This is what came up when the computer was rebooted:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.yahoo.com/search?fr=ffsp1&p=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 removed from extensions.enabledItems
Prefs.js: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.24 removed from extensions.enabledItems
Prefs.js: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 removed from extensions.enabledItems
Prefs.js: "http://search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
Folder C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\ not found.
Folder C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ not found.
File C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ not found.
File C:\Program Files\Expat Shield\HssIE\ExpatIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: McAlpine
->Temp folder emptied: 136065 bytes
->Temporary Internet Files folder emptied: 22416547 bytes
->Java cache emptied: 86562799 bytes
->FireFox cache emptied: 56046225 bytes
->Google Chrome cache emptied: 390868176 bytes
->Flash cache emptied: 310414 bytes
User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1971655 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 746509824 bytes
RecycleBin emptied: 3281657836 bytes
Total Files Cleaned = 4,374.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04272011_195157
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
This is what the Quick Scan picked up:
OTL logfile created on: 4/27/2011 8:06:42 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = c:\Users\McAlpine\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.80 Gb Total Space | 49.45 Gb Free Space | 17.24% Space Free | Partition Type: NTFS
Drive D: | 11.28 Gb Total Space | 1.59 Gb Free Space | 14.13% Space Free | Partition Type: NTFS
Computer Name: MCALPINE-PC | User Name: McAlpine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/04/27 19:51:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Users\McAlpine\Downloads\OTL(4).exe
PRC - [2011/04/25 22:10:53 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/03/28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/03/18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/17 03:37:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/22 08:52:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/11/03 03:30:38 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 03:30:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Expat Shield\bin\hsswd.exe
PRC - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/06/04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/03 20:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/05/18 15:45:16 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ========== MOD - [2011/04/27 19:51:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Users\McAlpine\Downloads\OTL(4).exe
MOD - [2011/03/28 11:48:30 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (scupdateservice)
SRV - [2011/04/25 22:10:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/03/17 03:37:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/03 03:30:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/12/03 20:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/24 07:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/12/08 21:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - [2011/03/17 03:37:35 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 12:51:44 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/22 14:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/07/09 17:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/26 17:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/12 12:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/11/12 12:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 07:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=524517"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/30 22:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/04/23 08:03:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 13:24:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 13:24:33 | 000,000,000 | ---D | M]
[2009/09/18 14:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Extensions
[2011/04/27 19:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions
[2010/07/30 08:12:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/30 07:45:53 | 000,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
[2011/04/21 23:38:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/22 04:10:01 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\dictionary-switcher@design-noir.de
[2011/03/25 17:22:05 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011/03/25 17:22:05 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\McAlpine\AppData\Roaming\Mozilla\Firefox\Profiles\pj2y9m20.default\extensions\ru@dictionaries.addons.mozilla.org
[2011/04/27 19:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/29 17:05:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/23 08:03:40 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/08/29 17:05:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/04/21 23:43:45 | 000,001,949 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883}
http://content.systemrequirementslab.co ... 1.71.0.cab (SysInfo Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11415d77-0c69-11df-9cbd-00248cf86ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{11415d77-0c69-11df-9cbd-00248cf86ab2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/04/27 19:26:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/22 01:27:34 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/22 01:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/21 23:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/04/21 23:00:40 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\AppData\Roaming\Malwarebytes
[2011/04/21 22:58:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/21 22:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/21 22:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/21 22:58:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/21 22:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/08 16:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/04/08 16:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/04/01 07:23:32 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2011/04/01 07:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
[2011/04/01 07:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Expat Shield
[2011/03/30 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\McAlpine\Desktop\Artistic Muses
========== Files - Modified Within 30 Days ========== [2011/04/27 20:01:40 | 000,056,213 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/27 20:01:40 | 000,056,213 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/27 19:59:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 19:59:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 19:58:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 19:58:53 | 3219,570,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 19:51:25 | 000,613,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 19:51:25 | 000,108,176 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/27 19:41:14 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3813002812-403067811-3136601845-1000UA.job
[2011/04/27 19:39:31 | 000,422,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/22 04:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3813002812-403067811-3136601845-1000Core.job
[2011/04/22 01:27:34 | 000,001,954 | ---- | M] () -- C:\Users\McAlpine\Desktop\HiJackThis.lnk
[2011/04/21 22:58:50 | 000,000,936 | ---- | M] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/21 22:58:50 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 12:30:37 | 000,031,232 | ---- | M] () -- C:\Users\McAlpine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:15:35 | 000,008,592 | ---- | M] () -- C:\Users\McAlpine\AppData\Local\d3d9caps.dat
[2011/04/01 09:57:31 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/04/01 07:29:50 | 005,807,264 | ---- | M] () -- C:\Users\McAlpine\Desktop\HSS-1.57-install-anchorfree-76-conduit.exe
[2011/03/31 14:51:02 | 000,000,876 | ---- | M] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/31 14:51:02 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/31 11:50:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMcAlpine.job
========== Files Created - No Company Name ========== [2011/04/22 01:27:34 | 000,001,954 | ---- | C] () -- C:\Users\McAlpine\Desktop\HiJackThis.lnk
[2011/04/21 22:58:50 | 000,000,936 | ---- | C] () -- C:\Users\McAlpine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/21 22:58:50 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/01 07:29:41 | 005,807,264 | ---- | C] () -- C:\Users\McAlpine\Desktop\HSS-1.57-install-anchorfree-76-conduit.exe
[2011/03/31 14:51:02 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/31 14:51:02 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/30 23:20:16 | 000,207,001 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/01/30 23:20:16 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/01/30 22:06:16 | 000,206,997 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/11/12 16:52:10 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/03 22:50:08 | 000,000,096 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\fusioncache.dat
[2010/09/11 22:15:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/11 15:43:19 | 000,056,213 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/09/11 15:43:19 | 000,056,213 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/09 20:23:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/27 21:29:58 | 000,008,592 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\d3d9caps.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/11 23:24:34 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/05/11 23:24:34 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/05/11 23:24:34 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/05/11 23:24:34 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/05/11 23:24:34 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/05/11 23:24:34 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/05/11 23:24:34 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/05/11 23:24:34 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/05/11 23:24:34 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/05/11 23:24:34 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/05/11 23:24:34 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/05/11 23:24:34 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/05/11 23:24:34 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/05/11 23:24:34 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/05/11 23:24:34 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/05/11 23:24:34 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/03/31 19:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2010/02/05 13:34:47 | 000,065,329 | ---- | C] () -- C:\Program Files\Sec
[2009/09/25 12:36:18 | 000,009,814 | ---- | C] () -- C:\Users\McAlpine\AppData\Roaming\wklnhst.dat
[2009/09/18 15:04:38 | 000,031,232 | ---- | C] () -- C:\Users\McAlpine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/18 13:34:37 | 000,008,704 | ---- | C] () -- C:\Windows\System32\scsprembt.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/05/18 15:36:28 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/18 15:36:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/18 15:06:49 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/05/18 15:06:49 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,422,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,613,476 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,176 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ========== [2009/10/22 01:16:23 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\GetRightToGo
[2010/01/18 00:51:12 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\Kybtec Software
[2010/01/18 00:50:44 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\MipKukSoft
[2010/08/29 17:18:23 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\OpenOffice.org
[2009/09/18 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\PictureMover
[2010/09/11 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\SystemRequirementsLab
[2009/09/25 12:48:34 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\Template
[2010/03/22 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\TP
[2009/11/02 12:33:48 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\W Photo Studio
[2009/11/02 12:27:25 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\W Photo Studio Viewer
[2009/11/02 12:28:20 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\Walgreens
[2009/12/29 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\WinBatch
[2009/10/08 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\McAlpine\AppData\Roaming\Windows SideBar
[2011/04/27 19:58:07 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >
Please note that I did have some trouble with the first Scan you requested. It ran through part of the process, and then froze completely to the point I had to restart the computer. I ran the same scan again, once rebooted, and the first portion is from the 2nd try of that scan. When I did the Quick Scan, it also froze for a few minutes, but then corrected itself-->the results which I have included.