Unable to remove Trogan.Agent svchost.exe with Malwarebytes

going to rack out, but tomorrow I'll start back with the aforementioned instructions and post the appropriate logs. big thanks and deep bows for your help. I promise I will donate tomorrow (though I know it is not necessary)

OTL log from this morning

OTL logfile created on: 7/5/2012 7:41:11 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\cdogg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 71.78% Memory free
14.99 Gb Paging File | 12.59 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 803.45 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
Drive D: | 7.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.94% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 249.21 Gb Free Space | 83.62% Space Free | Partition Type: FAT32

Computer Name: MOTHERSHIP1 | User Name: cdogg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 07:40:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
PRC - [2012/07/04 21:04:46 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/07/04 21:04:45 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\cdogg\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccsvchst.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/12 15:01:11 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/07/15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/07/07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/04 21:04:49 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/07/04 21:04:45 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/06/01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
MOD - [2010/06/01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll
MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/04 21:04:46 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/06/12 06:57:50 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2012/03/25 23:36:12 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/14 12:47:00 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 17:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/22 16:48:31 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/05/02 07:55:44 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 02:28:34 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 02:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/01/13 15:08:57 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:27:56 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/01/16 13:58:08 | 000,022,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\T2Fltr.sys -- (T2Fltr)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/30 10:53:58 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VJoystick.sys -- (VJoystick)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/10 04:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/05/15 03:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/01/23 16:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 16:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2012/07/04 20:49:28 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.017\ex64.sys -- (NAVEX15)
DRV - [2012/07/04 20:49:28 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.017\eng64.sys -- (NAVENG)
DRV - [2012/07/03 22:19:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120704.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/05/30 23:14:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 BC 3B AA 72 DA CB 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 BC 3B AA 72 DA CB 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 42 9A 68 FD 59 CD 01 [binary data]
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

OTL part 2

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/02 08:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/07/05 07:05:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/21 12:57:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/07/04 21:04:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 12:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/03 00:00:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/21 12:57:43 | 000,000,000 | ---D | M]

[2011/04/23 15:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Extensions
[2012/07/04 23:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions
[2012/05/18 20:43:14 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/05/27 14:42:33 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\appbar@alot.com
[2012/05/27 14:41:47 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\plugin@videofiledownload.com
[2011/05/13 09:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/13 09:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012/05/21 12:57:43 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/04 21:04:45 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2304157
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: VideoFileDownload = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl\1.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/07/04 23:17:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found
O2 - BHO: (VideoFileDownload) - {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files (x86)\OApps\bho_project.dll (VideoFileDownload)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000..\Run: [Akamai NetSession Interface] C:\Users\cdogg\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D254D2-1360-493F-8C98-4BA78C645981}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/05 07:33:04 | 000,000,000 | -HS- | M] () - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012/07/05 07:37:44 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 07:40:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
[2012/07/05 07:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/07/05 07:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/07/05 07:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012/07/04 23:34:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/04 23:19:31 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\AVG Secure Search
[2012/07/04 23:18:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/04 21:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/04 17:43:39 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\RK_Quarantine
[2012/07/04 17:17:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/04 17:15:31 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\tdsskiller
[2012/07/04 17:14:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\cdogg\Desktop\aswMBR.exe
[2012/07/04 15:12:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/04 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Roaming\HPAppData
[2012/07/04 08:41:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/04 08:41:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/04 08:41:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/04 08:37:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/04 08:33:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/04 08:26:52 | 004,571,247 | R--- | C] (Swearware) -- C:\Users\cdogg\Desktop\ComboFix.exe
[2012/07/03 22:20:58 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Roaming\Malwarebytes
[2012/07/03 22:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/03 22:20:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 22:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/03 22:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/03 20:27:04 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/07/03 20:27:01 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/07/03 20:27:01 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/07/03 20:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/07/03 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/03 20:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/03 20:25:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/03 20:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/07/03 18:13:33 | 000,000,000 | ---D | C] -- C:\8973daadc5ee177a10a1
[2012/06/24 11:31:46 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6F6C4472-9867-469B-BD19-EEAFB50D65FC}
[2012/06/24 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{3F1F5EC3-D9B6-4F7F-B274-EE8FCD9FF326}
[2012/06/24 10:38:08 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/24 10:30:16 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{A9DA36BB-8E18-4A68-B18E-72C6AC5E4622}
[2012/06/24 10:30:07 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{A0261B66-7107-4D63-A43A-674735BAEA7B}
[2012/06/24 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{DA2E36D8-3290-48C7-9DB0-AC57047F00F2}
[2012/06/24 10:29:48 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{14223F85-F2A5-423D-BBDB-07E5911BDECD}
[2012/06/24 10:29:38 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{4ACE3DB2-2F6E-4844-B089-9F9D3A8E3695}
[2012/06/24 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{B84F3D9E-17F9-4077-A9F4-4C6178337CEE}
[2012/06/24 10:29:09 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{996F26B0-BCD4-419C-AA95-C917650D4070}
[2012/06/24 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{26E0C199-863D-4834-9545-C63BBB59E3D0}
[2012/06/24 10:28:50 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{1E512A57-A1FE-4F03-9602-1C34799EA9C7}
[2012/06/24 10:28:41 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{810F3454-77CF-4CEE-870F-7F72B1401ADB}
[2012/06/24 10:28:32 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{8C293ACF-6298-4947-9758-1D6DC39FDAA2}
[2012/06/24 10:28:12 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{7B8B9561-CBCD-4ACF-A348-A8A107D143DB}
[2012/06/24 10:26:52 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{4DA0D27D-E643-47BD-B792-9DC632EF8B35}
[2012/06/24 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{D03F2C5E-C69E-4CC3-AD8E-F3F63C78F861}
[2012/06/24 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6F98346C-15B0-4AFE-95A8-67C0C16EAD37}
[2012/06/24 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{0DA02574-F956-43DE-BBE1-71DE828D4464}
[2012/06/24 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{E69D1D9C-556A-4513-BC5B-17547717D8E8}
[2012/06/24 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{95EFAD8B-DD59-4BC6-B6AF-1F9DFFF6D059}
[2012/06/24 10:25:55 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6A4C0581-F508-4703-98B0-92A281352A20}
[2012/06/24 10:25:35 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{99822CDD-752A-4188-BDDB-8B81376A4C5E}
[2012/06/24 10:23:20 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{2A4F2857-0E1E-4C8C-BFD0-35A2EF6841E2}
[2012/06/24 10:23:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{8D34F3E6-D6FF-45E6-9DDB-9B65987F211C}
[2012/06/16 14:25:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Documents\Witcher 2
[2012/06/16 14:25:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\The Witcher 2
[2012/06/16 12:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2012/06/16 11:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Witcher 2
[2012/06/15 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\Ebay
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/05 07:40:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
[2012/07/05 07:37:09 | 000,823,346 | ---- | M] () -- C:\Users\cdogg\Desktop\USBVaccine.zip
[2012/07/05 07:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/05 07:33:46 | 000,796,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/05 07:33:46 | 000,671,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/05 07:33:46 | 000,126,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/05 07:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000UA.job
[2012/07/05 07:12:19 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 07:12:19 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 07:05:12 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/07/05 07:04:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/05 07:04:11 | 1743,347,711 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 00:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000Core.job
[2012/07/04 23:17:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/04 17:14:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\cdogg\Desktop\aswMBR.exe
[2012/07/04 17:13:16 | 002,116,179 | ---- | M] () -- C:\Users\cdogg\Desktop\tdsskiller.zip
[2012/07/04 16:21:55 | 004,571,247 | R--- | M] (Swearware) -- C:\Users\cdogg\Desktop\ComboFix.exe
[2012/07/04 14:24:26 | 565,692,061 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/03 22:20:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 20:26:44 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/03 20:26:44 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/03 09:15:17 | 000,774,394 | ---- | M] () -- C:\Users\cdogg\Desktop\zach rec.pdf
[2012/07/02 20:15:11 | 000,002,404 | ---- | M] () -- C:\Users\cdogg\Desktop\Google Chrome.lnk
[2012/07/01 15:41:25 | 000,003,721 | ---- | M] () -- C:\Users\cdogg\Desktop\ETS scheduling pdf.htm
[2012/06/16 12:28:35 | 000,790,278 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/16 12:17:23 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2012/06/15 00:44:18 | 000,430,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 07:37:07 | 000,823,346 | ---- | C] () -- C:\Users\cdogg\Desktop\USBVaccine.zip
[2012/07/04 17:13:10 | 002,116,179 | ---- | C] () -- C:\Users\cdogg\Desktop\tdsskiller.zip
[2012/07/04 08:41:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/04 08:41:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/04 08:41:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/04 08:41:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/04 08:41:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/03 22:20:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 20:26:44 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/03 20:26:43 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/03 20:26:29 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/07/03 09:15:17 | 000,774,394 | ---- | C] () -- C:\Users\cdogg\Desktop\zach rec.pdf
[2012/07/01 15:41:22 | 000,003,721 | ---- | C] () -- C:\Users\cdogg\Desktop\ETS scheduling pdf.htm
[2012/06/16 12:17:22 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2012/05/27 16:45:44 | 000,003,373 | ---- | C] () -- C:\Users\cdogg\test two with xfire unigine_20120527_1645.html
[2012/05/27 14:53:43 | 000,003,373 | ---- | C] () -- C:\Users\cdogg\test one unigine_20120527_1453.html
[2012/05/27 14:47:09 | 000,003,072 | ---- | C] () -- C:\Users\cdogg\AppData\Local\file__0.localstorage
[2012/05/22 16:52:39 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/05/22 16:52:39 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/05/22 16:27:59 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/05/22 16:27:59 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/05/22 16:21:57 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/05/21 13:10:24 | 000,208,672 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2012/05/21 13:10:24 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2012/05/21 12:53:27 | 000,173,199 | ---- | C] () -- C:\Windows\hpoins40.dat
[2012/05/21 12:53:27 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2012/05/02 22:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/20 13:10:23 | 000,030,002 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp20.html
[2012/01/13 14:58:32 | 000,028,607 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp56.html
[2012/01/13 14:57:47 | 000,001,955 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp1.html
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/29 11:26:04 | 000,028,160 | ---- | C] () -- C:\Users\cdogg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/19 11:16:36 | 000,001,940 | ---- | C] () -- C:\Users\cdogg\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/23 15:37:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/12 19:11:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/12 15:40:36 | 000,000,093 | ---- | C] () -- C:\Users\cdogg\AppData\Local\fusioncache.dat
[2011/02/12 15:38:36 | 000,790,278 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/12 15:00:16 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/02/12 13:06:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/02 01:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/03/08 17:53:33 | 000,000,003 | ---- | C] () -- C:\Users\cdogg\My Documentslang.ini

========== LOP Check ==========

[2011/02/12 19:35:40 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Belkin
[2012/03/19 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\ChessBase
[2011/05/19 11:42:38 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\FileZilla
[2012/03/03 11:37:21 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Garmin
[2012/05/20 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\TeamViewer
[2011/03/18 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\The Creative Assembly
[2011/03/11 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Tific
[2012/01/29 23:07:44 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\TuneUp Software
[2011/02/12 15:40:41 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Turbine
[2011/03/04 09:46:13 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Win7codecs
[2012/06/02 19:24:43 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
< End of report >

OTL Extras

OTL Extras logfile created on: 7/5/2012 7:41:11 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\cdogg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 71.78% Memory free
14.99 Gb Paging File | 12.59 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 803.45 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
Drive D: | 7.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.94% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 249.21 Gb Free Space | 83.62% Space Free | Partition Type: FAT32

Computer Name: MOTHERSHIP1 | User Name: cdogg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0033750A-00EE-46C5-BB2E-AFE2938EA091}" = lport=138 | protocol=17 | dir=in | app=system |
"{08F5FAF5-3960-4AEA-A723-483273EE988D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C245F6D-DEEA-4420-B2A4-68AA24902607}" = lport=139 | protocol=6 | dir=in | app=system |
"{12F216B3-5594-4E8A-84AE-04AF096FCB64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1A4B06EE-64B9-4F23-8B19-47365F46BEDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{206174B1-7B82-4733-817F-5841364B6E9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{32F28A25-EC37-434A-B32F-2E9B72E64E06}" = rport=445 | protocol=6 | dir=out | app=system |
"{340A8656-7AE5-4A6B-B568-99FE75296962}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3448676D-C2F0-4DE5-9EE7-2DC5100A8102}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C81798E-525A-4E8A-B068-80CB0DD4CEB9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{421D1689-D0E8-4721-B7C5-20C18C95F53A}" = lport=445 | protocol=6 | dir=in | app=system |
"{42D265BD-F389-482A-9C69-E8AE1D50AD67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5003A548-B448-4D14-894F-5824996C2901}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51CDF072-2FC6-407F-8098-2C140F1A94AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{737D3E1F-E747-4360-BAAD-40E4AA09CF8C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8F468B9E-99B7-404E-848A-16425BAD3501}" = rport=139 | protocol=6 | dir=out | app=system |
"{910D6FD4-B6AB-4D63-93C6-F0CD16424522}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9F5F3969-3271-4C56-8DC5-04713DCE69FD}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A354DCC6-A103-4878-BFFE-4F9AFEA7B150}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA601A61-B257-49F0-866A-B97D8EC55461}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AB054356-8935-4842-B343-7ACD0584735E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B6A369A1-6481-4B3D-A44C-79F371486D19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF7613EA-7DF0-49F7-8AAA-085D45EFF4C8}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{C0A55FCE-8845-4A99-89C6-610AEA7D0F96}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D55A24BD-956E-4AC0-BA20-80DD810E36FA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DF98E61E-A357-496A-A06A-57FF257E699C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E24911DF-119C-48C7-A80D-AE82AC1FE043}" = rport=138 | protocol=17 | dir=out | app=system |
"{F355526D-F8E2-4909-A387-0CBBB1B2B5C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034A5725-01E2-4990-89AD-7947446BE76F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{090C55AA-44EB-4BF4-A067-807B2D01A3DA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{0CB76765-03E5-4212-851A-B2D0336AB3F6}" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\temp\7zs681b\hppiw.exe |
"{113298C4-9340-4806-ACFD-E71FEFAAC2DF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{1168B419-BB30-4D4D-9AA7-26C7AA63BE1D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{143961A3-D582-422E-8509-A1CC309B0DE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1F8BE0D4-9FC5-4ED8-8BA5-7F1844AFB480}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{22CA6DB2-0AA4-43B9-926E-6B799E6F2154}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{258FCE23-1732-4500-83CA-8149DD241591}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{2A0A26C7-8082-4CD7-8FB9-4BF0878E5298}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2EBDEF2A-0630-4760-B5AE-BDDC75D1E0DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{36AD416D-7EC6-4E03-BC07-1939DB1507EE}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3DE5519A-A646-4E45-B028-CC0A72632160}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3F587ED6-8AC1-4849-A3F8-8C3E925F1D72}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{40CF9A73-7CCA-48FB-862A-F65C41C5BD9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{432C9D38-02AC-4279-A3E5-F7E20B3AFA36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{44093A77-FCC9-4325-897B-A1736C2FE38E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4788C395-027D-4C43-B8F9-9DC88ECA3D69}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{49E26066-DFDE-435D-8BE5-375245C80965}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{4AB06E50-1B66-41E2-BFA1-E81D44A149E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{563E539E-EE05-4CB2-88B7-1CEE93E3A3B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{574C8642-9861-46F9-8FF2-AA3E83622630}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5BBE3FA2-0DC0-4836-BC78-5758AFAC8C3A}" = dir=in | app=d:\setup\hpznui40.exe |
"{5CF665CD-EF6C-4626-9A9A-EAF46247C565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5E352939-D175-4F09-AD87-FB40CF98F013}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{60760BAC-0451-42A0-9700-DF0512678FF9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{64923F2D-C848-45B7-8382-9EDA44EE9F39}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{666E1851-6530-46F4-BEA9-D9E330E70CEE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{6B9F84DF-6D21-4D17-999A-05407AF7938B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{6C9161AC-F9EC-4327-A24D-55B26588C2AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{713EDD61-7B5D-41C1-BA7F-DEBDC3469A42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{726B479E-5F61-4937-A430-D70C3CED3220}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{77205D41-14F8-4664-826A-215940693054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AF13FC1-398C-486C-B631-1BBF91606009}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7B2F2C32-5C13-4439-8960-D582FD2617F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{8379370A-4747-454A-A718-26954116BDBA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{839E3C8D-246A-4A6C-B121-152A0770011D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{84643AF5-985A-4417-B180-70D5073AA005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86E354A1-896F-4BD7-B042-2CBE7ED3215B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C558697-D5B8-4D57-968A-96151D935522}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{8DB26C6D-411C-4BF0-BD94-296079F9FD23}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{9A26B0A4-AA51-4A16-9715-C3A561C14DCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A7F85F8-F6D7-427F-994F-0796E8F284DC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{9B44295A-29F4-482B-83B4-801B13744D0F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{9D58B0E5-7998-47FC-8282-4C27F8671B9D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{A101EC72-710B-4679-9CE1-6EBE746C4A35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A647E5B2-1F56-4674-A960-038423FDAF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8136A3F-F666-4BE3-9CA9-4810A2EA0045}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A9CD48EA-8FC6-4ECF-B535-DE0C2CBF7438}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AA868EC1-9F5F-4126-887E-1411A91320C3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B334F282-4E34-449F-9CC6-A0B0714DFD62}" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\temp\7zs681b\hppiw.exe |
"{B4DB5119-1FBA-4E8F-AC37-5A40C5CF9541}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6291112-9279-4FE5-B02C-38A3FBA5D7A4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BADBE6C7-1B95-40E2-B500-F5F2DA10F04C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC6CDA11-1B9C-4A44-8D8D-6EB66A00DB3E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D07C8D38-CA11-4390-A7ED-B1D74A7EC618}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8E58190-40E5-4EF7-8A3A-47F8B95C8678}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DA6731B6-CC17-4A36-A0FF-B660BEAE5FD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E037FE8F-7811-46A4-822B-19B7F962E38B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E33E9C29-D116-499D-BD32-7FAEA7AA24DF}" = protocol=6 | dir=out | app=system |
"{E5A00B13-E033-447C-9689-ADBA574A2073}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F18BF587-0E00-4383-9D33-711A9859844C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F71D8C7A-5363-4016-8B58-5CB70E18530E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{F79299CF-4DBE-4921-AE8C-468929D5FAEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1350AB2C-D2FB-4EB4-87BF-E485BB3DD43E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{1D919A8F-C21B-44AF-A0C8-4866265BFDA3}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{92BC4AB5-CA72-4058-84A5-DDB0A424FD1D}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{C223AB9C-FD93-462D-A17A-D3CF15A98A0B}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E310B7FE-B93C-412F-B420-2621CADD7D60}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3B0854B9-66F3-45C3-9667-2085A635C3B4}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{97FBFD63-7F5A-4D8D-B4DE-60365680BCF9}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B2F16716-5138-4D8D-B55F-2CDE3168F663}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{D63A2736-7977-4354-9255-B4C96C2417EF}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
"UDP Query User{FC3A1435-459C-4AB2-A060-A5FA0B0190D1}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"88C277C6E63CBDAF35A096E80A5B97A29A619D3A" = Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"WhoCrashed_is1" = WhoCrashed 3.03

Extras Part 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.2
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{375B0ACB-49BA-463E-96D0-E95F994DF594}" = AMD OverDrive Beta
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3FB61967-FF66-43B6-89F9-DF15FD9F3015}" = Razer Nostromo
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{49C5BD36-F5B9-4E6A-9DC1-04818B9D55E3}" = Razer Nostromo Firmware Updater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4ED980CB-C288-6A80-A3EA-AEECC543058B}" = Application Profiles
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"alotAppbar" = ALOT Appbar
"AVG Secure Search" = AVG Security Toolbar
"CameraUserGuide-PSELPH100HS_IXUS115HS" = Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
"CameraUserGuide-PSELPH300HS_IXUS220HS" = Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diablo III" = Diablo III
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.4.0
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"N360" = Norton 360 Premier Edition
"PhotoStitch" = Canon Utilities PhotoStitch
"SMH10 Manager" = SMH10 Manager 1.3
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Steam App 440" = Team Fortress 2
"The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition version 3.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"vfd-adk" = VideoFileDownload
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/3/2012 10:13:14 AM | Computer Name = mothership1 | Source = VSS | ID = 8194
Description =

Error - 7/3/2012 8:28:36 PM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002df85 Faulting process
id: 0x1e98 Faulting application start time: 0x01cd597a085aeca1 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 3167bbbb-c56f-11e1-a033-bcaec5297ea8

Error - 7/4/2012 12:45:18 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bc60f Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x057afce4 Faulting process id: 0x16fc Faulting application
start time: 0x01cd599d454a0620 Faulting application path: C:\Windows\SysWOW64\NOTEPAD.EXE
Faulting
module path: unknown Report Id: 0da3dbf6-c593-11e1-a71b-bcaec5297ea8

Error - 7/4/2012 9:42:31 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 0.0.0.0, time stamp:
0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16446, time stamp:
0x4fb58407 Exception code: 0xc00000fd Fault offset: 0x002b8839 Faulting process id:
0x10c8 Faulting application start time: 0x01cd59e4e8f961fb Faulting application path:
\\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 19dac301-c5de-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 10:07:16 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16446, time
stamp: 0x4fb57f7f Exception code: 0xc0000005 Fault offset: 0x0005d082 Faulting process
id: 0xf9c Faulting application start time: 0x01cd59eb26b21cbe Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report
Id: 8f464af3-c5e1-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 10:41:37 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: wmploc.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4ce7ba86 Exception code: 0xc0000005 Fault offset: 0x68ede474 Faulting process
id: 0x20fc Faulting application start time: 0x01cd59ee8f08d12c Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: wmploc.dll Report
Id: 5b49509b-c5e6-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 11:23:11 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: bho_project.dll, version: 1.0.0.1, time
stamp: 0x4fbbef1a Exception code: 0xc0000005 Fault offset: 0x00002e78 Faulting process
id: 0xdf8 Faulting application start time: 0x01cd59f6cf873a94 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\OApps\bho_project.dll Report Id: 29e013d3-c5ec-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 11:23:15 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: bho_project.dll, version: 1.0.0.1, time
stamp: 0x4fbbef1a Exception code: 0xc0000005 Fault offset: 0x00002e78 Faulting process
id: 0x39f8 Faulting application start time: 0x01cd59f8edd52177 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\OApps\bho_project.dll Report Id: 2c703e2e-c5ec-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 2:26:15 PM | Computer Name = mothership1 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 7/4/2012 3:15:13 PM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x3e316ea2 Faulting process id: 0x1214 Faulting application
start time: 0x01cd5a16fd35c9cc Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 94049ee7-c60c-11e1-886d-bcaec5297ea8

[ Media Center Events ]
Error - 2/14/2011 4:00:34 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 3:00:33 PM - Failed to retrieve NetTV (Error: Invalid security token.)

Error - 2/14/2011 4:01:38 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 3:01:38 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 2/14/2011 4:02:39 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 3:02:35 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 4/28/2011 9:01:02 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 9:00:57 PM - Error connecting to the internet. 9:00:57 PM - Unable
to contact server..

Error - 5/5/2011 7:49:51 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 7:49:51 AM - Error connecting to the internet. 7:49:51 AM - Unable
to contact server..

Error - 5/5/2011 7:50:01 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 7:49:56 AM - Error connecting to the internet. 7:49:56 AM - Unable
to contact server..

Error - 5/12/2011 11:51:14 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 11:51:10 PM - Error connecting to the internet. 11:51:10 PM - Unable
to contact server..

Error - 5/26/2011 11:08:08 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 11:07:47 PM - Error connecting to the internet. 11:07:47 PM - Unable
to contact server..

Error - 5/27/2011 12:08:13 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 12:08:12 AM - Error connecting to the internet. 12:08:12 AM - Unable
to contact server..

[ OSession Events ]
Error - 3/15/2011 4:55:24 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 96
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/16/2011 11:08:10 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2011 8:25:52 AM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/29/2011 2:51:19 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/22/2011 8:51:39 AM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/25/2012 9:51:43 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/10/2012 10:58:29 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/4/2012 11:17:43 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/4/2012 11:17:47 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/4/2012 11:17:53 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7034
Description = The ASUS System Control Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/4/2012 11:18:38 PM | Computer Name = mothership1 | Source = DCOM | ID = 10016
Description =

Error - 7/4/2012 11:43:35 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/4/2012 11:43:47 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/4/2012 11:44:35 PM | Computer Name = mothership1 | Source = DCOM | ID = 10016
Description =

Error - 7/5/2012 7:04:25 AM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/5/2012 7:05:09 AM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/5/2012 7:05:25 AM | Computer Name = mothership1 | Source = DCOM | ID = 10016
Description =


< End of report >

OTL log after fix

All processes killed
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :OTL> in the current context!
Error: Unable to interpret <• IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>> in the current context!
Error: Unable to interpret <• O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <• O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <• O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :Commands> in the current context!
Error: Unable to interpret <• [purity]> in the current context!
Error: Unable to interpret <• [emptytemp]> in the current context!
Error: Unable to interpret <• [emptyjava]> in the current context!
Error: Unable to interpret <• [emptyflash]> in the current context!
Error: Unable to interpret <• [Reboot]> in the current context!

OTL by OldTimer - Version 3.2.53.1 log created on 07052012_110609
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Security Check Log

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Security Toolbar
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Reader X (10.1.3)
Mozilla Firefox (3.6.14) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

FSS log

Farbar Service Scanner Version: 02-07-2012
Ran by cdogg (administrator) on 05-07-2012 at 11:15:34
Running from "C:\Users\cdogg\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

completed TFC. no log issued and no restart but did clean 880mb (?) of files.

And finally, the ETES log. I did not delete these as of yet, but here is the data.

C:\Updater.exe probably a variant of Win32/Adware.Virtumonde.JMIMDOZ application cleaned by deleting - quarantined
C:\Program Files (x86)\OApps\bho_project.dll Win32/Adware.Facetheme.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.07.2012_17.16.05\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.07.2012_17.16.05\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.07.2012_17.16.05\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.07.2012_17.16.05\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.07.2012_17.16.05\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.07.2012_17.16.05\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.07.2012_17.16.05\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.07.2012_17.16.05\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Default\aafgideoofancejjnncgplbhndgldklo\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\qxljsrqgab@qxljsrqgab.org.xpi JS/Redirector.NBX trojan deleted - quarantined

Okay, reran the OTL custom scan. Is this correct???


All processes killed
Error: Unable to interpret <• :OTL> in the current context!
Error: Unable to interpret <• IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>> in the current context!
Error: Unable to interpret <• O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <• O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <• O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :Commands> in the current context!
Error: Unable to interpret <• [purity]> in the current context!
Error: Unable to interpret <• [emptytemp]> in the current context!
Error: Unable to interpret <• [emptyjava]> in the current context!
Error: Unable to interpret <• [emptyflash]> in the current context!
Error: Unable to interpret <• [Reboot]> in the current context!


OTL by OldTimer - Version 3.2.53.1 log created on 07052012_225054
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Disregard last post. Sorry, now I see the error. I copied the Custom Fix from the email (which inserted bullets). When I came to the techspot site and saw the original post, it clearly didn't have those. Here's the proper OTL Custom Fix Log

All processes killed
========== OTL ==========
HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: cdogg
->Temp folder emptied: 1583358 bytes
->Temporary Internet Files folder emptied: 12222116 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69176 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: cdogg
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Owner

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: cdogg
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07052012_225953
Files\Folders moved on Reboot...
C:\Users\cdogg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{58BB0281-BA98-4BA8-8FED-5DD5F430CF81}.tmp not found!
File\Folder C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8A88620C-DE3D-4AC8-ABF3-2EA8E6ED789D}.tmp not found!
File\Folder C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9B399C45-90D6-4044-9CBF-61120017811E}.tmp not found!
File\Folder C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CE282226-0EB8-4476-AFE4-8A5F6EB1E859}.tmp not found!
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORJKJUAE\displayad[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNO6HLXJ\partner[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNO6HLXJ\partner[2].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGP6B2L7\billboard[3].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGP6B2L7\billboard[4].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGP6B2L7\displayad[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGP6B2L7\si[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\bizo_multi[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\index[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\net[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\page-3[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\VOLPortalLogin[1].htm moved successfully.
PendingFileRenameOperations files...
File C:\Users\cdogg\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{58BB0281-BA98-4BA8-8FED-5DD5F430CF81}.tmp not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8A88620C-DE3D-4AC8-ABF3-2EA8E6ED789D}.tmp not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9B399C45-90D6-4044-9CBF-61120017811E}.tmp not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CE282226-0EB8-4476-AFE4-8A5F6EB1E859}.tmp not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORJKJUAE\displayad[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNO6HLXJ\partner[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNO6HLXJ\partner[2].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGP6B2L7\billboard[3].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGP6B2L7\billboard[4].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGP6B2L7\displayad[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGP6B2L7\si[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\bizo_multi[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\index[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\net[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\page-3[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51Y4MU4B\VOLPortalLogin[1].htm not found!
Registry entries deleted on Reboot...

ps, made a small donation finally. again, thank you for your continued help and support weeding through this malware issue. stellar work and attention to detail.

new restore point OTL log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: cdogg
->Temp folder emptied: 600631 bytes
->Temporary Internet Files folder emptied: 9383906 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26953 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: cdogg
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: cdogg
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Owner

User: Public

Total Java Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code -2147212542

OTL by OldTimer - Version 3.2.53.1 log created on 07052012_234536
Files\Folders moved on Reboot...
C:\Users\cdogg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{15E3CB0E-81EE-4137-A096-93A63D771BD5}.tmp not found!
File\Folder C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{21C31C47-3E21-4652-BCA7-A9D744145921}.tmp not found!
File\Folder C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A7F31016-C530-42B3-AEED-6ADFA4F22A06}.tmp not found!
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39HLYCU0\billboard[1].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39HLYCU0\billboard[2].htm moved successfully.
C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39HLYCU0\page-3[1].htm moved successfully.
PendingFileRenameOperations files...
File C:\Users\cdogg\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{15E3CB0E-81EE-4137-A096-93A63D771BD5}.tmp not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{21C31C47-3E21-4652-BCA7-A9D744145921}.tmp not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A7F31016-C530-42B3-AEED-6ADFA4F22A06}.tmp not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39HLYCU0\billboard[1].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39HLYCU0\billboard[2].htm not found!
File C:\Users\cdogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39HLYCU0\page-3[1].htm not found!
Registry entries deleted on Reboot...

things are good. the music/ads have stopped. no malware hits from malwarebytes. seems faster. there were some residual issues with Java and old Microsoft things not loading, but I was able to uninstall and reinstall and everything seems to be working swimming now. I am quite pleased. thanks again. I've bookmarked the site in case of future issues, but I also read the "how did I get infected" file so hopefully it will be quite some time before I need help again. all the best. cheers, craig