe0f-dc3d-4ccd-8c4a-c6456399d7df}
[2011/12/19 09:04:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/30 17:43:12 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}
[2010/10/26 20:36:05 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\extensions\[email protected]
[2010/10/26 20:36:05 | 000,001,919 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\searchplugins\bing-zugo.xml
[2011/11/04 10:34:04 | 000,000,937 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\searchplugins\conduit.xml
[2009/06/27 14:05:06 | 000,001,632 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\re9nrig6.default\searchplugins\live-search.xml
[2011/12/04 19:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/04 19:55:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/11/13 16:34:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/02 10:05:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 17:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 17:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/02/09 14:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2011/12/02 10:05:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/02 10:05:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Little Alchemy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\

O1 HOSTS File: ([2011/11/25 21:31:18 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Webroot Browser Helper Object) - {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" File not found
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001D426A-D665-448D-BE72-007B0A6B3038}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07E39100-D799-460F-A8E8-0776196AC9FE}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Frangipani Flowers.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Frangipani Flowers.jpg
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6e958e4e-0e90-11de-b629-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e958e4e-0e90-11de-b629-806e6f6e6963}\Shell\AutoRun\command - "" = F:\PrimarySource.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 08:19:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Systweak
[2012/01/22 08:18:57 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/01/22 08:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012/01/22 08:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2012/01/22 08:18:47 | 000,109,072 | ---- | C] (Webroot) -- C:\Windows\System32\drivers\okYTCiWj.sys
[2012/01/22 00:16:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/22 00:00:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2012/01/09 21:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/09 21:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/09 21:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/09 21:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/09 21:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/09 21:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/08 08:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012/01/08 07:48:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Real
[2012/01/08 07:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
[2012/01/08 07:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Rhapsody
[2012/01/05 21:16:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Aleks Bad Day
[2012/01/02 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\American History I
[2012/01/02 12:39:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Visan
[2012/01/02 12:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/01/02 12:35:51 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\HP Printer
[2012/01/02 12:30:50 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\Paul's Stuff
[2012/01/02 10:49:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Magic Briefcase
[2011/08/05 17:05:26 | 006,278,328 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/22 09:21:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/22 09:20:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2202700550-3806885555-1598727337-1000UA.job
[2012/01/22 08:35:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/01/22 08:19:19 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/01/22 08:19:18 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/01/22 08:18:55 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012/01/22 08:18:47 | 000,109,072 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\okYTCiWj.sys
[2012/01/22 08:18:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 08:18:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 07:20:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2202700550-3806885555-1598727337-1000Core.job
[2012/01/22 00:25:58 | 000,616,488 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/22 00:25:58 | 000,109,540 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/22 00:18:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 18:10:02 | 000,870,128 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
[2012/01/19 18:10:02 | 000,000,004 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\284237
[2012/01/15 17:59:55 | 000,145,592 | ---- | M] (Webroot) -- C:\Windows\System32\WRusr.dll
[2012/01/15 17:59:55 | 000,109,072 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys
[2012/01/09 21:34:03 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/09 21:23:53 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/09 21:19:54 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/09 21:19:54 | 000,001,854 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/08 18:37:59 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/08 07:55:22 | 000,000,772 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2012/01/08 07:55:22 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/01/06 20:05:52 | 000,002,006 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 20:05:51 | 000,002,044 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2012/01/02 11:53:53 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/01/02 10:53:06 | 000,754,904 | ---- | M] () -- C:\Users\Owner\Documents\settings.WR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/22 08:19:19 | 000,000,264 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/01/22 08:19:18 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/01/22 08:18:55 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012/01/09 21:34:03 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/09 21:23:53 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/08 08:02:21 | 000,000,004 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\284237
[2012/01/08 08:02:20 | 000,870,128 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
[2012/01/08 07:55:22 | 000,000,772 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2012/01/08 07:48:19 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/01/02 12:40:35 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/01/02 10:53:06 | 000,754,904 | ---- | C] () -- C:\Users\Owner\Documents\settings.WR
[2011/10/11 19:39:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/04/23 08:49:52 | 000,000,137 | ---- | C] () -- C:\Users\Owner\AppData\Local\kclientgui.ini
[2011/03/30 14:19:19 | 001,841,000 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3050A_J611.dll
[2010/08/01 22:30:05 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/01/24 16:20:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/10 11:10:31 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
[2009/09/11 10:12:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 10:12:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/21 09:55:56 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/08 19:45:55 | 000,024,064 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/06/06 16:03:19 | 000,000,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
[2009/06/03 19:18:59 | 000,011,776 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/02 19:50:04 | 000,139,264 | ---- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2009/06/02 19:50:04 | 000,126,976 | ---- | C] () -- C:\Windows\System32\lxbtsnls.dll
[2009/06/02 19:50:04 | 000,001,832 | ---- | C] () -- C:\Windows\System32\lxbtprod.ini
[2009/03/11 23:59:38 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/03/11 23:59:38 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/03/11 23:59:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/03/11 23:59:38 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/11 23:55:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/11 21:21:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/11 21:21:07 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/11 21:21:06 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/03 16:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,382,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,616,488 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,109,540 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/03/10 03:02:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\lxbthwdf.dll
[2004/02/05 11:30:24 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxbtih.exe
[2003/06/23 09:06:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbtvs.dll

========== LOP Check ==========

[2010/09/06 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
[2009/07/03 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2010/12/10 08:17:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr
[2009/07/03 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SSH
[2012/01/22 08:19:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Systweak
[2011/04/23 06:59:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Teleca
[2009/05/29 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2012/01/08 07:30:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Visan
[2009/11/22 19:09:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug
[2012/01/08 18:37:59 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/22 08:19:19 | 000,000,264 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012/01/22 08:19:18 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2012/01/22 00:17:08 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/22 09:21:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

 OTL.Txt   86.49KB   70 downloads

 Extras.Txt   48.32KB   80 downloads

[Advertisements]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Gammo]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Brandy Thompson]

Hi,
I performed and attached the OTL scan in my initial post, haven't heard anything and checking back.

Thanks,

Brandy

[Gammo]

I'd like a fresh OTL log to work with, so please rerun OTL and post the resulting log file (OTL.txt) in your next reply.

[Gammo]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.